Posted: Thu Feb 03, 2022 16:22 Post subject: OpenVPN reconnects only after reboot router
Hello everyone,
so i have a Linksys 3200acm Firmware: DD-WRT v3.0-r48141 std (01/21/22) everything works fine now but when OpenVPN gets disconnected it doesnt automatically reconnect. I than have to reboot my linksys router manually to reconnect. I am forwarding my traffic to ISP router. I have a static routing on ISP router to subnet of my Linksys VPN router and static IP on WAN port on Linksys.
is there a command that can reboot router after 5 min of no successful connection to VPN? or any other method i can implement to not have to reboot router manually every time OpenVPN gets disconnected?
Joined: 18 Mar 2014 Posts: 13650 Location: Netherlands
Posted: Fri Feb 04, 2022 7:18 Post subject:
In the OpenVPN client setup guide are some tips to mitigate disconnections but often that is not enough and running a watchdog script is then the next step
@eibgrad and I are currently working to incorporate a watchdog in DDWRT as it is a fairly common problem with numerous providers (see picture).
In the mean time use one of the scripts @bushant already pointed to
Joined: 18 Mar 2014 Posts: 13650 Location: Netherlands
Posted: Fri Feb 04, 2022 14:03 Post subject:
Yeah I personally also have no connection problems, it seems dependant on provider and also on used servers, some are more busy than others.
But it is not a big problem to add it to the GUI.
Also on the Server side there will be a GUI option to NAT incoming VPN traffic for easier access to LAN clients on the servers subnet.
(Although I prefer to tweak the firewall of the Local LAN clients which you want to have access so that the VPN clients do not have access to everything which is the downside of that rule) _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Joined: 16 Nov 2015 Posts: 6868 Location: UK, London, just across the river..
Posted: Fri Feb 04, 2022 14:20 Post subject:
i guess if you ping 9.9.9.9 that frequently they may put you in a block list...
but yep watchdog via GUI is an useful extra..
to be honest i ve 30+ days using the same VPN server and never had a drop, so apart of local client config is to a VPN provider too, i guess..
those advanced OpenVPN commands help too
reneg-sec 0
keepalive 10 120
server-poll-timeout 10
remote servername or ip port
on the last command you have to add your server details and port...
you can use the GUI option for multiple preferred servers for that now, thanks to egc...
p.s. edited: set reneg-sec 14400 ,as with 14400 it helps to keep alive, I don't use 0 anyway.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 58184 WAP
TP-Link WR1043NDv2 -DD-WRT 61745 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 61745 Gateway/DoT,Forced DNS,AP Isolation,2VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 61745 Gateway/DNSCryptv2,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 61711 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Dynalink DL-WRX36-DDWRT 61745
Broadcom
Netgear R7000 --DD-WRT 61745 Gateway/DNScrypt-proxy2/AD-Block,IPset Firewall,Forced DNS,x4VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Sat Feb 05, 2022 1:01; edited 2 times in total
What this does is create a DNS record where with each reference it returns the next IP in the list, so you don't just keep accessing the same IP and risk being banned. I've purposely scrambled it so it's more unlikely you'd access the same provider in sequence (e.g., 8.8.8.8, then 8.8.4.4).
It's NOT that I've had an issue w/ being banned, but it has been something I'm aware of as a possibility, and so preemptively I've implemented the above whenever and wherever feasible to minimize that risk.
I have found that pinging something on the other end of the tunnel is more accurate for sensing issues on the tunnel. And detect Internet issues independently of VPN issues.
My script is here. Feel free to incorporate any elements that would be helpful into the GUI OpenVPN Watchdog @egc and @eibgrad
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1256142#1256142 _________________ --------------------------------------------------
VLANs, port trunking, virtual SSID (Guest)
DNSmasq, NTP, syslog, nflow
Hub and spoke, multi-site, routed VPN (OpenVPN client), split tunnel
1 DNS zone per site, forward, reverse look-up across all sites
Asus RT-AC68U rev A2 DD-WRT v3.0-r48138 std (01/17/22)
Asus RT-AC68U rev C1 DD-WRT v3.0-r48138 std (01/17/22)
Asus RT-AC1900P DD-WRT v3.0-r48138 std (01/17/22)
Asus RT-AC1900P DD-WRT v3.0-r48138 std (01/17/22)
Netgear R7000 DD-WRT v3.0-r48138 std (01/17/22)
Linksys E2000 DD-WRT v3.0-r33492 mega (10/10/17)
What this does is create a DNS record where with each reference it returns the next IP in the list, so you don't just keep accessing the same IP and risk being banned. I've purposely scrambled it so it's more unlikely you'd access the same provider in sequence (e.g., 8.8.8.8, then 8.8.4.4).
I was considering using this for the wireguard watchdog. I came across some other info that recommended using address=/myhost/8.8.8.8, address=/myhost/4.2.2.1, etc, instead which seems to operate the same way. I don't know which code is "better". I did have a question about this, does adding all this to dnsmasq require any other settings to achieve a "round-robin" effect or random selection of "myhost"? Running <ping myhost> from the router CLI seems to select the same server after executing the command 10 times. So, do I need to do something else? By the way, some of the addresses in your code did not get a ping reply so I edited them out.
