Intermittent connectivity with PBR configured

I noticed intermittent connectivity issues after I configured policy based routing.
It’s RUTM11 running RUTM_R_00.07.08

I have two SSID’s each with own DHCP scope. PBR is configured to route traffic from one of the SSID via openVPN, the other SSID routes client traffic directly via 4g connection.

What is very strange is that the clients on VPN SSID would not be affected but only those accessing the internet directly.

I’m not familiar with CLI on those devices so I’m not able to gather more logs at this point but only those from the GUI.

in the event logs the

53 2024-07-25 20:30:30 Health checker DNS resolution restored
152 2024-07-25 20:30:27 Health checker IPv4 connectivity restored
151 2024-07-25 20:29:27 Health checker DNS resolution started to fail
150 2024-07-25 20:27:56 Health checker IPv4 connectivity started to fail

edit: more logs, not sure if I captured most relevant

Thu Jul 25 20:29:27 2024 kern.notice DNS resolution started to fail
Thu Jul 25 20:30:01 2024 daemon.notice openvpn(UK)[1581]: [uk2117.nordvpn-com] Inactivity timeout (–ping-restart), restarting
Thu Jul 25 20:30:01 2024 daemon.notice openvpn(UK)[1581]: SIGUSR1[soft,ping-restart] received, process restarting
Thu Jul 25 20:30:01 2024 daemon.notice openvpn(UK)[1581]: Restart pause, 1 second(s)
Thu Jul 25 20:30:02 2024 daemon.warn openvpn(UK)[1581]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Jul 25 20:30:02 2024 daemon.warn openvpn(UK)[1581]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: UDPv4 link local: (not bound)
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: UDPv4 link remote: [AF_INET]x.x.x.x 1194
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=05b5483f a5f7be04
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY KU OK
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Validating certificate extended key usage
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY EKU OK
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY OK: depth=0, CN=uk2117.nordvpn.com
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: [uk2117.nordvpn.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS t.t.t.t 100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway y.y.y.y ,topology subnet,ping 60,ping-restart 180,ifconfig y.y.y.y 255.255.255.0,peer-id 3,cipher AES-256-GCM’
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: --ifconfig/up options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: route options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: route-related options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Preserving previous TUN/TAP instance: tun_c_UK
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Initialization Sequence Completed
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Data Channel: cipher ‘AES-256-GCM’, peer-id: 3, compression: ‘stub’
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Timers: ping 60, ping-restart 180
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Protocol options: explicit-exit-notify 1
Thu Jul 25 20:30:27 2024 kern.notice IPv4 connectivity restored
Thu Jul 25 20:30:30 2024 kern.notice DNS resolution restored

Hello,

This seems like a basic mobile connection issue. Does it happen repeatedly, or at specific times? Do you lose your internet connection, or does the VPN continue to work without interruption?

Best regards,

Hi

Maybe I wasn’t clear above. The router has a single sim card installed and no other access to the internet.

Based on my observations which was working from a laptop all day that was utilising SSID that routes via VPN I haven’t experienced any issues.

On the other had clients connected to the SSID that route directly to the internet - no VPN, were experiencing intermitted connectivity.

I’m open to suggestion on how to troubleshoot this.

Many thanks

Hi,

It looks like the OpenVPN disconnects because of inactivity, which suggests it might be an issue with your mobile connection.

Can you let me know:

  • Does this happen often or only at certain times?
  • How many times has it happened?
  • How long does the internet connection drop each time?

Best regards,

This is strange as again I was connected to the VPN via my laptop all day and didn’t experience any issues.

  • It was happening through out the day, in fact it happens today as well.
  • I didn’t count the occurrences but again it was happening all day,
  • sorry I didn’t take notes of this

Would it be useful to get more logs?

Thanks

Hello,

Looks like determine the root cause of this issue, we’ll need the troubleshoot file. Since it contains private information, we’ll handle it on a separate platform. Instructions for accessing it have been sent to the email you registered for this forum.

Best regards,

I have filled out the form, should I be expecting an option to upload the config/logs? I didn’t see this

Many thanks

Hello,

You should receive an email with instructions on how to provide the troubleshoot file.

Best regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.