I have a 955 that sends all traffic thru an external OpenVPN server.
Every 6/12 hours it stops working and it is completely isolated from the Internet.
After extensive debugging, I discovered that after a mobile reconnection, VPN status is wrong and the routing table misses static routes.
At the start, VPN works. This the routing table:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.47.1 128.0.0.0 UG 0 0 0 tun0
default 10.174.209.58 0.0.0.0 UG 0 0 0 wwan0
8.8.8.8 * 255.255.255.255 UH 10 0 0 wwan0
10.8.47.0 * 255.255.255.0 U 0 0 0 tun0
10.174.209.56 * 255.255.255.252 U 10 0 0 wwan0
128.0.0.0 10.8.47.1 128.0.0.0 UG 0 0 0 tun0
138.x.x.x. 10.174.209.58 255.255.255.255 UGH 0 0 0 wwan0
192.168.4.0 * 255.255.255.0 U 0 0 0 br-lan
where
- 10.8.47.1 is the openVPN SERVER private IP
- 138.x.x.x is the openVPN SERVER public IP
- 10.174.209.58 is the IP From the Telco.
You can see that I added a static route to keep the traffic to DNS 8.8.8.8 via wwan0
where 8.8.8.8 is the default DNS Server configured in RUT955.
When the Operator (Iliad) drops the mobile connections and RUT955 reconnects, the router stops routing correctly.
After reconnection RUT955 gets a new IP from the operator: 10.61.244.1
and the routing table after reconnections is this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.47.1 128.0.0.0 UG 0 0 0 tun0
default 10.61.244.1 0.0.0.0 UG 0 0 0 wwan0
default 10.61.244.1 0.0.0.0 UG 10 0 0 wwan0
10.8.47.0 * 255.255.255.0 U 0 0 0 tun0
10.61.244.1 * 255.255.255.252 U 10 0 0 wwan0
128.0.0.0 10.8.47.1 128.0.0.0 UG 0 0 0 tun0
192.168.4.0 * 255.255.255.0 U 0 0 0 br-lan
- the route to Public Gateway IP is missing
- the static route to 8.8.8.8 is also missing.
- the tunnel is not working,
- traffic is not forwarded via tun0
- ping to any public IP fails.
Restarting VPN from GUI is not working.
A modem reset or mobile reconnect is not working.
The only solution is a modem reboot.
How can I solve this?
Thanks
Here is salient log after loss of connection:
Mon Mar 29 06:31:27 2021 daemon.notice netifd: Interface 'ppp' has lost the connection
Mon Mar 29 06:31:27 2021 daemon.warn dnsmasq[3871]: no servers found in /tmp/resolv.conf.auto, will retry
Mon Mar 29 06:31:28 2021 daemon.notice netifd: ppp_4 (3638): udhcpc: received SIGTERM
Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp_4' is now down
Mon Mar 29 06:31:28 2021 daemon.notice netifd: Network alias '' link is down
Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp_4' has link connectivity loss
Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp_4' is disabled
...
Mon Mar 29 06:31:28 2021 daemon.notice netifd: Interface 'ppp' is now up
Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: reading /tmp/resolv.conf.auto
Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: using only locally-known addresses for domain lan
Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: using nameserver 8.8.8.8#53
Mon Mar 29 06:31:28 2021 daemon.info dnsmasq[3871]: using nameserver 1.1.1.1#53
Mon Mar 29 06:31:28 2021 user.info Messaged[6936]: Start from new event "Mobile Data" "Mobile data disconnected"
...
Mon Mar 29 06:31:41 2021 user.info Messaged[7388]: Start from new event "Mobile Data" "Mobile data connected, IP: 10.61.244.1 Iliad"
Mon Mar 29 06:31:43 2021 daemon.err insmod: module is already loaded - xt_multiport
Mon Mar 29 06:31:43 2021 daemon.err insmod: module is already loaded - xt_connmark
Mon Mar 29 06:31:44 2021 daemon.err insmod: module is already loaded - xt_comment
Mon Mar 29 06:31:44 2021 daemon.err insmod: module is already loaded - xt_length
...
Mon Mar 29 06:31:48 2021 local1.crit hotplug-netifd-netstate[7905]: ERROR: uci set (set)
Mon Mar 29 06:31:48 2021 local1.crit hotplug-netifd-netstate[7905]: ERROR code: uci err: Invalid argument
Mon Mar 29 06:31:48 2021 local1.info hotplug-gsmstate[7907]: envACT: ifup
Mon Mar 29 06:31:48 2021 local1.info hotplug-gsmstate[7907]: envDEV: wwan0
Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_multiport
Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_connmark
Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_comment
Mon Mar 29 06:31:51 2021 daemon.err insmod: module is already loaded - xt_length
Mon Mar 29 06:31:52 2021 user.notice firewall: Reloading firewall due to ifup of ppp_4 (wwan0)
...
Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: TCP/UDP: Preserving recently used remote address: [AF_INET]138.X.X.X:1212
Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]
Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: UDP link local: (not bound)
Mon Mar 29 06:33:28 2021 daemon.notice openvpn(client_tet)[5071]: UDP link remote: [AF_INET]138.X.X.X:1212
Mon Mar 29 06:34:28 2021 daemon.err openvpn(client_tet)[5071]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Mar 29 06:34:28 2021 daemon.err openvpn(client_tet)[5071]: TLS Error: TLS handshake failed
Mon Mar 29 06:34:28 2021 daemon.notice openvpn(client_tet)[5071]: SIGUSR1[soft,tls-error] received, process restarting
Mon Mar 29 06:34:28 2021 daemon.notice openvpn(client_tet)[5071]: Restart pause, 5 second(s)
Mon Mar 29 06:35:00 2021 cron.info crond[5440]: USER root pid 8809 cmd /usr/sbin/ping_reboot.sh cfg01c21d
Mon Mar 29 06:35:10 2021 user.notice ping_reboot.sh: Host 8.8.8.8 unreachable
Mon Mar 29 06:35:10 2021 user.notice ping_reboot.sh: 5 min. until next ping retry
Mon Mar 29 06:36:33 2021 daemon.err openvpn(client_tet)[5071]: RESOLVE: Cannot resolve host address: pstest17.XXXXXXX.XX:1212 (Name or service not known)
Mon Mar 29 06:38:33 2021 daemon.err openvpn(client_tet)[5071]: RESOLVE: Cannot resolve host address: pstest17. XXXXXXX.XX:1212 (Name or service not known)
Mon Mar 29 06:38:33 2021 daemon.warn openvpn(client_tet)[5071]: Could not determine IPv4/IPv6 protocol
Mon Mar 29 06:38:33 2021 daemon.notice openvpn(client_tet)[5071]: SIGUSR1[soft,init_instance] received, process restarting
Mon Mar 29 06:38:33 2021 daemon.notice openvpn(client_tet)[5071]: Restart pause, 5 second(s)
Mon Mar 29 06:38:38 2021 daemon.warn openvpn(client_tet)[5071]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Mar 29 06:40:00 2021 cron.info crond[5440]: USER root pid 9445 cmd /usr/sbin/ping_reboot.sh cfg01c21d
Mon Mar 29 06:40:10 2021 user.notice ping_reboot.sh: Host 8.8.8.8 unreachable
Mon Mar 29 06:40:10 2021 user.notice ping_reboot.sh: Restarting modem after 2 unsuccessful tries