1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Asus RT-AC86U OpenVPN server doesn't start up on router reboot

Discussion in 'Asuswrt-Merlin' started by treetrunk, Apr 15, 2018.

  1. treetrunk

    treetrunk Occasional Visitor

    Joined:
    Apr 10, 2018
    Messages:
    10
    I recently purchased an AC86U (running Merlin's firmware 384.4_2) for its upgraded RAM and CPU, an upgrade from my AC68P. Anyway, I run an OpenVPN server on the router and noticed that the OpenVPN server doesn't start up automatically when the router reboots.

    Any ideas how to fix this issue?
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,213
    Location:
    Canada
    Have to enable "Start with WAN".
     
  4. treetrunk

    treetrunk Occasional Visitor

    Joined:
    Apr 10, 2018
    Messages:
    10
    I don't see that anywhere in the server settings. Note the server status and it shows that the server is being initialized indefinitely. See screenshots. Once I hit the "apply" button, the server starts up
     

    Attached Files:

    Last edited: Apr 16, 2018
  5. Martineau

    Martineau Very Senior Member

    Joined:
    Jul 8, 2012
    Messages:
    1,617
    Location:
    UK
    You won't ....it is a VPN Client setting ONLY.
     
  6. treetrunk

    treetrunk Occasional Visitor

    Joined:
    Apr 10, 2018
    Messages:
    10
    I had ab-solution and Skynet running, so I uninstalled those, re-initialized my AC86U (cleared nvram and jffs) and set it up manually as before. It may or may not be relevant, but I still have Asus's Download Master running. The VPN server still doesn't come up automatically.
    I looked in the system log and see the following two lines:
    "Apr 16 06:32:15 rc_service: udhcpc 910:notify_rc start_vpnserver1"
    "Apr 16 06:32:30 rc_service: skip the event: start_vpnserver1."
     
  7. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,213
    Location:
    Canada
    Sorry, I missed the bit mentioning this was on a server.

    The start event gets skipped because probably a previous event is getting stuck. What are the previous rc_service entries saying?
     
  8. treetrunk

    treetrunk Occasional Visitor

    Joined:
    Apr 10, 2018
    Messages:
    10
    here's a snippet of what I think are relevant entries (others removed).
    Also. I powered cycled the router and the VPN server came up. Then I rebooted it from the webui about 5 times and on the 5th the server wouldn't come back up

     
  9. Odkrys

    Odkrys Senior Member

    Joined:
    Jul 28, 2016
    Messages:
    229
    add user or change Username / Password Auth. Only to No.
     
  10. treetrunk

    treetrunk Occasional Visitor

    Joined:
    Apr 10, 2018
    Messages:
    10
    I changed it to "no" which means that it uses certificates in addition to username/password, correct?
    I'm also having a difficult time seeing how that would be related to an intermittent startup failure of the server. Could you explain that one? Reading the log carefully, it seems like the vpnserver is waiting on the firewall to startup.

    EDIT: There is a user, it's the same account that I use to login to the router, I just hid it in the screenshot.

    EDIT2: Set it to "no" and several reboots later, vpnserver fails to startup again
     
    Last edited: Apr 16, 2018
  11. unsynaps

    unsynaps Regular Contributor

    Joined:
    Nov 9, 2014
    Messages:
    184
    Location:
    Halethorpe, MD
    There is no graphical way to make the OpenVPN server use both password AND cert.

    It can be done you just need to do it through scripts. Did it myself. Rather easy.
     
  12. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    27,213
    Location:
    Canada
    Setting "Username / Password Auth. Only" to No should do that. Note however that this setting does not exist in the stock firmware, only on mine.

    The OP is experiencing a different issue, seems that something in his boot process is taking too long to proceed, causing the start_vpnserver1 event to time out and be dropped. (and since Asus closed the rc_service source code about two years ago, I can no longer extend that timeout value like I used to do).

    We'd need the complete syslog starting at boot to determine which process is blocking the rest.
     
  13. treetrunk

    treetrunk Occasional Visitor

    Joined:
    Apr 10, 2018
    Messages:
    10
    I added a line to firewall-start:
    service start_vpnserver1

    This seems to force the vpnserver to start and mimic the behavior of me pressing the apply button in the vpn server settings. I rebooted the router close to 15 times now and no issues yet.
    I can post a full syslog if you'd like to potentially track down any bugs in your code, or for any other debugging issues.
     
  14. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    I think it is better to set it at init-start script and what I did was a sleep 100 before the vpnserver start. This will ensure all stuff required by the vpnserver is started properly. In my case it was due to ddns wasn't ready before the initial start of my vpnserver.

    Reason why I suggest to put in init-start is because the problem is due to router reboot and init-start script only used once there. Whereas I think the firewall-start script may be used during operation at some time. Like skynet using it.
     
  15. treetrunk

    treetrunk Occasional Visitor

    Joined:
    Apr 10, 2018
    Messages:
    10
    I found a similar problem when I reinstalled skynet, because the call to start it in firewall-start was after my call to start the vpnserver, my vpnserver would hang just as before. So, I moved my call to the end and put a sleep timer just before for 2min and that seemed to fix the issue once and for all. Fingers crossed.

    How did you determine it was due to ddns not starting up?
     
  16. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    I read the syslog and it just happened to be this way..

    This is my post just last week.
    https://www.snbforums.com/threads/question-failed-to-start-openvpn-server-at-bootup.45998/
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!