Need help with 1900ACS V2 AND AirVPN

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
StraightPath
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 5

PostPosted: Tue Jan 25, 2022 16:07    Post subject: Need help with 1900ACS V2 AND AirVPN Reply with quote
Hey guys,
This is my first post. I need some help with my 1900ACS V2. I've got it setup in Client mode with my modem (https://wiki.dd-wrt.com/wiki/index.php/Client_Mode)

I also have it setup with the build from 01/16/2022. I have also tried earlier builds. I've got OpenVPN running on it using Air VPN as my VPN service provider.
I think I've got it setup correctly, because I have a 3200 ACM that's setup the same way (client mode, openvpn, airvpn) and it works very well.

Every 3 minutes or so, the 1900acs will disconnect and then take another 5-10 minutes to reconnect to the VPN again(sometimes never reconnecting) , after which again it disconnects after a few short minutes. I'm not sure whether this is due the VPN configuration settings I have setup, or if this is due to the router's connection to the modem in client mode. Again, I have the same setup with the 3200, yet the 3200 works flawlessly.

Please let me know what information/logs you need so I can share here.
Any help would be appreciated.
Sponsor
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1335
Location: Appalachian mountains, USA

PostPosted: Tue Jan 25, 2022 17:09    Post subject: Reply with quote
Let us know the build number. People use those rather than build dates here.

AirVPN has a limit of five connected clients, and when you turn off a router configured for AirVPN, it takes a minute or two for Air to notice and decrement the count. So if you are at the limit of five and disconnect the router, you'll need to wait a couple of minutes before reconnecting. You can watch all this at airvpn.org/sessions if you are logged in. (Aside: With modern browsers airvpn.dev is equivalent to airvpn.org but faster and with slightly improved security.)

Not clear what it means to use client mode with your modem. By your modem do you perhaps mean the ISP-provided combined modem/router? Is one of your dd-wrt wifi interfaces in client mode and connected to the ISP device? You connect your dd-wrt router to the ISP box over wifi rather than using an ethernet connection?

If that is your setup, there should be no particular problem with OpenVPN/AirVPN. I have a spare router set up that way, and the OpenVPN setup on it for AirVPN is exactly the same as on my primary router, and it works just as well. I have an older build (46816 May 2021) though, so YMMV.

In particular, as I've upgraded to newer builds over the past few years, I have needed occasional small tweaks to the AirVPN setup. In particular, when dd-wrt went from OpenVPN 2.4 to OpenVPN 2.5, there were important changes necessary. Is your 3200 that's working OK using the same dd-wrt build?

If so and the 3200 works, the 1900ACS should work also, unless its too hot. What sort of CPU temps are you seeing on the GUI/Status/Router page? My experience is that at 72C things are generally fine, but at 75C they may not be. This model router can get squirrelly if not kept cool. Many of us keep a USB-powered fan either on or under the router to blow air gently up through the case, which keeps the router happy with CPU temps in the 50's. Easy to test the idea with an ordinary room fan for cooling before shopping for a USB-powered fan.

If none of that seems to be getting close to the matter, can you share the OpenVPN client settings you have configured (appropriately sanitized, of course)? Best compare with the 3200 at the same time, to double check that the settings are identical.

_________________
4 Linksys WRT1900ACSv2 routers on 49081, 2 on 48141: VLANs, VAPs, NAS, client mode, OpenVPN client (AirVPN), DDNS, wireguard servers and clients (AzireVPN), three DNSCrypt DNS providers (incl Quad9) via VPN clients.
StraightPath
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 5

PostPosted: Tue Jan 25, 2022 19:19    Post subject: Reply with quote
Hey there,
Thank you for chiming in! As for the build number, it's 48128 (DD-WRT v3.0-r48128 std 01/16/22)

I've got, at most 2 clients connected to each router. Typically only one per router, so we should be good there.

Correct, by modem I mean my ISP-provided combined modem/router. Said ISP modem/router is connected to my dd-wrt router via wifi as opposed to ethernet, just as you explained.

You're also right that in using this method, there shouldn't be a problem as evidenced by the success of the 3200 using the same method, VPN, and AirVPN servers. The 3200 is on build r47608 which the 1900 used to be (switched off of it because I wasn't getting any success with that build either). Perhaps I should try the build you have had success with (46816 May 2021). I've kept my 3200 on the same 47608 build since it's been working well.

CPU temps are at 67 which seems pretty decent.

Below are screenshots of my openvpn settings on the router, as well as the additional commands/inputs one would enter into "additional config." I've also attached the log entries under GUI-> Status-> OpenVPN but don't see anything that sticks out. Currently it's stuck at Client: TCP_CONNECT. When it does enter into the "CONNECTED SUCCESS" state, it lasts for a few minutes and disconnects as soon as I try to navigate to a web page.


SurprisedItWorks wrote:
Let us know the build number. People use those rather than build dates here.

AirVPN has a limit of five connected clients, and when you turn off a router configured for AirVPN, it takes a minute or two for Air to notice and decrement the count. So if you are at the limit of five and disconnect the router, you'll need to wait a couple of minutes before reconnecting. You can watch all this at airvpn.org/sessions if you are logged in. (Aside: With modern browsers airvpn.dev is equivalent to airvpn.org but faster and with slightly improved security.)

Not clear what it means to use client mode with your modem. By your modem do you perhaps mean the ISP-provided combined modem/router? Is one of your dd-wrt wifi interfaces in client mode and connected to the ISP device? You connect your dd-wrt router to the ISP box over wifi rather than using an ethernet connection?

If that is your setup, there should be no particular problem with OpenVPN/AirVPN. I have a spare router set up that way, and the OpenVPN setup on it for AirVPN is exactly the same as on my primary router, and it works just as well. I have an older build (46816 May 2021) though, so YMMV.

In particular, as I've upgraded to newer builds over the past few years, I have needed occasional small tweaks to the AirVPN setup. In particular, when dd-wrt went from OpenVPN 2.4 to OpenVPN 2.5, there were important changes necessary. Is your 3200 that's working OK using the same dd-wrt build?

If so and the 3200 works, the 1900ACS should work also, unless its too hot. What sort of CPU temps are you seeing on the GUI/Status/Router page? My experience is that at 72C things are generally fine, but at 75C they may not be. This model router can get squirrelly if not kept cool. Many of us keep a USB-powered fan either on or under the router to blow air gently up through the case, which keeps the router happy with CPU temps in the 50's. Easy to test the idea with an ordinary room fan for cooling before shopping for a USB-powered fan.

If none of that seems to be getting close to the matter, can you share the OpenVPN client settings you have configured (appropriately sanitized, of course)? Best compare with the 3200 at the same time, to double check that the settings are identical.
StraightPath
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 5

PostPosted: Tue Jan 25, 2022 19:22    Post subject: Reply with quote
Sorry, for some reason the clientlog.txt file didn't attach last time.
StraightPath
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 5

PostPosted: Tue Jan 25, 2022 19:44    Post subject: Reply with quote
After flashing to the build you use (46816), the OpenVPN page does show state as "CONNECTED SUCCESS" and this connection lasts much longer, however it will still periodically disconnect and I am still unable to navigate on the web nor ping a site. I was able to save the client log from this successful connection and attached it. Now it goes between "AUTH" and "RECONNECTING tls-error"
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1335
Location: Appalachian mountains, USA

PostPosted: Tue Jan 25, 2022 22:14    Post subject: Reply with quote
Well, the plot thickens! I've actually flashed my backup WRT1900ACSv2 now to 48141 (no reset) and while everything up to the usual "Initialization Sequence Completed" looks perfectly normal, around three minutes later the openvpn process began executing a "ping-restart" every minute or so. It seems that somehow it is not getting the ping packets every 10s from AirVPN. (Pushed from Air servers: "ping 10,ping-restart 60")

Like you, I have a second WRT router (identical model in my case) with an identical OpenVPN config, and it's working fine. Like you, the one with the problem is connecting to the internet via a wifi interface in client mode connecting to another router. The client-mode aspect is perhaps the most disturbing here.

Bottom line: standby for the moment, as I'm not going to be of use to you until I get it working here. So I'll keep chewing on this and pop back in here when things get untangled!

_________________
4 Linksys WRT1900ACSv2 routers on 49081, 2 on 48141: VLANs, VAPs, NAS, client mode, OpenVPN client (AirVPN), DDNS, wireguard servers and clients (AzireVPN), three DNSCrypt DNS providers (incl Quad9) via VPN clients.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1335
Location: Appalachian mountains, USA

PostPosted: Tue Jan 25, 2022 23:02    Post subject: Reply with quote
My problem turned out to be unrelated to yours. I got caught by the new drop-down "Source routing" menus for both OpenVPN and wireguard. I use PBR in both vpn systems (of course, since I use two systems), but the defaults were to route all source IPs on the router. Doesn't work real well when you try to route all traffic through two VPNs at once!

Now your problem: I saw your .txt file and indeed it shows a perfectly ordinary successful connection. Your comment about "tls-error" showing up a bit later seems ominous though. Can you post a bit of that material so that Those More Wise Than I (@egc) can see any details?

Also, adding some detail to the vpn log by upping the verbosity level might shed a little light on things. Here I normally put "verb 4" (the default is 3) in Additional Config. For a big mystery you might even want verb 5.

_________________
4 Linksys WRT1900ACSv2 routers on 49081, 2 on 48141: VLANs, VAPs, NAS, client mode, OpenVPN client (AirVPN), DDNS, wireguard servers and clients (AzireVPN), three DNSCrypt DNS providers (incl Quad9) via VPN clients.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1335
Location: Appalachian mountains, USA

PostPosted: Tue Jan 25, 2022 23:37    Post subject: Reply with quote
My caffeine-deprived brain totally missed your GUI-settings postings, but I don't see anything alarming other than maybe the MTU of 1500. Until you get things working, you may want to erase that field and go with the default. You can experiment with raising it later on when things are working. (As you probably realize, having it too high can cripple your speed or even freeze things up completely.)

And you are using keys and certs from a different AirVPN "device" than used by anything else you have online, right? Readers: clients configured using the certs/keys associated with the same device (user-defined on the Air website) cannot connect to the same Air server.

_________________
4 Linksys WRT1900ACSv2 routers on 49081, 2 on 48141: VLANs, VAPs, NAS, client mode, OpenVPN client (AirVPN), DDNS, wireguard servers and clients (AzireVPN), three DNSCrypt DNS providers (incl Quad9) via VPN clients.
StraightPath
DD-WRT Novice


Joined: 25 Jan 2022
Posts: 5

PostPosted: Wed Jan 26, 2022 9:57    Post subject: Reply with quote
I'm certain that I am using using the correct keys/certs from AirVPN for this device. I've only got two devices registered with AirVPN (3200 and 1900) and was certain that I downloaded it for the 1900.

Ok, so when I lowered the MTU to 1400 (default) using the same build you had from May 2021, I was able to actually maintain a stable connection!

It lasted for about 30 minutes (able to browse the web pretty well) before it went into the Auth and TLS error. To get rid of those errors, all I had to do was either make a small change in the openvpn page and apply (so it reinitated) or remote reboot the router. I also tried 1410 and that also worked well!
Not sure when or why I entered 1500 for that, but it seems that caused some of the issue.
Still though, not sure why it disconnects after half an hour or so.

I also added a new line in the additional config file with "verb 5" but I didn't see alot more verbiage in the client logs than usual.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 9765
Location: Netherlands

PostPosted: Wed Jan 26, 2022 10:25    Post subject: Reply with quote
Some quick ideas Smile

-Use build 48141 or later
-Use the settings as outlined in the OpenVPN Client setup guide (which will lead you to the settings of @Surpriseditworks)

To @Surprisediteworks can you alter/edit your settings to use tcp4 and udp4

We went back to MTU of 1400 instead of 1500, instead you can use the mssfix etc in @Surprisediteworks settings (also advocated by AirVPN) but those are only for TCP traffic (over the UDP connection) that is why we chose MTU 1400 and then you can discard the mssfix etc.

The extra server addresses and the remote random can also be done from the GUI.

In the end you only should have in the Additional Config:
verb 5

and nothing else!

especially not the auth-nocache

Also do not use any firewall rules/killswitches etc everything can be done from the GUI

Hope that this helps

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum