OpenWrt Forum Archive

Topic: [Solved] openvpn rebooting every 10-20 minutes (wrt1900ac v1, LEDE)

The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
8b3Dpc5
4 Sep 2017, 22:44

Solved: DavidC502 provides an alternate firmware for wrt1900ac v1 routers that eliminates rebooting issues.

Hi - first post to this forum.

I recently reinstalled my WRT1900AC (v1)'s firmware and moved to Davidc502's LEDE firmware (found on his dynamic-dns website).  I made this reinstallation because I want OpenVPN installed at the router level, and I don't think Linksys's default firmware allows for OpenVPN (right?).

So far, the only changes I've made to the firmware - other than configuring wireless - have all been to OpenVPN. 

On the other end of the VPN, I've set up a DigitalOcean droplet, and the only modification I made to the Ubuntu 16.04 installation was to add Streisand.

The installation process I used to successfully set up the OpenVPN connection was the one on streisand's github account.  I can't link it on the forum, but I can give you the link another way if you wish.  It's in the Streisand wiki, and it's called "Setting-an-OpenWrt-Based-Router-as-OpenVPN-Client" .

The way I know the connection has died again is that web pages become nonresponsive.  Then, shortly after, my Bitvise SSH connection (even if it's just to the router) disconnects.  Then the fan on the Wrt1900AC kicks into high gear.  The total downtime is maybe 30 seconds - not too long - but still, I have to re-log into my router (both via the web interface and SSH).

I fully expect you want me to paste log files, etc, but I'm not sure what to give you - and from which source.  I'll start with some of them, and let me know what else I can give you to get started.  FYI, the openvpn log doesn't seem to show me why it's rebooting - at least from what I can tell.  It also doesn't seem to have the complete detail of each reboot.

Thank you for your help!


/etc/config/openvpn

config openvpn 'custom_config'
        option config '/etc/openvpn/my-vpn.conf'

config openvpn 'sample_server'
        option port '1194'
        option proto 'udp'
        option dev 'tun'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/server.crt'
        option key '/etc/openvpn/server.key'
        option dh '/etc/openvpn/dh1024.pem'
        option server '10.8.0.0 255.255.255.0'
        option ifconfig_pool_persist '/tmp/ipp.txt'
        option keepalive '10 120'
        option compress 'lzo'
        option persist_key '1'
        option persist_tun '1'
        option user 'nobody'
        option status '/tmp/openvpn-status.log'
        option verb '3'

config openvpn 'streisand'
        option enabled '1'
        option config '/etc/openvpn/streisand.conf'

my-vpn.conf is blank.

/etc/openvpn/streisand.conf:

client
remote [DigitalOcean droplet] 8757
proto udp
dev tun
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name trioxid.Mandrell name
tls-version-min 1.2
comp-lzo
key-direction 1
verb 3
# route 165.227.58.6 255.255.255.255 net_gateway
log-append /var/log/openvpn.log # To append to log file
status /var/log/openvpn-status.log # To mantain a status file

<ca>
...
</ca>

<cert>
...
</cert>

<key>
...
</key>

<tls-auth>
...
</tls-auth>

/var/log/openvpn-status.log

OpenVPN STATISTICS
Updated,Mon Sep  4 21:29:52 2017
TUN/TAP read bytes,797836
TUN/TAP write bytes,7259001
TCP/UDP read bytes,6761203
TCP/UDP write bytes,973101
Auth read bytes,7259001
pre-compress bytes,121849
post-compress bytes,116916
pre-decompress bytes,875800
post-decompress bytes,1567272
END

/var/log/openvpn.log

Sun Sep  3 16:44:50 2017 UDP link local: (not bound)
Sun Sep  3 16:44:50 2017 UDP link remote: [AF_INET][-- DigitalOcean droplet --]
Sun Sep  3 16:44:50 2017 TLS: Initial packet from [AF_INET][-- DigitalOcean droplet --], sid=f0335c71 85adf30a
Mon Sep  4 20:51:48 2017 [UNDEF] Inactivity timeout (--ping-restart), restarting
Mon Sep  4 20:51:48 2017 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep  4 20:51:48 2017 Restart pause, 5 second(s)
Mon Sep  4 20:51:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET][-- DigitalOcean droplet --]
Mon Sep  4 20:51:53 2017 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Sep  4 20:51:53 2017 UDP link local: (not bound)
Mon Sep  4 20:51:53 2017 UDP link remote: [AF_INET][-- DigitalOcean droplet --]
Mon Sep  4 20:51:53 2017 TLS: Initial packet from [AF_INET][-- DigitalOcean droplet --], sid=0fd045e5 e97d4cbd
Mon Sep  4 20:51:53 2017 VERIFY OK: depth=1, C=US, ST=California, L=Beverly Hills, O=ACME CORPORATION, OU=Anvil Department, CN=ca-certificate
Mon Sep  4 20:51:53 2017 VERIFY KU OK
Mon Sep  4 20:51:53 2017 Validating certificate extended key usage
Mon Sep  4 20:51:53 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Sep  4 20:51:53 2017 VERIFY EKU OK
Mon Sep  4 20:51:53 2017 VERIFY X509NAME OK: C=US, ST=California, L=Beverly Hills, O=ACME CORPORATION, OU=Anvil Department, CN=trioxid.Mandrell
Mon Sep  4 20:51:53 2017 VERIFY OK: depth=0, C=US, ST=California, L=Beverly Hills, O=ACME CORPORATION, OU=Anvil Department, CN=trioxid.Mandrell
Mon Sep  4 20:51:53 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Sep  4 20:51:53 2017 [trioxid.Mandrell] Peer Connection Initiated with [AF_INET][-- DigitalOcean droplet --]
Mon Sep  4 20:51:54 2017 SENT CONTROL [trioxid.Mandrell]: 'PUSH_REQUEST' (status=1)
Mon Sep  4 20:51:54 2017 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.9.0.1,redirect-gateway def1,block-outside-dns,route 10.9.0.0 255.255.255.0,topology net30,ping 1800,ping-restart 3600,ifconfig 10.9.0.14 10.9.0.13,peer-id 3,cipher AES-256-GCM'
Mon Sep  4 20:51:54 2017 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: block-outside-dns (2.4.3)
Mon Sep  4 20:51:54 2017 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep  4 20:51:54 2017 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep  4 20:51:54 2017 OPTIONS IMPORT: route options modified
Mon Sep  4 20:51:54 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep  4 20:51:54 2017 OPTIONS IMPORT: peer-id set
Mon Sep  4 20:51:54 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Sep  4 20:51:54 2017 OPTIONS IMPORT: data channel crypto options modified
Mon Sep  4 20:51:54 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Sep  4 20:51:54 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep  4 20:51:54 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep  4 20:51:54 2017 TUN/TAP device tun0 opened
Mon Sep  4 20:51:54 2017 TUN/TAP TX queue length set to 100
Mon Sep  4 20:51:54 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Sep  4 20:51:54 2017 /sbin/ifconfig tun0 10.9.0.14 pointopoint 10.9.0.13 mtu 1500
Mon Sep  4 20:51:54 2017 /sbin/route add -net [-- DigitalOcean droplet --] netmask 255.255.255.255 gw 136.29.1.1
Mon Sep  4 20:51:54 2017 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.9.0.13
Mon Sep  4 20:51:54 2017 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.9.0.13
Mon Sep  4 20:51:55 2017 /sbin/route add -net 10.9.0.0 netmask 255.255.255.0 gw 10.9.0.13
Mon Sep  4 20:51:55 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep  4 20:51:55 2017 Initialization Sequence Completed

ps -ef

UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 20:51 ?        00:00:02 /sbin/procd
root         2     0  0 20:51 ?        00:00:00 [kthreadd]
root         3     2  0 20:51 ?        00:00:00 [ksoftirqd/0]
root         5     2  0 20:51 ?        00:00:00 [kworker/0:0H]
root         7     2  0 20:51 ?        00:00:01 [rcu_sched]
root         8     2  0 20:51 ?        00:00:00 [rcu_bh]
root         9     2  0 20:51 ?        00:00:00 [migration/0]
root        10     2  0 20:51 ?        00:00:00 [lru-add-drain]
root        11     2  0 20:51 ?        00:00:00 [cpuhp/0]
root        12     2  0 20:51 ?        00:00:00 [cpuhp/1]
root        13     2  0 20:51 ?        00:00:00 [migration/1]
root        14     2  0 20:51 ?        00:00:00 [ksoftirqd/1]
root        16     2  0 20:51 ?        00:00:00 [kworker/1:0H]
root        17     2  0 20:51 ?        00:00:00 [kworker/u4:1]
root       190     2  0 20:51 ?        00:00:00 [oom_reaper]
root       191     2  0 20:51 ?        00:00:00 [writeback]
root       193     2  0 20:51 ?        00:00:00 [crypto]
root       194     2  0 20:51 ?        00:00:00 [bioset]
root       196     2  0 20:51 ?        00:00:00 [kblockd]
root       204     2  0 20:51 ?        00:00:00 [ata_sff]
root       228     2  0 20:51 ?        00:00:00 [watchdogd]
root       243     2  0 20:51 ?        00:00:00 [kworker/0:1]
root       257     2  0 20:51 ?        00:00:00 [kswapd0]
root       258     2  0 20:51 ?        00:00:00 [vmstat]
root       325     2  0 20:51 ?        00:00:00 [pencrypt]
root       327     2  0 20:51 ?        00:00:00 [pdecrypt]
root       368     2  0 20:51 ?        00:00:00 [kworker/u4:3]
root       388     2  0 20:51 ?        00:00:00 [bioset]
root       395     2  0 20:51 ?        00:00:00 [bioset]
root       398     2  0 20:51 ?        00:00:00 [bioset]
root       401     2  0 20:51 ?        00:00:00 [bioset]
root       404     2  0 20:51 ?        00:00:00 [bioset]
root       407     2  0 20:51 ?        00:00:00 [bioset]
root       410     2  0 20:51 ?        00:00:00 [bioset]
root       413     2  0 20:51 ?        00:00:00 [bioset]
root       424     2  0 20:51 ?        00:00:00 [scsi_eh_0]
root       425     2  0 20:51 ?        00:00:00 [scsi_tmf_0]
root       436     2  0 20:51 ?        00:00:00 [bioset]
root       441     2  0 20:51 ?        00:00:00 [bioset]
root       446     2  0 20:51 ?        00:00:00 [bioset]
root       451     2  0 20:51 ?        00:00:00 [bioset]
root       456     2  0 20:51 ?        00:00:00 [bioset]
root       461     2  0 20:51 ?        00:00:00 [bioset]
root       466     2  0 20:51 ?        00:00:00 [bioset]
root       471     2  0 20:51 ?        00:00:00 [bioset]
root       476     2  0 20:51 ?        00:00:00 [bioset]
root       481     2  0 20:51 ?        00:00:00 [bioset]
root       486     2  0 20:51 ?        00:00:00 [spi0]
root       491     2  0 20:51 ?        00:00:00 [bioset]
root       607     2  0 20:51 ?        00:00:00 [irq/30-f1090000]
root       608     2  0 20:51 ?        00:00:00 [irq/31-f1090000]
root       627     2  0 20:51 ?        00:00:00 [ipv6_addrconf]
root       641     2  0 20:51 ?        00:00:00 [ubi_bgt0d]
root       642     2  0 20:51 ?        00:00:00 [bioset]
root       650     2  0 20:51 ?        00:00:00 [kworker/0:1H]
root       652     2  0 20:51 ?        00:00:00 [kworker/0:3]
root       654     2  0 20:51 ?        00:00:00 [kworker/1:1H]
root       657     2  0 20:51 ?        00:00:00 [irq/46-gpio_key]
root       658     2  0 20:51 ?        00:00:00 [irq/47-gpio_key]
root       757     2  0 20:51 ?        00:00:00 [ubifs_bgt0_1]
root       770     2  0 20:51 ?        00:00:00 [ubi_bgt1d]
root       774     2  0 20:51 ?        00:00:00 [ubifs_bgt1_0]
root       881     1  0 20:51 ?        00:00:00 /sbin/ubusd
root       882     1  0 20:51 ttyS0    00:00:00 /sbin/askfirst /usr/libexec/login.sh
root       938     2  0 20:51 ?        00:00:00 [bond0]
root      1001     2  0 20:51 ?        00:00:00 [cryptodev_queue]
root      1011     2  0 20:51 ?        00:00:00 [cfg80211]
root      1277     1  0 20:51 ?        00:00:00 /sbin/logd -S 64
root      1286     1  0 20:51 ?        00:00:00 /sbin/rpcd
root      1293     1  0 20:51 ?        00:00:03 /usr/sbin/haveged -w 1024 -d 32 -i 32 -v 1
root      1360     1  0 20:51 ?        00:00:00 /sbin/netifd
root      1408     1  0 20:51 ?        00:00:00 /usr/sbin/odhcpd
root      1465     1  0 20:51 ?        00:00:00 /usr/sbin/crond -f -c /etc/crontabs -l 8
root      1494     1  0 20:51 ?        00:00:00 /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300 -T 3
root      1533  1360  0 20:51 ?        00:00:00 odhcp6c -s /lib/netifd/dhcpv6.script -P0 -t120 eth1.2
root      1540  1360  0 20:51 ?        00:00:00 udhcpc -p /var/run/udhcpc-eth1.2.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth1.2 -C -O 121
root      1950  1494  0 20:51 ?        00:00:00 /usr/sbin/dropbear -F -P /var/run/dropbear.1.pid -p 22 -K 300 -T 3
root      2240     1  1 20:51 ?        00:00:36 /usr/sbin/hostapd -s -P /var/run/wifi-phy0.pid -B /var/run/hostapd-phy0.conf
nobody    2378     1  0 20:51 ?        00:00:00 /usr/sbin/dnscrypt-proxy /var/etc/dnscrypt-proxy-ns1.conf
root      2499     1  0 20:51 ?        00:00:01 /usr/sbin/[webserver] -f -h /[root] -r router -x /cgi-bin -u /ubus -t 60 -T 30 -k 20 -A 1 -n 3 -N 100 -R -p 0.0.0.0:80 -p [::]:80
root      2623     1  0 20:51 ?        00:00:00 /usr/sbin/smbd -F
root      2624     1  0 20:51 ?        00:00:00 /usr/sbin/nmbd -F
root      2657     1  0 20:51 ?        00:00:03 /usr/sbin/collectd -f
root      2694     1  0 20:51 ?        00:00:04 /usr/sbin/openvpn --syslog openvpn(streisand) --status /var/run/openvpn.streisand.status --cd /etc/openvpn --config /etc/o
root      2874     1  0 20:51 ?        00:00:00 /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p 0.lede.pool.ntp.org -p 1.lede.pool.ntp.org -p 2.lede.pool.ntp.org -p 3.l
root      2927     1  0 20:51 ?        00:00:00 /usr/sbin/igmpproxy /var/etc/igmpproxy.conf
root      3290     2  0 21:34 ?        00:00:00 [kworker/1:0]
root      3554     1  0 20:51 ?        00:00:07 /usr/sbin/snmpd -Lf /dev/null -f
dnsmasq   3735     1  0 20:52 ?        00:00:14 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg02411c -k -x /var/run/dnsmasq/dnsmasq.cfg02411c.pid
root      6930 11924  0 21:36 pts/0    00:00:00 ps -ef
root     11374     2  0 21:17 ?        00:00:01 [kworker/1:1]
root     11924  1950  0 21:17 pts/0    00:00:00 -ash
root     28173     2  0 21:28 ?        00:00:00 [kworker/1:2]

(Last edited by 8b3Dpc5 on 6 Sep 2017, 02:33)

Post #2
davidc502
5 Sep 2017, 00:59

I see you own the 1900ac Version 1, so if the latest build was installed with Kernel 4.9.44, that's likely the cause of the reboot. There is a separate build for V1 owners with Kernel 4.4.x over here that does not have a rebooting issue. ->  https://davidc502sis.dynamic-dns.net/sn … u/generic/

Post #3
8b3Dpc5
5 Sep 2017, 16:54

I see you own the 1900ac Version 1, so if the latest build was installed with Kernel 4.9.44, that's likely the cause of the reboot. There is a separate build for V1 owners with Kernel 4.4.x over here that does not have a rebooting issue. (URL included)

Great - thank you.  I will install it and see what happens.

Post #4
8b3Dpc5
6 Sep 2017, 02:34
davidc502 wrote:

I see you own the 1900ac Version 1, so if the latest build was installed with Kernel 4.9.44, that's likely the cause of the reboot. There is a separate build for V1 owners with Kernel 4.4.x over here that does not have a rebooting issue. ->  (URL provided but I can't use URLs)

Thanks - the router has been up 9 hours now, and therefore I've marked this issue as solved.

The discussion might have continued from here.