Jump to content
terabyte

XR700 Hybrid VPN keeps crashing the router every 2-3 days

Recommended Posts

On 2/5/2019 at 6:46 PM, Netduma Fraser said:

So you never encounter this issue if VPN is completely disabled? Can you get the log when the issue occurs please if thats the case.

Yes, internet drops only when Hybrid VPN is enabled.

i sent the log the last time to another Admin (cant rem which one) but heard nothing since.

just gona abandon the Hybrid VPN for now.

Share this post


Link to post
Share on other sites

There we go. The VPN just crashed again and brought down the whole wifi network with it. I guess it happens because all wifi devices are set to use Hybrid VPN?

The error log in System Information is still the same as the ones I provided before here in this same topic's first post and in the PM I sent.

===

I just had a thought. The Hybrid VPN log was quite huge when I checked this morning (pages and pages of it). Could it be that it is somehow reaching some kind of limit and when that happens the whole thing comes down? Maybe trimming the log is all it would take. (Yeah, just dreaming, ignore me...)

Share this post


Link to post
Share on other sites
14 hours ago, terabyte said:

There we go. The VPN just crashed again and brought down the whole wifi network with it. I guess it happens because all wifi devices are set to use Hybrid VPN?

The error log in System Information is still the same as the ones I provided before here in this same topic's first post and in the PM I sent.

===

I just had a thought. The Hybrid VPN log was quite huge when I checked this morning (pages and pages of it). Could it be that it is somehow reaching some kind of limit and when that happens the whole thing comes down? Maybe trimming the log is all it would take. (Yeah, just dreaming, ignore me...)

i had been thinking the same thing, perhaps if next firmware has a toggle for disabling logging....? (like any other router)

Share this post


Link to post
Share on other sites
23 hours ago, terabyte said:

There we go. The VPN just crashed again and brought down the whole wifi network with it. I guess it happens because all wifi devices are set to use Hybrid VPN?

The error log in System Information is still the same as the ones I provided before here in this same topic's first post and in the PM I sent.

===

I just had a thought. The Hybrid VPN log was quite huge when I checked this morning (pages and pages of it). Could it be that it is somehow reaching some kind of limit and when that happens the whole thing comes down? Maybe trimming the log is all it would take. (Yeah, just dreaming, ignore me...)

Every device that you had added to VPN was via WiFi? So no ethernet devices were added and they did not go down? Do you have block traffic if VPN disconnects enabled? That's pretty interesting, could be on to something there potentially.

Share this post


Link to post
Share on other sites
45 minutes ago, Netduma Fraser said:

Every device that you had added to VPN was via WiFi? So no ethernet devices were added and they did not go down? Do you have block traffic if VPN disconnects enabled? That's pretty interesting, could be on to something there potentially.

I currently have 2 wired/ethernet devices. My desktop and my NAS. My desktop is excluded from VPN and kept working just fine. But the NAS (which is linked to the VPN) also couldn't connect to the internet anymore.

And yes, I currently have the option block traffic if VPN disconnects enabled right now. But I tested with it disabled before and nothing changed.

Share this post


Link to post
Share on other sites
44 minutes ago, Netduma Fraser said:

Okay so even with that disabled the VPN crashed and all devices under it still lost connection?

Yes, all devices set to use the VPN lost the internet connection instead of being re-routed to no-VPN (except my desktop which wasn't using the VPN from the start).

Share this post


Link to post
Share on other sites

I've had a similar experience with Hybrid VPN on my XR700, also with ProtonVPN (mostly using their UDP config for routers, but also confirmed with their TCP config for routers).  In an attempt to verify and pinpoint the issue, I reproduced it after resetting to factory settings (with official firmware 1.0.1.8), manually reapplying all of my settings, leaving the Hybrid VPN configuration for last.  Very soon after I enabled Hybrid VPN for the first time, some of my devices lost IPv4 connectivity, and all the rest followed likewise during the next several hours.  From the devices' standpoint, the symptoms indicated that the router's DHCP server was not responding to their requests, so they were falling back to auto-configured private (169.254/16) addresses.  From the router's standpoint, according to the logs, it was assigning leases when requested, without any noted issues.  This behavior continued even after disabling the Hybrid VPN, and likewise after disabling the (inbound) VPN service, Dynamic DNS, IPv6 routing, and all Wi-Fi antennas.  IPv6 connectivity was initially not affected, although eventually it went down too (for all devices at once) after I toggled various settings back and forth (I don't recall which ones).  I could not find any way to restore it, thus rendering the router completely non-functional.

Another factory reset restored all functionality and connectivity, and likewise after restoring the configuration from a backup snapshot created prior to setting up the Hybrid VPN.  Again I configured Hybrid VPN, and again it brought down DHCP and IPv4 connectivity over the course of several hours, remaining that way even after I disabled Hybrid VPN.  I left it this way for around 8 hours, during which I did not observe any further changes—DHCP and IPv4 connectivity were still broken, and IPv6 connectivity was still normal.  Note that I do not use DHCP for my IPv6 LAN.

Suspecting some sort of buggy caching behavior in the DHCP server, I changed my IPv4 LAN prefix (from 10.𝑥.0/24 to 10.𝑦.0/24).  Immediately, all devices regained IPv4 connectivity, obtaining DHCP leases without any issues.  Remarkably, this continued to be so even after I enabled the previously configured Hybrid VPN.  In the several hours since, I have not observed any further issues.  I have not yet tested the actual Hybrid VPN functionality; it is configured and connected, but it is not yet configured to service the traffic for any of my devices.  I'm hesitant to make any further changes to the router's configuration until this issue is diagnosed more thoroughly and we have either a permanent fix or at least a more complete description of the impact.

[TL;DR:] At least in my case, the particular issue appears to be that configuring a Hybrid VPN breaks the IPv4 DHCP server for the network prefix that is configured at the time.  Changing the IPv4 network prefix appears to be a complete and reliable workaround, assuming no further changes to the configuration.  [EDIT: This only helped temporarily.  See the next post in this thread.]

[EDIT] The specific VPN configuration I am using is ProtonVPN's UDP configuration for routers, routing through their Secure Core via Iceland and exiting in Canada.  Regarding alternative configurations, I have only reproduced this issue from scratch (i.e. from no Hybrid VPN setup, after a factory reset) using those choices.  However, I have confirmed that, after triggering the issue, reconfiguring the Hybrid VPN (not from scratch) to either use TCP (with all other choices as stated) or route through Germany via Iceland (with all other choices as stated) does not resolve the issue.  I have not done any testing with their single-hop (e.g. straight to Canada) configurations, nor with their Tor-routed configurations.  In case it's relevant: I am using a ProtonVPN Plus subscription.

Edited by nisavid
Noting that the apparent workaround didn't work after all

Share this post


Link to post
Share on other sites

Regarding the above-mentioned workaround: I spoke too soon.  After working without any apparent issues for several hours, the router abruptly resumed its previous broken behavior (no DHCP for IPv4).  As before, disabling Hybrid VPN (and rebooting) did not fix it.  I saved a backup snapshot of my configuration and reset to factory settings.  After restoring the backed-up settings, I noticed that although some settings (e.g. LAN prefix, Wi-Fi SSID, Wi-Fi password) were restored, others (e.g. custom device names, dashboard layout) were not.  I restored from the same snapshot a second time, which successfully restored all of my settings.  (I mention this not only because it's a significant bug, but also because this is the second time I've seen it while troubleshooting this issue, so perhaps the underlying causes are somehow related.)  More to the point, IPv4 DHCP functionality was also restored.  I left it this way for 24 hours to affirm that this wasn't another ephemeral fix, and indeed, I did not observe any further incidents.

For now, I am concluding that Hybrid VPN should be avoided altogether until Netduma releases a fix.  A pity, because this is one of the features that excited me about this router, as it's (to my knowledge) the first of its kind.  Perhaps it will inspire a similar feature—that is, selective routing to an outbound VPN, without requiring any manual setup of VLANs or iptables rules—among the open source router firmware projects.  It's a good idea.

Share this post


Link to post
Share on other sites

Hi Nisavid - thanks for joining the forum and for your detailed write up, really appreciate you taking the time helping us. I can't say when an update will be released, by I can assure you we're looking into improvements for Hybrid VPN and any/all user feedback is very helpful.

Thanks again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×