× Introducing the Orbi 970 Series Mesh System with WiFi 7 technology. For more information visit the NETGEAR Press Room.
Orbi WiFi 7 RBE973
Reply

Betreff: Feature request for Hybrid VPN DUMA OS

That_GamerYT
Apprentice

Feature request for Hybrid VPN DUMA OS

When using Hybrid VPN to protect my home network from DDOS attacks, my VPN provider (Proton VPN) decides to change the IP of their VPN servers often, resulting in the connection dropping and saying “Failed”. I have “Block traffic if VPN disconnects” enabled to prevent my IP from getting leaked, but as a result, I have to log into the router each time this happens and manually disable and re-enable the VPN again for it to reconnect (It uses the same Open VPN file that’s stored on it from when I first setup the Open VPN file using my PC). Can you guys make it so that the router automatically retries connecting to the VPN every so interval (Seconds) if this happens? Maybe make it customizable? This would make it less annoying using the Hybrid VPN feature. No user attention is needed for this as like I said above, it uses the same Open VPN file as before and reconnects perfectly fine when I disable and re-enable the VPN.
Model: XR500|Nighthawk Pro Gaming Router
Message 1 of 33
Netduma-Fraser
NetDuma Partner

Re: Feature request for Hybrid VPN DUMA OS

You can try adding this line to your config and see if that works:
--connect-retry n
replace n with the number of seconds you want it to retry after
Message 2 of 33
That_GamerYT
Apprentice

Re: Feature request for Hybrid VPN DUMA OS

Do I add it to the end of the code or the beginning? I'm not really much of a code guy when it comes to Open VPN so I want to make sure I don't mess anything up.

Model: XR500|Nighthawk Pro Gaming Router
Message 3 of 33
Netduma-Liam
NetDuma Partner

Re: Feature request for Hybrid VPN DUMA OS

I believe you'll want to add this inside a connection block below the client line

So it will look something like this:

client
dev tun

<connection>
-connect-retry 5
</connection>

If that doesn't seem right, feel free to add the OpenVPN config file you downloaded and we'll modify it for you and send it back!

Message 4 of 33
dravs
Guide

Re: Feature request for Hybrid VPN DUMA OS

Hi,

I have the same problem with connection to the NordVPN (pl148.nordvpn.com).
Router: XR500 V2.3.2.114

I've tried both solutions:
- With --connect-retry 5, VPN is connecting properly, but looks like didn't work. After some time, it's disconnected and stays in condition: failure.
- With the same value in tag <connection></connection> not working either, the VPN connection could not be established then.
Could you help? I've attached the configuration which I'm using. (Also could be find here https://nordvpn.com/pl/ovpn/)

client
dev tun
proto tcp
remote 185.244.214.227 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>

 

Thanks and Regards



Model: XR500|Nighthawk Pro Gaming Router
Message 5 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

Hi, I have same the issue. After losing connection with VPN it's not connected automatically. I've tried both solutions. I've added --connection-retry n directly in the config file but didn't help too much. Also, I've tried to use that <connection> tag but then I was not able to establish connections with VPN then.

I'm using this confuguration: NordVPN_PL149_TCP 

Router: XR500 V2.3.2.114

Message 6 of 33
Netduma-Fraser
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

@dravs how often are you getting disconnected from the VPN?
Message 7 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

It depends, 1-3 times per day... It's not too much, but I need login into the router and switch of/on the VPN setup to working again... I have opened browser, with VPN logs on it. I'll share here as soon as I'll have something

Message 8 of 33
Netduma-Fraser
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

The logs would be helpful, thanks!
Message 9 of 33
That_GamerYT
Apprentice

Betreff: Feature request for Hybrid VPN DUMA OS

# ==============================================================================
# Copyright (c) 2016-2020 Proton Technologies AG (Switzerland)
# Email: contact@protonvpn.com
#
# The MIT License (MIT)
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR # OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# ==============================================================================

client
dev tun
proto udp

remote us-free-03.protonvpn.com 4569
remote us-free-03.protonvpn.com 1194
remote us-free-03.protonvpn.com 80
remote us-free-03.protonvpn.com 443
remote us-free-03.protonvpn.com 5060

remote-random
resolv-retry infinite
nobind

# The following setting is only needed for old OpenVPN clients compatibility. New clients
# automatically negotiate the optimal cipher.
cipher AES-256-CBC

auth SHA512
comp-lzo no
verb 3

setenv CLIENT_CERT 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun

reneg-sec 0

remote-cert-tls server
auth-user-pass
pull
fast-io


<ca>
-----BEGIN CERTIFICATE-----
MIIFozCCA4ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADBAMQswCQYDVQQGEwJDSDEV
MBMGA1UEChMMUHJvdG9uVlBOIEFHMRowGAYDVQQDExFQcm90b25WUE4gUm9vdCBD
QTAeFw0xNzAyMTUxNDM4MDBaFw0yNzAyMTUxNDM4MDBaMEAxCzAJBgNVBAYTAkNI
MRUwEwYDVQQKEwxQcm90b25WUE4gQUcxGjAYBgNVBAMTEVByb3RvblZQTiBSb290
IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt+BsSsZg7+AuqTq7
vDbPzfygtl9f8fLJqO4amsyOXlI7pquL5IsEZhpWyJIIvYybqS4s1/T7BbvHPLVE
wlrq8A5DBIXcfuXrBbKoYkmpICGc2u1KYVGOZ9A+PH9z4Tr6OXFfXRnsbZToie8t
2Xjv/dZDdUDAqeW89I/mXg3k5x08m2nfGCQDm4gCanN1r5MT7ge56z0MkY3FFGCO
qRwspIEUzu1ZqGSTkG1eQiOYIrdOF5cc7n2APyvBIcfvp/W3cpTOEmEBJ7/14RnX
nHo0fcx61Inx/6ZxzKkW8BMdGGQF3tF6u2M0FjVN0lLH9S0ul1TgoOS56yEJ34hr
JSRTqHuar3t/xdCbKFZjyXFZFNsXVvgJu34CNLrHHTGJj9jiUfFnxWQYMo9UNUd4
a3PPG1HnbG7LAjlvj5JlJ5aqO5gshdnqb9uIQeR2CdzcCJgklwRGCyDT1pm7eoiv
WV19YBd81vKulLzgPavu3kRRe83yl29It2hwQ9FMs5w6ZV/X6ciTKo3etkX9nBD9
ZzJPsGQsBUy7CzO1jK4W01+u3ItmQS+1s4xtcFxdFY8o/q1zoqBlxpe5MQIWN6Qa
lryiET74gMHE/S5WrPlsq/gehxsdgc6GDUXG4dk8vn6OUMa6wb5wRO3VXGEc67IY
m4mDFTYiPvLaFOxtndlUWuCruKcCAwEAAaOBpzCBpDAMBgNVHRMEBTADAQH/MB0G
A1UdDgQWBBSDkIaYhLVZTwyLNTetNB2qV0gkVDBoBgNVHSMEYTBfgBSDkIaYhLVZ
TwyLNTetNB2qV0gkVKFEpEIwQDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFByb3Rv
blZQTiBBRzEaMBgGA1UEAxMRUHJvdG9uVlBOIFJvb3QgQ0GCAQEwCwYDVR0PBAQD
AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQCYr7LpvnfZXBCxVIVc2ea1fjxQ6vkTj0zM
htFs3qfeXpMRf+g1NAh4vv1UIwLsczilMt87SjpJ25pZPyS3O+/VlI9ceZMvtGXd
MGfXhTDp//zRoL1cbzSHee9tQlmEm1tKFxB0wfWd/inGRjZxpJCTQh8oc7CTziHZ
ufS+Jkfpc4Rasr31fl7mHhJahF1j/ka/OOWmFbiHBNjzmNWPQInJm+0ygFqij5qs
51OEvubR8yh5Mdq4TNuWhFuTxpqoJ87VKaSOx/Aefca44Etwcj4gHb7LThidw/ky
zysZiWjyrbfX/31RX7QanKiMk2RDtgZaWi/lMfsl5O+6E2lJ1vo4xv9pW8225B5X
eAeXHCfjV/vrrCFqeCprNF6a3Tn/LX6VNy3jbeC+167QagBOaoDA01XPOx7Odhsb
Gd7cJ5VkgyycZgLnT9zrChgwjx59JQosFEG1DsaAgHfpEl/N3YPJh68N7fwN41Cj
zsk39v6iZdfuet/sP7oiP5/gLmA/CIPNhdIYxaojbLjFPkftVjVPn49RqwqzJJPR
N8BOyb94yhQ7KO4F3IcLT/y/dsWitY0ZH4lCnAVV/v2YjWAWS3OWyC8BFx/Jmc3W
DK/yPwECUcPgHIeXiRjHnJt0Zcm23O2Q3RphpU+1SO3XixsXpOVOYP6rJIXW9bMZ
A1gTTlpi7A==
-----END CERTIFICATE-----
</ca>

key-direction 1
<tls-auth>
# 2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
6acef03f62675b4b1bbd03e53b187727
423cea742242106cb2916a8a4c829756
3d22c7e5cef430b1103c6f66eb1fc5b3
75a672f158e2e2e936c3faa48b035a6d
e17beaac23b5f03b10b868d53d03521d
8ba115059da777a60cbfd7b2c9c57472
78a15b8f6e68a3ef7fd583ec9f398c8b
d4735dab40cbd1e3c62a822e97489186
c30a0b48c7c38ea32ceb056d3fa5a710
e10ccc7a0ddb363b08c3d2777a3395e1
0c0b6080f56309192ab5aacd4b45f55d
a61fc77af39bd81a19218a79762c3386
2df55785075f37d8c71dc8a42097ee43
344739a0dd48d03025b0450cf1fb5e8c
aeb893d9a96d1f15519bb3c4dcb40ee3
16672ea16c012664f8a9f11255518deb
-----END OpenVPN Static key V1-----
</tls-auth>
Model: XR500|Nighthawk Pro Gaming Router
Message 10 of 33
That_GamerYT
Apprentice

Betreff: Feature request for Hybrid VPN DUMA OS

Sorry it took me so long to post the code. I thought it went through, but I guess it didn't. It turns out that I had to put "Insert Code" instead of copying and pasting it from the OpenVPN file in notepad. I also tried adding the OpenVPN file, but it said "This file type is not allowed" so I just pasted it in code here so you guys can modify it. Thanks!

Model: XR500|Nighthawk Pro Gaming Router
Message 11 of 33
Netduma-Fraser
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

Add -connect-retry 5 , don't add it in a block. Remote all the remote lines apart from the one with the port 1194 and see if it is better then
Message 12 of 33
That_GamerYT
Apprentice

Betreff: Feature request for Hybrid VPN DUMA OS

I'm not really good with code so I don't really know what to do, but I belive @Netduma-Liam said you guys would put it in the code if I wasn't sure how to do it.

Model: XR500|Nighthawk Pro Gaming Router
Message 13 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

I've switched from TCP to UDP, to check if the same issue will appear. (Used not modified settings from: UDP-PL147 )(TCP settings passed in previous response). It took a little bit longer because VPN was working fine for almost 2 days, but finally, UDP finished with the same exception as what TCP does. But, looks like time how often it's crashing it's random because today I had the same issue one hour after switching on VPN again. Here logs from the last successful connection and the exception which was thrown. After this, the VPN connection stuck in the failed.

Sorry that it's in quote, but I was not able to publish replay with code tag.

Fri Apr 23 18:59:42 2021 TLS: tls_process: killed expiring key
Fri Apr 23 18:59:42 2021 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Fri Apr 23 18:59:42 2021 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
Fri Apr 23 18:59:42 2021 VERIFY KU OK
Fri Apr 23 18:59:42 2021 Validating certificate extended key usage
Fri Apr 23 18:59:42 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Apr 23 18:59:42 2021 VERIFY EKU OK
Fri Apr 23 18:59:42 2021 VERIFY OK: depth=0, CN=pl149.nordvpn.com
Fri Apr 23 18:59:42 2021 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 23 18:59:42 2021 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 23 18:59:42 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Apr 23 19:59:42 2021 TLS: tls_process: killed expiring key
Fri Apr 23 20:02:05 2021 [pl149.nordvpn.com] Inactivity timeout (--ping-restart), restarting
Fri Apr 23 20:02:05 2021 SIGUSR1[soft,ping-restart] received, process restarting
Fri Apr 23 20:02:05 2021 Restart pause, 5 second(s)
Fri Apr 23 20:02:10 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Apr 23 20:02:10 2021 NOTE: --fast-io is disabled since we are not using UDP
Fri Apr 23 20:02:10 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]185.244.214.232:443
Fri Apr 23 20:02:10 2021 Socket Buffers: R=[87380->327680] S=[16384->327680]
Fri Apr 23 20:02:10 2021 Attempting to establish TCP connection with [AF_INET]185.244.214.232:443 [nonblock]
Fri Apr 23 20:02:22 2021 TCP connection established with [AF_INET]185.244.214.232:443
Fri Apr 23 20:02:22 2021 TCP_CLIENT link local: (not bound)
Fri Apr 23 20:02:22 2021 TCP_CLIENT link remote: [AF_INET]185.244.214.232:443
Fri Apr 23 20:02:22 2021 TLS: Initial packet from [AF_INET]185.244.214.232:443, sid=ef5e6521 772fdb30
Fri Apr 23 20:02:22 2021 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Fri Apr 23 20:02:22 2021 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
Fri Apr 23 20:02:22 2021 VERIFY KU OK
Fri Apr 23 20:02:22 2021 Validating certificate extended key usage
Fri Apr 23 20:02:22 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Apr 23 20:02:22 2021 VERIFY EKU OK
Fri Apr 23 20:02:22 2021 VERIFY OK: depth=0, CN=pl149.nordvpn.com
Fri Apr 23 20:02:22 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Apr 23 20:02:22 2021 [pl149.nordvpn.com] Peer Connection Initiated with [AF_INET]185.244.214.232:443
Fri Apr 23 20:02:23 2021 SENT CONTROL [pl149.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Fri Apr 23 20:02:23 2021 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.3.3 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: timers and/or timeouts modified
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: compression parms modified
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Apr 23 20:02:23 2021 Socket Buffers: R=[327680->327680] S=[327680->327680]
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: --ifconfig/up options modified
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: route options modified
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: route-related options modified
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: peer-id set
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: adjusting link_mtu to 1659
Fri Apr 23 20:02:23 2021 OPTIONS IMPORT: data channel crypto options modified
Fri Apr 23 20:02:23 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Apr 23 20:02:23 2021 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 23 20:02:23 2021 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Apr 23 20:02:23 2021 Preserving previous TUN/TAP instance: tun0
Fri Apr 23 20:02:23 2021 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Fri Apr 23 20:02:23 2021 Closing TUN/TAP interface
Fri Apr 23 20:02:23 2021 /sbin/ifconfig tun0 0.0.0.0
Fri Apr 23 20:02:23 2021 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpndown 15 tun0 1500 1587 10.7.2.2 255.255.255.0 init
openvpn-event.lua: bad argument #3 to 'format' (string expected, got nil) -> stack traceback:
?: in function <?:73>
[C]: in function 'format'
?: in function 'safe_execute'
?: in function '?'
?: in function 'on_vpn_down'
?: in function '?'
?: in function '?'
?: in function '?'
?: in function <?:48>
[C]: in function 'xpcall'
?: in function 'try'
?: in function <?:46>
[C]: in function 'run'
?: in function <?:345>
[C]: in function 'xpcall'
?: in function 'try'
?: in function <?:261>
(tail call): ?
/dumaos/api/cli.lua:48: in function </dumaos/api/cli.lua:30>
[C]: in function 'xpcall'
/dumaos/api/cli.lua:59: in main chunk
[C]: ?
Fri Apr 23 20:02:24 2021 WARNING: Failed running command (--up/--down): external program exited with error status: 3

Message 14 of 33
Netduma-Liam
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

Is there any particular pattern to the crashes if not time? For example, is the VPN dropping when you're using a particular device, connecting to a particular web page or VPNing a particular service for example?

Message 15 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

I didn't notice that... For two days, when I had opened a browser and I was logged in to the router all workings fine. Then I was logout and I've switched off the computer because I was thought that it's fixed after switch to UDP. But today morning connection was broken again. The log time suggests that it was at the night and no one was using the internet. Only what is done at night, is back up to disk connected to the router.

Message 16 of 33
Netduma-Liam
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

Could you let us know the OpenVPN configuration file you're using as well as any changes/additions you've made to it? 

Message 17 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

Finally, as I mention, I'm using the original configuration from VPN provider website, which I shared before. Because those 3 lines, should are enough to reconnect VPN in case of failure, and none of above suggestion didn't work.
resolv-retry infinite
ping 15
ping-restart 0

It's possible to get somewhere that openvpn-event lua script?

Message 18 of 33
Netduma-Liam
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

Thanks for confirming, does your server require two factor authentication for devices to connect to the VPN? If so, this isn't going to work with Hybrid VPN. 

I'll also do some digging around in the backend to see if I can find any other reasons why there may be an issue here.

Message 19 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

As far I know it possible to have that 2FA in my VPN provider, but I don't using it.
I found also something in Monitoring->Logs which maybe could help:

 

[DumaOS] config write 'com.netdumasoftware.hybridvpn.settings', Monday, April 26, 2021 16:00:26
[DumaOS] Backing up settings to config partition., Monday, April 26, 2021 16:00:26
[DumaOS] config write 'com.netdumasoftware.hybridvpn.settings', Monday, April 26, 2021 16:00:25
[DumaOS] Backing up settings to config partition., Monday, April 26, 2021 16:00:25
[DumaOS] Long call 'openvpndown' exception 'ERROR: Exec 'ip route del default via '10.8.1.1' table 1' failed with 2 stack trace,
[DumaOS] config write 'com.netdumasoftware.hybridvpn.settings', Monday, April 26, 2021 15:59:40
[DumaOS] Backing up settings to config partition., Monday, April 26, 2021 15:59:40
[DumaOS] config write 'com.netdumasoftware.hybridvpn.settings', Monday, April 26, 2021 15:59:38
[DumaOS] Backing up settings to config partition., Monday, April 26, 2021 15:59:38


[DumaOS] config write 'com.netdumasoftware.hybridvpn.settings', Monday, April 26, 2021 15:38:00
[DumaOS] Backing up settings to config partition., Monday, April 26, 2021 15:38:00
[DumaOS] Long call 'openvpndown' exception 'ERROR: Exec 'ip route del default via '10.8.2.1' table 1' failed with 2 stack trace,
[DumaOS] config write 'com.netdumasoftware.hybridvpn.settings', Monday, April 26, 2021 15:36:59
[DumaOS] Backing up settings to config partition., Monday, April 26, 2021 15:36:59

 

But looks like exception was thrown, after Internet idle-timeout:

[DumaOS] Long call 'openvpndown' exception 'bad argument #3 to 'format' (string expected, got nil) -> stack traceback: ^I?: in ,
[OpenVPN, connection fail] from remote IP address: 5.253.206.171, Monday, April 26, 2021 16:39:10
[Internet connected] IP address: X.X.X.X, Monday, April 26, 2021 16:38:44
[OpenVPN, connection drop] from remote IP address: 5.253.206.171, Monday, April 26, 2021 16:38:05
[Internet idle-timeout] Monday, April 26, 2021 16:35:50


Any option to increase it? Switch off?

Message 20 of 33
Netduma-Liam
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

Does your ISP require a login for PPPoE or otherwise? If so, you could try going to Settings -> Internet Setup and set Connection mode to 'Always on' and the idle timeout to 0.

Message 21 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

Yes, I'm using the PPPoE connection with a login. Changed to "Always on" mode, we will see if it help. Anyhow, always it's possible that something will fail on my ISP provider side and the connection will be lost. So in that case we will have the same case what before (Maybe with less frequency, if any). I'll inform you as soon as I'll feel the difference or I'll find something more. Let me know if something more can be done to helps detect the issue.

Message 22 of 33
Netduma-Liam
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

OK thank you, let me know if this helps. If not, we may need to dig a little deeper if the timeout entry was not the issue.

Message 23 of 33
dravs
Guide

Betreff: Feature request for Hybrid VPN DUMA OS

The bad news, the issue still exists. It's better because no more logs related to Internet disconnect, but still with Failed state and the exception in VPN logs...

Message 24 of 33
Netduma-Fraser
NetDuma Partner

Betreff: Feature request for Hybrid VPN DUMA OS

@dravs does it seem to occur after a period of inactivity on the VPN device by any chance? If so add:
inactive 0
please and see if it helps.
Message 25 of 33
Discussion stats
  • 32 replies
  • 5167 views
  • 10 kudos
  • 5 in conversation
Announcements

Orbi WiFi 7