sonic guest wrote:It's an interesting dilemma: use FTTN by itself and get a somewhat static IP or use Sonic VPN for privacy but very dynamic IP. You may want try freedns.afraid.org. I prefer FreeDNS over No-IP because they allow for many more options (standard wget, cURL, and direct brower requests using HTTPS URLs) to change an IP that are friendly to both UNIX- and Windows-based computers, and I don't need to use a custom client. I don't think they have any policies for too frequent IP changes either even though I try to be nice and update once/hour.
I hadn't heard of FreeDNS but I will definitely check it out. Although my current router firmware (Xwrt-Vortex) only allows down to a once per day update, so that wouldn't quite be frequent enough to keep up with the 8-9 minute updates I'm seeing.
drew.phillips wrote:Without the VPN active is your connection stable? My router (Lede 17 with OpenVPN) had the same IP bound for over 3 weeks before the VPN maintenance Friday night. I also have a separate computer on another ISP that's had the same IP for over 2 weeks since I re-connected it.
My connection without the VPN is stable for the most part, although I've found that when I run certain services (such as torrents) AT&T is throttling my service almost down to almost nothing (from 49 down / 6 up to 2-4 down / less than 0.5 up). Which is one of the reasons I'd like to encrypt through their hardware so all they see is the VPN traffic.
So I hadn't actually heard of LEDE before but it looks interesting. After using stock firmware on my R7000 for a couple years I installed Tomato, which didn't take advantage of hardware acceleration so I was getting slower WiFi speeds, I ended up moving to Xwrt-Vortex which has been great. Maybe I'll give LEDE a try next.
drew.phillips wrote:I'd suggest looking at the router logs and see if there are any useful messages around when the VPN changes IP. This pretty much indicates that you might be losing your VPN connection. As long as you're connected, we won't change the IP. But if the software is dropping the connection or (perhaps a setting) is cycling it frequently, that would explain the changes.
Here's an example from my logs showing the initial connection & where it disconnects temporarily before assigning a new IP:
Code: Select all
Apr 14 16:35:11 rc_service: httpd 439:notify_rc start_vpnclient1
Apr 14 16:35:11 kernel: tun: Universal TUN/TAP device driver, 1.6
Apr 14 16:35:11 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Apr 14 16:35:13 openvpn[30905]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 3 2017
Apr 14 16:35:13 openvpn[30905]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Apr 14 16:35:13 openvpn[30906]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 14 16:35:13 openvpn[30906]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:13 openvpn[30906]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:13 openvpn[30906]: TCP/UDP: Preserving recently used remote address: [AF_INET]209.148.113.36:1194
Apr 14 16:35:13 openvpn[30906]: Socket Buffers: R=[122880->200000] S=[122880->200000]
Apr 14 16:35:13 openvpn[30906]: UDP link local: (not bound)
Apr 14 16:35:13 openvpn[30906]: UDP link remote: [AF_INET]209.148.113.36:1194
Apr 14 16:35:13 openvpn[30906]: TLS: Initial packet from [AF_INET]209.148.113.36:1194, sid=1ad72b4b 4472a0d3
Apr 14 16:35:13 openvpn[30906]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 14 16:35:14 openvpn[30906]: VERIFY OK: depth=1, CN=OpenVPN CA
Apr 14 16:35:14 openvpn[30906]: VERIFY OK: nsCertType=SERVER
Apr 14 16:35:14 openvpn[30906]: VERIFY OK: depth=0, CN=OpenVPN Server
Apr 14 16:35:14 openvpn[30906]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Apr 14 16:35:14 openvpn[30906]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]209.148.113.36:1194
Apr 14 16:35:15 openvpn[30906]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Apr 14 16:35:15 openvpn[30906]: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 184.23.191.1,dhcp-option DNS 208.201.224.33,dhcp-option DNS 208.201.224.11,register-dns,block-ipv6,ifconfig 184.23.191.184 255.255.255.0'
Apr 14 16:35:15 openvpn[30906]: Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Apr 14 16:35:15 openvpn[30906]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
Apr 14 16:35:15 openvpn[30906]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
Apr 14 16:35:15 openvpn[30906]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
Apr 14 16:35:15 openvpn[30906]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.4.0)
Apr 14 16:35:15 openvpn[30906]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.4.0)
Apr 14 16:35:15 openvpn[30906]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 14 16:35:15 openvpn[30906]: OPTIONS IMPORT: explicit notify parm(s) modified
Apr 14 16:35:15 openvpn[30906]: OPTIONS IMPORT: compression parms modified
Apr 14 16:35:15 openvpn[30906]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 14 16:35:15 openvpn[30906]: OPTIONS IMPORT: route options modified
Apr 14 16:35:15 openvpn[30906]: OPTIONS IMPORT: route-related options modified
Apr 14 16:35:15 openvpn[30906]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 14 16:35:15 openvpn[30906]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:35:15 openvpn[30906]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:15 openvpn[30906]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:35:15 openvpn[30906]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:15 openvpn[30906]: TUN/TAP device tun11 opened
Apr 14 16:35:15 openvpn[30906]: TUN/TAP TX queue length set to 100
Apr 14 16:35:15 openvpn[30906]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 14 16:35:15 openvpn[30906]: /usr/sbin/ip link set dev tun11 up mtu 1500
Apr 14 16:35:15 openvpn[30906]: /usr/sbin/ip addr add dev tun11 184.23.191.184/24 broadcast 184.23.191.255
Apr 14 16:35:20 openvpn[30906]: /usr/sbin/ip route add 209.148.113.36/32 via 76.235.16.1
Apr 14 16:35:20 openvpn[30906]: /usr/sbin/ip route add 0.0.0.0/1 via 184.23.191.1
Apr 14 16:35:20 openvpn[30906]: /usr/sbin/ip route add 128.0.0.0/1 via 184.23.191.1
Apr 14 16:35:21 openvpn-routing: Skipping, client 1 not in routing policy mode
Apr 14 16:35:21 openvpn[30906]: Initialization Sequence Completed
Apr 14 16:35:31 rc_service: httpd 439:notify_rc restart_vpnclient1
Apr 14 16:35:32 openvpn[30906]: event_wait : Interrupted system call (code=4)
Apr 14 16:35:32 openvpn[30906]: SIGTERM received, sending exit notification to peer
Apr 14 16:35:33 openvpn[30906]: vpnrouting.sh tun11 1500 1558 184.23.191.184 255.255.255.0 init
Apr 14 16:35:33 openvpn-routing: Configuring policy rules for client 1
Apr 14 16:35:33 openvpn-routing: Flushing client routing table
Apr 14 16:35:33 openvpn-routing: Completed routing policy configuration for client 1
Apr 14 16:35:33 openvpn[30906]: /usr/sbin/ip route del 209.148.113.36/32
Apr 14 16:35:33 openvpn[30906]: /usr/sbin/ip route del 0.0.0.0/1
Apr 14 16:35:33 openvpn[30906]: /usr/sbin/ip route del 128.0.0.0/1
Apr 14 16:35:33 openvpn[30906]: Closing TUN/TAP interface
Apr 14 16:35:33 openvpn[30906]: /usr/sbin/ip addr del dev tun11 184.23.191.184/24
Apr 14 16:35:33 openvpn[30906]: SIGTERM[soft,exit-with-notification] received, process exiting
Apr 14 16:35:34 dnsmasq[432]: read /etc/hosts - 6 addresses
Apr 14 16:35:34 dnsmasq[432]: using nameserver 8.8.8.8#53
Apr 14 16:35:34 dnsmasq[432]: using nameserver 8.8.4.4#53
Apr 14 16:35:34 openvpn[30994]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 3 2017
Apr 14 16:35:34 openvpn[30994]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Apr 14 16:35:34 openvpn[30995]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 14 16:35:34 openvpn[30995]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:34 openvpn[30995]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:35 openvpn[30995]: TCP/UDP: Preserving recently used remote address: [AF_INET]209.148.113.36:1194
Apr 14 16:35:35 openvpn[30995]: Socket Buffers: R=[122880->200000] S=[122880->200000]
Apr 14 16:35:35 openvpn[30995]: UDP link local: (not bound)
Apr 14 16:35:35 openvpn[30995]: UDP link remote: [AF_INET]209.148.113.36:1194
Apr 14 16:35:35 openvpn[30995]: TLS: Initial packet from [AF_INET]209.148.113.36:1194, sid=99730041 a70a41f5
Apr 14 16:35:35 openvpn[30995]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 14 16:35:35 openvpn[30995]: VERIFY OK: depth=1, CN=OpenVPN CA
Apr 14 16:35:35 openvpn[30995]: VERIFY OK: nsCertType=SERVER
Apr 14 16:35:35 openvpn[30995]: VERIFY OK: depth=0, CN=OpenVPN Server
Apr 14 16:35:35 openvpn[30995]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Apr 14 16:35:35 openvpn[30995]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]209.148.113.36:1194
Apr 14 16:35:37 openvpn[30995]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Apr 14 16:35:37 openvpn[30995]: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 184.23.191.1,dhcp-option DNS 208.201.224.33,dhcp-option DNS 208.201.224.11,register-dns,block-ipv6,ifconfig 184.23.191.88 255.255.255.0'
Apr 14 16:35:37 openvpn[30995]: Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Apr 14 16:35:37 openvpn[30995]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
Apr 14 16:35:37 openvpn[30995]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
Apr 14 16:35:37 openvpn[30995]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
Apr 14 16:35:37 openvpn[30995]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.4.0)
Apr 14 16:35:37 openvpn[30995]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.4.0)
Apr 14 16:35:37 openvpn[30995]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 14 16:35:37 openvpn[30995]: OPTIONS IMPORT: explicit notify parm(s) modified
Apr 14 16:35:37 openvpn[30995]: OPTIONS IMPORT: compression parms modified
Apr 14 16:35:37 openvpn[30995]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 14 16:35:37 openvpn[30995]: OPTIONS IMPORT: route options modified
Apr 14 16:35:37 openvpn[30995]: OPTIONS IMPORT: route-related options modified
Apr 14 16:35:37 openvpn[30995]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 14 16:35:37 openvpn[30995]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:35:37 openvpn[30995]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:37 openvpn[30995]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:35:37 openvpn[30995]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:35:37 openvpn[30995]: TUN/TAP device tun11 opened
Apr 14 16:35:37 openvpn[30995]: TUN/TAP TX queue length set to 100
Apr 14 16:35:37 openvpn[30995]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 14 16:35:37 openvpn[30995]: /usr/sbin/ip link set dev tun11 up mtu 1500
Apr 14 16:35:37 openvpn[30995]: /usr/sbin/ip addr add dev tun11 184.23.191.88/24 broadcast 184.23.191.255
Apr 14 16:35:42 openvpn[30995]: /usr/sbin/ip route add 209.148.113.36/32 via 76.235.16.1
Apr 14 16:35:42 openvpn[30995]: /usr/sbin/ip route add 0.0.0.0/1 via 184.23.191.1
Apr 14 16:35:42 openvpn[30995]: /usr/sbin/ip route add 128.0.0.0/1 via 184.23.191.1
Apr 14 16:35:42 openvpn-routing: Skipping, client 1 not in routing policy mode
Apr 14 16:35:42 openvpn[30995]: Initialization Sequence Completed
Apr 14 16:43:47 miniupnpd[25836]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Apr 14 16:43:47 miniupnpd[25836]: Failed to get IP for interface vlan2
Apr 14 16:43:47 miniupnpd[25836]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Apr 14 16:43:47 dnsmasq[432]: read /etc/hosts - 6 addresses
Apr 14 16:43:47 dnsmasq[432]: using nameserver 8.8.8.8#53
Apr 14 16:43:47 dnsmasq[432]: using nameserver 8.8.4.4#53
Apr 14 16:43:48 rc_service: udhcpc 31012:notify_rc start_firewall
Apr 14 16:43:48 dnsmasq[432]: read /etc/hosts - 6 addresses
Apr 14 16:43:48 dnsmasq[432]: using nameserver 8.8.8.8#53
Apr 14 16:43:48 dnsmasq[432]: using nameserver 8.8.4.4#53
Apr 14 16:43:49 WAN Connection: ISP's DHCP did not function properly.
Apr 14 16:43:49 DualWAN: skip single wan wan_led_control - WANRED off
Apr 14 16:43:49 dnsmasq-dhcp[432]: DHCPDISCOVER(br0) ac:cf:85:6c:0d:5e
Apr 14 16:43:49 dnsmasq-dhcp[432]: DHCPOFFER(br0) 192.168.1.73 ac:cf:85:6c:0d:5e
Apr 14 16:43:49 dnsmasq-dhcp[432]: DHCPREQUEST(br0) 192.168.1.73 ac:cf:85:6c:0d:5e
Apr 14 16:43:49 dnsmasq-dhcp[432]: DHCPACK(br0) 192.168.1.73 ac:cf:85:6c:0d:5e android-3bb156a58298b38d
Apr 14 16:43:49 stop_nat_rules: apply the redirect_rules!
Apr 14 16:43:49 miniupnpd[25836]: shutting down MiniUPnPd
Apr 14 16:43:49 start_nat_rules: apply the nat_rules(/tmp/nat_rules_vlan2_vlan2)!
Apr 14 16:43:49 wan: finish adding multi routes
Apr 14 16:43:49 rc_service: udhcpc 31012:notify_rc stop_vpnclient1
Apr 14 16:43:49 rc_service: waitting "start_firewall" via udhcpc ...
Apr 14 16:43:50 miniupnpd[31071]: HTTP listening on port 55900
Apr 14 16:43:50 miniupnpd[31071]: Listening for NAT-PMP/PCP traffic on port 5351
Apr 14 16:43:51 openvpn[30995]: event_wait : Interrupted system call (code=4)
Apr 14 16:43:51 openvpn[30995]: SIGTERM received, sending exit notification to peer
Apr 14 16:43:51 rc_service: udhcpc 31012:notify_rc stop_upnp
Apr 14 16:43:51 rc_service: waitting "stop_vpnclient1" via udhcpc ...
Apr 14 16:43:52 openvpn[30995]: vpnrouting.sh tun11 1500 1558 184.23.191.88 255.255.255.0 init
Apr 14 16:43:52 openvpn-routing: Configuring policy rules for client 1
Apr 14 16:43:52 openvpn-routing: Flushing client routing table
Apr 14 16:43:52 openvpn-routing: Completed routing policy configuration for client 1
Apr 14 16:43:52 openvpn[30995]: /usr/sbin/ip route del 209.148.113.36/32
Apr 14 16:43:52 openvpn[30995]: ERROR: Linux route delete command failed: external program exited with error status: 2
Apr 14 16:43:52 openvpn[30995]: /usr/sbin/ip route del 0.0.0.0/1
Apr 14 16:43:52 openvpn[30995]: /usr/sbin/ip route del 128.0.0.0/1
Apr 14 16:43:52 openvpn[30995]: Closing TUN/TAP interface
Apr 14 16:43:52 openvpn[30995]: /usr/sbin/ip addr del dev tun11 184.23.191.88/24
Apr 14 16:43:52 openvpn[30995]: SIGTERM[soft,exit-with-notification] received, process exiting
Apr 14 16:43:53 dnsmasq[432]: read /etc/hosts - 6 addresses
Apr 14 16:43:53 dnsmasq[432]: using nameserver 8.8.8.8#53
Apr 14 16:43:53 dnsmasq[432]: using nameserver 8.8.4.4#53
Apr 14 16:43:54 WAN Connection: WAN was restored.
Apr 14 16:43:54 rc_service: udhcpc 31012:notify_rc start_upnp
Apr 14 16:43:54 rc_service: waitting "stop_upnp" via udhcpc ...
Apr 14 16:43:54 miniupnpd[31071]: shutting down MiniUPnPd
Apr 14 16:43:55 ddns update: ez-ipupdate: starting...
Apr 14 16:43:55 miniupnpd[31139]: HTTP listening on port 41905
Apr 14 16:43:55 miniupnpd[31139]: Listening for NAT-PMP/PCP traffic on port 5351
Apr 14 16:43:55 ddns update: connected to dynupdate.no-ip.com (8.23.224.120) on port 80.
Apr 14 16:43:56 ddns update: request successful
Apr 14 16:43:56 ddns update: asusddns_update: 0
Apr 14 16:43:56 ddns: ddns update ok
Apr 14 16:43:56 openvpn-routing: Refreshing policy rules for client 1
Apr 14 16:43:57 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:43:57 openvpn-routing: Refreshing policy rules for client 2
Apr 14 16:43:57 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:43:57 openvpn-routing: Refreshing policy rules for client 3
Apr 14 16:43:57 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:43:57 openvpn-routing: Refreshing policy rules for client 4
Apr 14 16:43:57 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:43:57 openvpn-routing: Refreshing policy rules for client 5
Apr 14 16:43:57 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:43:57 rc_service: udhcpc 31012:notify_rc start_vpnclient1
Apr 14 16:43:57 dhcp client: bound 76.235.16.217 via 76.235.16.1 during 600 seconds.
Apr 14 16:43:59 openvpn[31259]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 3 2017
Apr 14 16:43:59 openvpn[31259]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Apr 14 16:43:59 openvpn[31260]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 14 16:43:59 openvpn[31260]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:43:59 openvpn[31260]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:43:59 openvpn[31260]: TCP/UDP: Preserving recently used remote address: [AF_INET]209.148.113.36:1194
Apr 14 16:43:59 openvpn[31260]: Socket Buffers: R=[122880->200000] S=[122880->200000]
Apr 14 16:43:59 openvpn[31260]: UDP link local: (not bound)
Apr 14 16:43:59 openvpn[31260]: UDP link remote: [AF_INET]209.148.113.36:1194
Apr 14 16:43:59 openvpn[31260]: TLS: Initial packet from [AF_INET]209.148.113.36:1194, sid=6507e3d0 d6728e00
Apr 14 16:43:59 openvpn[31260]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 14 16:43:59 openvpn[31260]: VERIFY OK: depth=1, CN=OpenVPN CA
Apr 14 16:43:59 openvpn[31260]: VERIFY OK: nsCertType=SERVER
Apr 14 16:43:59 openvpn[31260]: VERIFY OK: depth=0, CN=OpenVPN Server
Apr 14 16:44:00 openvpn[31260]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Apr 14 16:44:00 openvpn[31260]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]209.148.113.36:1194
Apr 14 16:44:01 openvpn[31260]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Apr 14 16:44:01 openvpn[31260]: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 184.23.191.1,dhcp-option DNS 208.201.224.33,dhcp-option DNS 208.201.224.11,register-dns,block-ipv6,ifconfig 184.23.191.136 255.255.255.0'
Apr 14 16:44:01 openvpn[31260]: Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Apr 14 16:44:01 openvpn[31260]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
Apr 14 16:44:01 openvpn[31260]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
Apr 14 16:44:01 openvpn[31260]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
Apr 14 16:44:01 openvpn[31260]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.4.0)
Apr 14 16:44:01 openvpn[31260]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.4.0)
Apr 14 16:44:01 openvpn[31260]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 14 16:44:01 openvpn[31260]: OPTIONS IMPORT: explicit notify parm(s) modified
Apr 14 16:44:01 openvpn[31260]: OPTIONS IMPORT: compression parms modified
Apr 14 16:44:01 openvpn[31260]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 14 16:44:01 openvpn[31260]: OPTIONS IMPORT: route options modified
Apr 14 16:44:01 openvpn[31260]: OPTIONS IMPORT: route-related options modified
Apr 14 16:44:01 openvpn[31260]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 14 16:44:01 openvpn[31260]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:44:01 openvpn[31260]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:44:01 openvpn[31260]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:44:01 openvpn[31260]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:44:01 openvpn[31260]: TUN/TAP device tun11 opened
Apr 14 16:44:01 openvpn[31260]: TUN/TAP TX queue length set to 100
Apr 14 16:44:01 openvpn[31260]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 14 16:44:01 openvpn[31260]: /usr/sbin/ip link set dev tun11 up mtu 1500
Apr 14 16:44:01 openvpn[31260]: /usr/sbin/ip addr add dev tun11 184.23.191.136/24 broadcast 184.23.191.255
Apr 14 16:44:06 openvpn[31260]: /usr/sbin/ip route add 209.148.113.36/32 via 76.235.16.1
Apr 14 16:44:06 openvpn[31260]: /usr/sbin/ip route add 0.0.0.0/1 via 184.23.191.1
Apr 14 16:44:06 openvpn[31260]: /usr/sbin/ip route add 128.0.0.0/1 via 184.23.191.1
Apr 14 16:44:06 openvpn-routing: Skipping, client 1 not in routing policy mode
Apr 14 16:44:06 openvpn[31260]: Initialization Sequence Completed
Apr 14 16:53:46 miniupnpd[31139]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Apr 14 16:53:46 miniupnpd[31139]: Failed to get IP for interface vlan2
Apr 14 16:53:46 miniupnpd[31139]: SendNATPMPPublicAddressChangeNotification: cannot get public IP address, stopping
Apr 14 16:53:46 dnsmasq[432]: read /etc/hosts - 6 addresses
Apr 14 16:53:46 dnsmasq[432]: using nameserver 8.8.8.8#53
Apr 14 16:53:46 dnsmasq[432]: using nameserver 8.8.4.4#53
Apr 14 16:53:46 rc_service: udhcpc 31280:notify_rc start_firewall
Apr 14 16:53:46 dnsmasq[432]: read /etc/hosts - 6 addresses
Apr 14 16:53:46 dnsmasq[432]: using nameserver 8.8.8.8#53
Apr 14 16:53:46 dnsmasq[432]: using nameserver 8.8.4.4#53
Apr 14 16:53:47 miniupnpd[31139]: shutting down MiniUPnPd
Apr 14 16:53:48 start_nat_rules: apply the nat_rules(/tmp/nat_rules_vlan2_vlan2)!
Apr 14 16:53:48 wan: finish adding multi routes
Apr 14 16:53:48 rc_service: udhcpc 31280:notify_rc stop_vpnclient1
Apr 14 16:53:48 rc_service: waitting "start_firewall" via udhcpc ...
Apr 14 16:53:48 miniupnpd[31336]: HTTP listening on port 55379
Apr 14 16:53:48 miniupnpd[31336]: Listening for NAT-PMP/PCP traffic on port 5351
Apr 14 16:53:50 openvpn[31260]: event_wait : Interrupted system call (code=4)
Apr 14 16:53:50 openvpn[31260]: SIGTERM received, sending exit notification to peer
Apr 14 16:53:50 rc_service: udhcpc 31280:notify_rc stop_upnp
Apr 14 16:53:50 rc_service: waitting "stop_vpnclient1" via udhcpc ...
Apr 14 16:53:51 openvpn[31260]: vpnrouting.sh tun11 1500 1558 184.23.191.136 255.255.255.0 init
Apr 14 16:53:51 openvpn-routing: Configuring policy rules for client 1
Apr 14 16:53:51 openvpn-routing: Flushing client routing table
Apr 14 16:53:51 openvpn-routing: Completed routing policy configuration for client 1
Apr 14 16:53:51 openvpn[31260]: /usr/sbin/ip route del 209.148.113.36/32
Apr 14 16:53:51 openvpn[31260]: ERROR: Linux route delete command failed: external program exited with error status: 2
Apr 14 16:53:51 openvpn[31260]: /usr/sbin/ip route del 0.0.0.0/1
Apr 14 16:53:51 openvpn[31260]: /usr/sbin/ip route del 128.0.0.0/1
Apr 14 16:53:51 openvpn[31260]: Closing TUN/TAP interface
Apr 14 16:53:51 openvpn[31260]: /usr/sbin/ip addr del dev tun11 184.23.191.136/24
Apr 14 16:53:51 openvpn[31260]: SIGTERM[soft,exit-with-notification] received, process exiting
Apr 14 16:53:52 dnsmasq[432]: read /etc/hosts - 6 addresses
Apr 14 16:53:52 dnsmasq[432]: using nameserver 8.8.8.8#53
Apr 14 16:53:52 dnsmasq[432]: using nameserver 8.8.4.4#53
Apr 14 16:53:53 rc_service: udhcpc 31280:notify_rc start_upnp
Apr 14 16:53:53 rc_service: waitting "stop_upnp" via udhcpc ...
Apr 14 16:53:53 miniupnpd[31336]: shutting down MiniUPnPd
Apr 14 16:53:54 ddns update: ez-ipupdate: starting...
Apr 14 16:53:54 miniupnpd[31402]: HTTP listening on port 48775
Apr 14 16:53:54 miniupnpd[31402]: Listening for NAT-PMP/PCP traffic on port 5351
Apr 14 16:53:54 ddns update: connected to dynupdate.no-ip.com (8.23.224.120) on port 80.
Apr 14 16:53:54 ddns update: request successful
Apr 14 16:53:54 ddns update: asusddns_update: 0
Apr 14 16:53:55 ddns: ddns update ok
Apr 14 16:53:55 openvpn-routing: Refreshing policy rules for client 1
Apr 14 16:53:55 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:53:55 openvpn-routing: Refreshing policy rules for client 2
Apr 14 16:53:55 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:53:55 openvpn-routing: Refreshing policy rules for client 3
Apr 14 16:53:55 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:53:55 openvpn-routing: Refreshing policy rules for client 4
Apr 14 16:53:55 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:53:56 openvpn-routing: Refreshing policy rules for client 5
Apr 14 16:53:56 openvpn-routing: Allow WAN access to all VPN clients
Apr 14 16:53:56 rc_service: udhcpc 31280:notify_rc start_vpnclient1
Apr 14 16:53:56 dhcp client: bound 76.235.16.217 via 76.235.16.1 during 600 seconds.
Apr 14 16:53:57 openvpn[31522]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 3 2017
Apr 14 16:53:57 openvpn[31522]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Apr 14 16:53:57 openvpn[31523]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 14 16:53:58 openvpn[31523]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:53:58 openvpn[31523]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:53:58 openvpn[31523]: TCP/UDP: Preserving recently used remote address: [AF_INET]209.148.113.36:1194
Apr 14 16:53:58 openvpn[31523]: Socket Buffers: R=[122880->200000] S=[122880->200000]
Apr 14 16:53:58 openvpn[31523]: UDP link local: (not bound)
Apr 14 16:53:58 openvpn[31523]: UDP link remote: [AF_INET]209.148.113.36:1194
Apr 14 16:53:58 openvpn[31523]: TLS: Initial packet from [AF_INET]209.148.113.36:1194, sid=d98a5363 7e580a6b
Apr 14 16:53:58 openvpn[31523]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 14 16:53:58 openvpn[31523]: VERIFY OK: depth=1, CN=OpenVPN CA
Apr 14 16:53:58 openvpn[31523]: VERIFY OK: nsCertType=SERVER
Apr 14 16:53:58 openvpn[31523]: VERIFY OK: depth=0, CN=OpenVPN Server
Apr 14 16:53:58 openvpn[31523]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
Apr 14 16:53:58 openvpn[31523]: [OpenVPN Server] Peer Connection Initiated with [AF_INET]209.148.113.36:1194
Apr 14 16:53:59 openvpn[31523]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Apr 14 16:53:59 openvpn[31523]: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 184.23.191.1,dhcp-option DNS 208.201.224.33,dhcp-option DNS 208.201.224.11,register-dns,block-ipv6,ifconfig 184.23.191.222 255.255.255.0'
Apr 14 16:53:59 openvpn[31523]: Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Apr 14 16:53:59 openvpn[31523]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
Apr 14 16:53:59 openvpn[31523]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
Apr 14 16:53:59 openvpn[31523]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
Apr 14 16:53:59 openvpn[31523]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.4.0)
Apr 14 16:53:59 openvpn[31523]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.4.0)
Apr 14 16:53:59 openvpn[31523]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 14 16:53:59 openvpn[31523]: OPTIONS IMPORT: explicit notify parm(s) modified
Apr 14 16:53:59 openvpn[31523]: OPTIONS IMPORT: compression parms modified
Apr 14 16:53:59 openvpn[31523]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 14 16:53:59 openvpn[31523]: OPTIONS IMPORT: route options modified
Apr 14 16:53:59 openvpn[31523]: OPTIONS IMPORT: route-related options modified
Apr 14 16:53:59 openvpn[31523]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 14 16:53:59 openvpn[31523]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:53:59 openvpn[31523]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:53:59 openvpn[31523]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Apr 14 16:53:59 openvpn[31523]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 14 16:53:59 openvpn[31523]: TUN/TAP device tun11 opened
Apr 14 16:53:59 openvpn[31523]: TUN/TAP TX queue length set to 100
Apr 14 16:53:59 openvpn[31523]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Apr 14 16:53:59 openvpn[31523]: /usr/sbin/ip link set dev tun11 up mtu 1500
Apr 14 16:53:59 openvpn[31523]: /usr/sbin/ip addr add dev tun11 184.23.191.222/24 broadcast 184.23.191.255
Apr 14 16:54:04 openvpn[31523]: /usr/sbin/ip route add 209.148.113.36/32 via 76.235.16.1
Apr 14 16:54:04 openvpn[31523]: /usr/sbin/ip route add 0.0.0.0/1 via 184.23.191.1
Apr 14 16:54:04 openvpn[31523]: /usr/sbin/ip route add 128.0.0.0/1 via 184.23.191.1
Apr 14 16:54:05 openvpn-routing: Skipping, client 1 not in routing policy mode
Apr 14 16:54:05 openvpn[31523]: Initialization Sequence Completed
drew.phillips wrote:Also, the Dynamic DNS lag might just mean you need to set the TTL much lower so if you do have frequent IP changes, the DNS will also not stay cached with stale entries. For DynDNS, a low TTL like 60 seconds to 600 seconds is good depending on your needs.
Does LEDE offer options for DynDNS in seconds rather than days?
Ultimately it seems as though I'm dealing with two problems that may be stemming from settings withing my router vs the VPN itself:
1. My VPN connection isn't staying connected for more than 8-9 minutes before temporarily disconnecting & refreshing the IP address
2. During the 8-9 minutes it's connected, I can't seem to connect to any of my services (SSH, Subsonic, etc) through the VPN-assigned IP while it's active
I think the first problem may be with my VPN settings, here's a couple snapshots:
The second problem may be with the port forwarding settings on my router looking for traffic coming from the WAN vs the VPN. I can't seem to find an obvious solution to this in Xwrt-Vortex, does LEDE offer the option to forward ports from the VPN
I've also considered setting up a pfsense box in-between my UVerse modem & my router to act as the VPN client, which would hopefully make things less confusing on my router. Though I'd rather exhaust my options with the router before spending the money.
Thank you both for your input, and sorry for the long follow-up. I appreciate any additional info you can provide.