Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Thu Jun 30, 2022 6:54 Post subject:
what i observed once, on a business line the ISP was blocking any UDP odd traffic...so games and VPN ware failing..and exactly like this, similar to your tun fail ISP was blocking UDP shortly for those used ports.. so try TCP for the VPN it will be ok..i guess.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Jun 30, 2022 7:06 Post subject:
I would indeed first try TCP4 as connection.
Quote:
I mean, the router itself it fine for me speeds etc and can't do anything about that, I can't get even get above 30mbps on my ISP router due to the distance to the cab so im not going to get any better speeds than i currently get
That set me thinking, is this routers connected wirelessly in Client mode to the main router over a long distance?
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Sat Jul 02, 2022 16:11 Post subject:
<off-topic>
Just wanted to take a moment to respond to previous off-topic commentary:
the-joker wrote:
Ive taken the liberty to include the insanely huge inline logs into quotes
-~~~~-
On doing this triggered another forums bug that breaks the layout, Ive submitted a couple of fixes and waiting on them going live.
-~~~~-
PS: the layout fixes are now live.
I must've completely missed your post when I interjected. Thank you for your diligence in making improvements, sir.
the-joker wrote:
@Jord9857 Just a suggestion; would be nice that when logs are that long, instead attaching them as a text file to your replies, it makes following the threads much easier to read as opposed to the endless scrolling your large logs force everyone to go through.
Agreed, and following this advice from page 1 of this thread would've also helped (quote edited to include link to site):
eibgrad wrote:
If it's particularly big, it might be better posted on PasteBin and provide a link.
Based on the most recent syslog, which has the watchodog enabled, seems to me the tunnel is just failing for some unexplained reason. Once connected, it will run for at least an hour, then renegotiate the session key successfully, but eventually fail w/ the following message (which I've NOT seen before).
Jun 25 05:39:11 DD-WRT daemon.err openvpn[23098]: Read Udpv4 [Ehostunreach]: Host Is Unreachable (Code=148)
At that point, the tunnel seems borked, and eventually the watchdog detects it and reboots.
There's no obvious reason from the rest of the syslog to explain it. Seems more of a problem w/ the VPN provider. Some are known to kick off users when the server is overloaded, or down for maintenance. But this is a little different. The tunnel just stops working.
As an experiment, you might try using TCP rather than UDP (assuming NordVPN supports it). Maybe that will ensure both sides the connection is still valid (UDP, being connection-less, depends solely on timeout to detect the loss of a peer).
But overall, I don't see anything configured improperly here. All appearances suggest it's the VPN provider to blame.
Hi, I tried TCP and TCP4 - didn't work even after applying the settings then rebooting (no internet access), switched it back to udp4 as per guide, and picked internet access back up
I mean, the router itself it fine for me speeds etc and can't do anything about that, I can't get even get above 30mbps on my ISP router due to the distance to the cab so im not going to get any better speeds than i currently get
That set me thinking, is this routers connected wirelessly in Client mode to the main router over a long distance?
If so maybe it is just the wireless connection dropping?
Hi, no both routers are connected over ethernet cable - ISP router doesn't drop or anything when this netgear router does
Hi, I tried TCP and TCP4 - didn't work even after applying the settings then rebooting (no internet access), switched it back to udp4 as per guide, and picked internet access back up
Hi, I tried TCP and TCP4 - didn't work even after applying the settings then rebooting (no internet access), switched it back to udp4 as per guide, and picked internet access back up
Did you use the same exact config and just change UDP to TCP? Most OpenVPN providers use different configurations between UDP and TCP, minimally requiring different servers and/or ports. IOW, in most cases, you can't just change the protocol from UDP to TCP and expect it to work.
After rebooting (trying these UDP to TCP changes) I'm getting this error in the logs, taking a guess it's to do with a CA Cert on the OpenVPN (not sure if it's the client or server one)
That's all well and good for what it is, but I wouldn't want to depend on it to be accurate indefinitely. Things do change. And that's 18 months old information (although I see @egc updated the OP's post in December of 2021).
After rebooting (trying these UDP to TCP changes) I'm getting this error in the logs, taking a guess it's to do with a CA Cert on the OpenVPN (not sure if it's the client or server one)
