I noticed intermittent connectivity issues after I configured policy based routing.
It’s RUTM11 running RUTM_R_00.07.08
I have two SSID’s each with own DHCP scope. PBR is configured to route traffic from one of the SSID via openVPN, the other SSID routes client traffic directly via 4g connection.
What is very strange is that the clients on VPN SSID would not be affected but only those accessing the internet directly.
I’m not familiar with CLI on those devices so I’m not able to gather more logs at this point but only those from the GUI.
in the event logs the
53 | 2024-07-25 20:30:30 | Health checker | DNS resolution restored |
---|---|---|---|
152 | 2024-07-25 20:30:27 | Health checker | IPv4 connectivity restored |
151 | 2024-07-25 20:29:27 | Health checker | DNS resolution started to fail |
150 | 2024-07-25 20:27:56 | Health checker | IPv4 connectivity started to fail |
edit: more logs, not sure if I captured most relevant
Thu Jul 25 20:29:27 2024 kern.notice DNS resolution started to fail
Thu Jul 25 20:30:01 2024 daemon.notice openvpn(UK)[1581]: [uk2117.nordvpn-com] Inactivity timeout (–ping-restart), restarting
Thu Jul 25 20:30:01 2024 daemon.notice openvpn(UK)[1581]: SIGUSR1[soft,ping-restart] received, process restarting
Thu Jul 25 20:30:01 2024 daemon.notice openvpn(UK)[1581]: Restart pause, 1 second(s)
Thu Jul 25 20:30:02 2024 daemon.warn openvpn(UK)[1581]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Jul 25 20:30:02 2024 daemon.warn openvpn(UK)[1581]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: UDPv4 link local: (not bound)
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: UDPv4 link remote: [AF_INET]x.x.x.x 1194
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=05b5483f a5f7be04
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY OK: depth=1, O=NordVPN, CN=NordVPN CA9
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY KU OK
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Validating certificate extended key usage
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY EKU OK
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: VERIFY OK: depth=0, CN=uk2117.nordvpn.com
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: [uk2117.nordvpn.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS t.t.t.t 100,dhcp-option DNS 103.86.99.100,explicit-exit-notify,comp-lzo no,route-gateway y.y.y.y ,topology subnet,ping 60,ping-restart 180,ifconfig y.y.y.y 255.255.255.0,peer-id 3,cipher AES-256-GCM’
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: --ifconfig/up options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: route options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: route-related options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Preserving previous TUN/TAP instance: tun_c_UK
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Initialization Sequence Completed
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Data Channel: cipher ‘AES-256-GCM’, peer-id: 3, compression: ‘stub’
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Timers: ping 60, ping-restart 180
Thu Jul 25 20:30:02 2024 daemon.notice openvpn(UK)[1581]: Protocol options: explicit-exit-notify 1
Thu Jul 25 20:30:27 2024 kern.notice IPv4 connectivity restored
Thu Jul 25 20:30:30 2024 kern.notice DNS resolution restored