[Jord9857]

sorry, I've selected WiFi channels now - was worry to do so as other factors in place like AP's, DNS started leaking after changing some settings too but seems ok on channel 5 & 100 now

Compression is set to No, Additional Config only has verb 5, Watchdogs are disabled apart from the OpenVPN one as suggested so will keep an eye and grab logs when it happens again

Considering to upgrade and re-configure, is there a thorough guide for the other settings non OpenVPN related please? Already have the guide for the OpenVPN client & server settings

[Jord9857]

Hi, here we go - got the logs, so the router was fine at about 11pm (23:00), connected to it this morning about 7:30ish... No internet, after about 5/10 minutes or so, it then sorted itself out (quicker than normal)

[Alozaros]

looking at the log, it looks like watchdog is working and its doing its job..i only don't understand why, its trying the same se520.nordvpn.com server again, as its it down for some odd reason..and yes VPN providers tend to do that, in order to relieve their servers overloads...its just a bad VPN practice..
and then after few try's it seems its is successful, whit the next server that is operational se515.nordvpn.com ...
To be honest, my VPN provider is not that bad, but with a risk to insult the VPN gurus and developers...i don't use the GUI option for multiple server choice..nor i use the GUI keep alive

i know, i shouldn't use advanced VPN commands with no reason, but im an old school guy, if its working its working.. i still use the old way, as well i do have some lines to prevent ISP DNS use, or DNS6 or any ipv6 routes, so resolving hosts is more independent...

I have those in advanced VPN box
ill put a little explanation for what each line does

verb 5 - this specifies the log
pull-filter ignore "dhcp-option DNS" - this will ignore VPN DNS and will use DNSmasq DNS resolving inside the VPN
pull-filter ignore "dhcp-option DNS6" - same as above but disables IPv6 DNS
pull-filter ignore "ifconfig-ipv6" - ignores any ipv6
pull-filter ignore "route-ipv6" - ignores any ipv6 router
pull-filter ignore "redirect-gateway ipv6" - ignores any ipv6 gateways
keepalive 10 120 - keeps servers pinged
reneg-sec 12000 - this specifies time for cypher negotiation
server-poll-timeout 10 - this gives 10 sec time out if server goes down, before to try the next server inline
remote server IP or name port - those are the next servers you want to use
remote server IP or name port

the last will look like
remote se520.nordvpn.com 1994 -- or any port you use

but, let see what the other gurus will say, im also interested to learn..and find out...
the log seems to be showing you have been connected at last...

[Jord9857]

Yeah the openvpn watchdog done its job when there was no internet because it retarted the openvpn and had internet again after 5/10 minutes (shown at the end of the log)

I've previously tried replacing the Nordvpn servers with other recommended ones but always seems to do this

Unless it has some sort of key expiry and at this moment in time it needed renewing with the Nord server?...

[Alozaros]

[egc]

Well unless you really know what you are doing stick to the GUI

In the GUI you can enter multiple NORD VPN servers which the router will try one after each other unless you enable random

Add the following to the Additional Configuration:

[dale_gribble39]

Visuals would be great. So we can see what the MTU settings are and other things. Don't need to see keys, but screenshots sure help diagnose what could be wrong.

[Jord9857]

[egc]

Maybe it is a general router/network problem and not related to VPN at all.

If all else fails consider resetting to defaults and rebuild manually, it gives you the time to carefully review all your settings.

That is the best advice I can give at this moment

[Jord9857]

[Jord9857]

Internet access lost again

[the-joker]

Ive taken the liberty to include the insanely huge inline logs into quotes, code blocks wont work since there's some PHP issue/limitation which breaks the initial closing bracket. At least in quotes/code blocks it makes it saner to look at.

On doing this triggered another forums bug that breaks the layout, Ive submitted a couple of fixes and waiting on them going live.

@Jord9857 Just a suggestion; would be nice that when logs are that long, instead attaching them as a text file to your replies, it makes following the threads much easier to read as opposed to the endless scrolling your large logs force everyone to go through.

Sorry for the noise.

PS: the layout fixes are now live.

[kernel-panic69]

Quick interject: either someone removed your forum fix for text box width,
or someone's post still made the format of the page askew, sir the-j0ker.

[Jord9857]

Just wondering if anyone had any ideas or suggestions since?

[eibgrad]

Based on the most recent syslog, which has the watchodog enabled, seems to me the tunnel is just failing for some unexplained reason. Once connected, it will run for at least an hour, then renegotiate the session key successfully, but eventually fail w/ the following message (which I've NOT seen before).

Jun 25 05:39:11 DD-WRT daemon.err openvpn[23098]: Read Udpv4 [Ehostunreach]: Host Is Unreachable (Code=148)

At that point, the tunnel seems borked, and eventually the watchdog detects it and reboots.

There's no obvious reason from the rest of the syslog to explain it. Seems more of a problem w/ the VPN provider. Some are known to kick off users when the server is overloaded, or down for maintenance. But this is a little different. The tunnel just stops working.

As an experiment, you might try using TCP rather than UDP (assuming NordVPN supports it). Maybe that will ensure both sides the connection is still valid (UDP, being connection-less, depends solely on timeout to detect the loss of a peer).

But overall, I don't see anything configured improperly here. All appearances suggest it's the VPN provider to blame.