Asus OpenVPN stopped working

[Jessie.slimer]

I had no issues until today, I now can't connect to my RT-86u with stock firmware using openvpn on 2 seperate clients. Checked all settings, nothing has changed. Tried a reboot and hard reset. This is what the system log shows. Is this a certificate problem?

Aug 24 18:51:29 wlceventd: WLCEVENTD wlceventd_proc_event(481): eth6: Disassoc xxxxx, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Aug 24 18:51:46 wlceventd: WLCEVENTD wlceventd_proc_event(500): eth5: Auth xxxxxxxx, status: Successful (0)
Aug 24 18:51:46 wlceventd: WLCEVENTD wlceventd_proc_event(510): eth5: ReAssoc xxxxxxxxx, status: Successful (0)
Aug 24 18:51:46 wlceventd: WLCEVENTD wlceventd_proc_event(481): eth6: Disassoc xxxxxxx, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Aug 24 18:51:46 wlceventd: WLCEVENTD wlceventd_proc_event(481): eth6: Disassoc xxxxxxx, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Aug 24 18:52:04 wlceventd: WLCEVENTD wlceventd_proc_event(466): eth5: Deauth_ind xxxxxxxx, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Aug 24 18:52:06 wlceventd: WLCEVENTD wlceventd_proc_event(500): eth6: Auth xxxxxxxx, status: Successful (0)
Aug 24 18:52:06 wlceventd: WLCEVENTD wlceventd_proc_event(529): eth6: Assoc xxxxxxx, status: Successful (0)
Aug 24 18:52:15 wlceventd: WLCEVENTD wlceventd_proc_event(500): eth6: Auth xxxxxxxx, status: Successful (0)
Aug 24 18:52:15 wlceventd: WLCEVENTD wlceventd_proc_event(529): eth6: Assoc xxxxxxxx, status: Successful (0)
Aug 24 18:52:16 kernel: bcm_mcast_mld_add:833 mc_fdb->rep_list ffffffc01283cd28 next ffffffc01376c1e0 prev ffffffc01376c1e0 rep_entry->list ffffffc01376c1e0 next ffffffc01283cd28 prev ffffffc01283cd28
Aug 24 18:52:16 kernel: bcm_mcast_mld_add:833 mc_fdb->rep_list ffffffc0128197e8 next ffffffc019378660 prev ffffffc019378660 rep_entry->list ffffffc019378660 next ffffffc0128197e8 prev ffffffc0128197e8
Aug 24 18:53:01 wlceventd: WLCEVENTD wlceventd_proc_event(500): eth6: Auth xxxxx, status: Successful (0)
Aug 24 18:53:01 wlceventd: WLCEVENTD wlceventd_proc_event(529): eth6: Assoc xxxxxx, status: Successful (0)
Aug 24 18:55:00 rc_service: service

 

[alastairstevenson]

Where are you connecting from?
With the clients using a WiFi access point?

With the caveat that it's not a topic I'm that familiar with, a google search suggests :

Reason Code 8 is due to client leaving the BSS by means of AP moving the client to another access point using non-aggressive load balancing.

 

[Jessie.slimer]

2 seperate android phones, both connecting using the cellular network.

I might try wiping out the VPN and setting it up again tonight.

 

[SouthernYankee]

what is your cell provider. Some cell providers are blocking VPN. Try going to a wifi hotspot and test.

Also try to ping your asus address xxxxx.asuscomm.com. If that does not work then ping is not enabled or the address being provided by asus is wrong. Verify the address by looking at the address in the router.

 

[Jessie.slimer]

Verizon. I just logged onto wifi at a different location with my phone and cannot connect still. I am able to ping my asus address.

 

[SouthernYankee]

what does the openvpn client log show on the phone?
Was the firmware on the router recently updated ?
What is your current firmware version ?

 

[Jessie.slimer]

I checked for newer firmware, none was available. I haven't updated it since it was new, almost a year ago. I will check my current version when I get home tonight.

Here is the phone log from the last failed connection.

 

[Jessie.slimer]

This looks like the log from the last session where it was working.

13:44:18.462 -- ----- OpenVPN Start -----

13:44:18.463 -- EVENT: CORE_THREAD_ACTIVE

13:44:18.464 -- OpenVPN core 3.git:released:3e56f9a6:Release android arm64 64-bit PT_PROXY

13:44:18.465 -- Frame=512/2048/512 mssfix-ctrl=1250

13:44:18.465 -- UNUSED OPTIONS
2 [nobind]
5 [sndbuf] [0]
6 [rcvbuf] [0]

13:44:18.465 -- EVENT: RESOLVE

13:44:27.926 -- Contacting xxxxxx:1194 via UDP

13:44:27.926 -- EVENT: WAIT

13:44:27.929 -- Connecting to [xxxx.asuscomm.com]:1194 (xxxxxx) via UDPv4

13:44:27.988 -- EVENT: CONNECTING

13:44:27.990 -- Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client

13:44:27.990 -- Creds: Username/Password

13:44:27.990 -- Peer Info:
IV_VER=3.git:released:3e56f9a6:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_GUI_VER=net.openvpn.connect.android_3.2.2-5027
IV_SSO=openurl


13:44:28.101 -- VERIFY OK: depth=1, /C=TW/ST=TW/L=Taipei/O=ASUS/CN=RT-AC86U/emailAddress=me@myhost.mydomain

13:44:28.106 -- VERIFY OK: depth=0, /C=TW/ST=TW/L=Taipei/O=ASUS/CN=RT-AC86U/emailAddress=me@myhost.mydomain

13:44:28.333 -- SSL Handshake: CN=RT-AC86U, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

13:44:28.335 -- Session is ACTIVE

13:44:28.336 -- EVENT: GET_CONFIG

13:44:28.339 -- Sending PUSH_REQUEST to server...

13:44:28.406 -- OPTIONS:
0 [route] [192.168.50.0] [255.255.255.0] [vpn_gateway] [500]
1 [redirect-gateway] [def1]
2 [dhcp-option] [DNS] [192.168.50.1]
3 [route] [10.8.0.1]
4 [topology] [net30]
5 [ping] [15]
6 [ping-restart] [60]
7 [ifconfig] [10.8.0.6] [10.8.0.5]
8 [peer-id] [0]
9 [cipher] [AES-256-GCM]


13:44:28.407 -- PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
compress: LZO_STUB
peer ID: 0

13:44:28.408 -- EVENT: ASSIGN_IP

13:44:28.468 -- Connected via tun

13:44:28.469 -- LZO-ASYM init swap=0 asym=1

13:44:28.469 -- Comp-stub init swap=0

13:44:28.470 -- EVENT: CONNECTED info='xxxxxx@xxxxx.asuscomm.com:1194 (xxxxxxx) via /UDPv4 on tun/10.8.0.6/ gw=[10.8.0.5/]'

13:46:29.712 -- Client terminated, reconnecting in 1...

 

[Jessie.slimer]

My Asus router is behind my ATT router/modem which is in DMZ passthough mode, and I have been having some spotty internet issues, but I would think that since internet is currently working and vpn is not, it shouldn't be related, but I dont know.

 

[SouthernYankee]

looking at my system, which uses a comcast modem in passthru, to an ASUS stock router RC-AC66U using old firmware 3.0.0.4.382_51640 . Your log files looks similar, you are just using a different encryption,


In your log file you show connected at 13:44:28.470 and Client terminated at 13:46:29.712 , that is 2 minutes connected.

Are there any other devices connect to the VPN ?
Did you recently change the cryto key setup ?
Recent update to firmware ?

 

[SouthernYankee]

I use the simple default asus setup for the VPN no advance settings.

 

[Jessie.slimer]

Yes, I was probably on there for a couple minutes looking at a clip.

The 2 phones are the only clients ever connected to the VPN, never both at the same time. No certificate changes or firmware updates.

I will likely just start over. It was pretty fast and easy to set it up. Thanks for the ideas.

 

[looney2ns]

I've had this issue a few times. Try exporting the config file, then re-install it on the phones.

 

[Jessie.slimer]

I've had this issue a few times. Try exporting the config file, then re-install it on the phones.

This was it. Thanks a bunch.