ER8411 OpenVPN/SSL VPN Issue
About OpenVPN/SSL VPN issue.
Today is 6 months since I reported the VPN error, it still hasn't been fixed. Do you have any more information about what's going on? Is there anyone working on this?
Do you know if the ER707-M2 has the same VPN bug?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Clive_A
Clive_A wrote
I posted the 1.2.2 official release last Saturday. It is not a beta anymore. See the pinned post?
Ahhh great, thanks.. is this any different to the last beta do you know, I have downloaded both and they both have exactly the same file name, should i upgrade to the official release, or would the very last beta be the exact same?
- Copy Link
- Report Inappropriate Content
Hi @@Clive_A
Clive_A wrote
Hi @gskips
Thanks for posting in our business forum.
In addition, what's your WAN type? MTU and MSS?
Change the MTU and MSS to 1450 and 1350 correspondingly. As NordVPN provides 1500 and 1450. That could be a reason why it disconnects gradually.
I gave this a go yesterday, and sadly, i experienced the disconnection issues with the lowered MTU and MSS - definitely worth a go though, thanks
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Clive_A wrote
ER605 V2 does not disconnect at all or you did notice it?
I don't have much trust in third-party vendors as they have different rules on their end to restrict. One of the reasons we don't keep the latest OVPN version on the devices is that the encryption is already good enough and we advertise our products to connect with our servers mostly.Not deny that you can use a third-party router or server, yet we are more prone to advise you to use the recommended way as we have tested them
No the ER605 V2 did not have any dissconnect issues, just due to the hardware, it had VERY slow connection speeds, which is why I upgraded to the 8411
Clive_A wrote
No.
I'd point out that how you research this is not correct. If you track down "Internet Issues", you can data this back to 10 years ago. You got people having trouble with the DNS/Internet/(or maybe Windows activation or bootup) in 2024. Will that be a problem with the product itself? That's not how you think of a product.
For example, I don't experience a DNS problem when I host a DNS server because I optimize my DNS servers and local networks. During the optimization phase, I know what I did and I am capable of troubleshooting it. Clearly it is not a router's fault. It must be me not understanding the DNS settings and the way it works on the router. So, that's my lesson that when you try something not recommended for a product, you experience a problem, that still got possible errors you need to marginalize.
I didn't experience a burnt 4090 on my computer, at the very first when it came out, was it to be a design flaw? Not really. People did more tests and methodological tests and fond out it was not the issue with the card. But the power supply connection fault at the installation. During their test(before and after the board is manufactured I believe every product does the same), they did not notice a problem with the recommended power supply and cables. Only comes to be a problem at the user's hands.
Hard to say it is a problem with the router. Notice when MR.S proposed this, this was a year ago. Early than that, before 8411, we never recommended NordVPN. It was until someone mentioned that Nord would work on our products, that we actually quoted that user experience to others. Before that, I recalled that there was a time when Nord did not work out on our products at all.
8411 was experiencing this problem and we reported this way early. I cannot recall the MR.S ticket. I took care of his ticket and that was during the COVID time(?). We did not track down the reason.
I am asking the team to evaluate the necessity of looking into third-party VPN vendors.
I doubt if there is a way for our device to locate the reason. VPN log is not available yet.
Try a 2.3.8 OVPN software on your computer and capture the log to see if there is a disconnection problem on it. And one newer 2.4.3 as well.
Yes, I understand your examples but not too sure they are fair, we are not just talking a sweeping "internet issues", from what I can see, there have been people bringing up the VPN issue for some time, specifically OVPN and using as a client. I fully understand that there are many areas that could be causing the problems.. I'll try the versions you suggest on a computer to see if there are the same disconnect issues.
I see you say that you never recommended NordVPN, which I totally understand, but I guess there's an assumption that if the 8411 (and in fact other Omada routers) offer the facility to use as a client for OVPN, then you'd assume it would work, as mentioned the 605v2 worked well.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Clive_A wrote
Due to the regional issue, we are not able to use the NordVPN for tests. On my end, I have subscribed the NordVPN out of my pocket. I don't think I can make a connection at least I tried several different IPs I have.
Interesting, I have managed to make connection without fail with NordVPN... it's just maintaning it with UDP.
Also, of interest, following on from something MR.S I think mentioned. I have been trying NordVPN with a TCP OVPN connection and it's been solid. Running for a couple of days now, with no disconnection, and the 'up time' confirming. So OVPN definitely works as a client using TCP. The only downside is the TCP is running around 10% that of the UDP speeds... but I'd prefer a stable connection over speed, but hope, in the future that UDP will also become as stable, as the higher speeds is why I purchased the 8411 in the first place.
- Copy Link
- Report Inappropriate Content
gskips wrote
Hi @Clive_A
Clive_A wrote
Due to the regional issue, we are not able to use the NordVPN for tests. On my end, I have subscribed the NordVPN out of my pocket. I don't think I can make a connection at least I tried several different IPs I have.
Interesting, I have managed to make connection without fail with NordVPN... it's just maintaning it with UDP.
Also, of interest, following on from something MR.S I think mentioned. I have been trying NordVPN with a TCP OVPN connection and it's been solid. Running for a couple of days now, with no disconnection, and the 'up time' confirming. So OVPN definitely works as a client using TCP. The only downside is the TCP is running around 10% that of the UDP speeds... but I'd prefer a stable connection over speed, but hope, in the future that UDP will also become as stable, as the higher speeds is why I purchased the 8411 in the first place.
We are back to the core of the problem, UDP has been a problem with ER8411 from the very beginning, previously UDP did not work at all, now it works but is unstable. the speed that you say is terrible, for me it is 20 max 30 Mbps, when I compare with the ER706W which is a much weaker router, it is around 70-100Mbps against the same server and TCP.
- Copy Link
- Report Inappropriate Content
Hi @MR.S
MR.S wrote
We are back to the core of the problem, UDP has been a problem with ER8411 from the very beginning, previously UDP did not work at all, now it works but is unstable. the speed that you say is terrible, for me it is 20 max 30 Mbps, when I compare with the ER706W which is a much weaker router, it is around 70-100Mbps against the same server and TCP.
Interestingly, I found the speeds of UDP pretty good I was getting 300-400Mbps compared to 40-50Mbps with TCP (on a 500Mbs connection)...with the same server. So would be fab to use UDP if it became stable.
- Copy Link
- Report Inappropriate Content
Hi @gskips
Thanks for posting in our business forum.
gskips wrote
Hi @Clive_A
Clive_A wrote
Due to the regional issue, we are not able to use the NordVPN for tests. On my end, I have subscribed the NordVPN out of my pocket. I don't think I can make a connection at least I tried several different IPs I have.
Interesting, I have managed to make connection without fail with NordVPN... it's just maintaning it with UDP.
Also, of interest, following on from something MR.S I think mentioned. I have been trying NordVPN with a TCP OVPN connection and it's been solid. Running for a couple of days now, with no disconnection, and the 'up time' confirming. So OVPN definitely works as a client using TCP. The only downside is the TCP is running around 10% that of the UDP speeds... but I'd prefer a stable connection over speed, but hope, in the future that UDP will also become as stable, as the higher speeds is why I purchased the 8411 in the first place.
Do you mean that temporarily you are not experiencing a problem with the TCP?
Hmm, what do you mean by the first line managed to make a connection with UDP?
What's the status of the problem now?
We prefer to debug this further with a remote session. What do you think? If it is necessary, I will open a new ticket and arrange the remote matters.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A,
Clive_A wrote
Do you mean that temporarily you are not experiencing a problem with the TCP?
Hmm, what do you mean by the first line managed to make a connection with UDP?
What's the status of the problem now?
We prefer to debug this further with a remote session. What do you think? If it is necessary, I will open a new ticket and arrange the remote matters.
Yes, TCP, connected to NordVPN as a client, has been up and running for over 4 days now, without any drops in connection.
I have a 500Mbs down and 70Mbs up ISP connection, and when connected to Nord (via a european server for testing purposes) I am getting around 50Mbs down and 20Mbps up.
When I mentioned that I had managed to make a conncetion with UDP, I was referencing you when you said that you "dont' think you can make a connection" to NordVPN. I was just mentioning that I was able to make a sucessful connection to NordVPN with UDP, it's just very unstable, with the constant disconnects. Also just to say that when it was coneected with UDP I was geting speeds of 400Mbs down and 50Mbs up, so very acceptable.
So this is the status of the probelm now.... because of it's instability, UDP is sadly unusable, so I have switched to the lower speeds of TCP to gain the constant connection. But of course the speeds of UDP are more desireable and so if that was to ever become stable like the TCP is now, I'd love to switch.
Regarding a remote session, if you think it may be of use, it's a possibility. However, curently I am in need of my network constantly due to remote working, so downtime isn't too much of an option with regards to internet connectivity (separate to any VPN that is set up on my router). I have been having conversation on and off with supprt also, and they have requested simliar. My only question would be, is it necessary for remote session? I'd be really interested to see if a test 8411 your end is able to sustain a constant uninterrupted connection to, for eg: NordVPN via UDP, or if it suffers the same issues I (and others) have currently. This would perhaps indicate if it's my 8411 specifiacally, or if it is comon with all 8411s?
Thanks again.
- Copy Link
- Report Inappropriate Content
Hi @gskips
Thanks for posting in our business forum.
gskips wrote
Hi @Clive_A,
Clive_A wrote
Do you mean that temporarily you are not experiencing a problem with the TCP?
Hmm, what do you mean by the first line managed to make a connection with UDP?
What's the status of the problem now?
We prefer to debug this further with a remote session. What do you think? If it is necessary, I will open a new ticket and arrange the remote matters.
Yes, TCP, connected to NordVPN as a client, has been up and running for over 4 days now, without any drops in connection.
I have a 500Mbs down and 70Mbs up ISP connection, and when connected to Nord (via a european server for testing purposes) I am getting around 50Mbs down and 20Mbps up.
When I mentioned that I had managed to make a conncetion with UDP, I was referencing you when you said that you "dont' think you can make a connection" to NordVPN. I was just mentioning that I was able to make a sucessful connection to NordVPN with UDP, it's just very unstable, with the constant disconnects. Also just to say that when it was coneected with UDP I was geting speeds of 400Mbs down and 50Mbs up, so very acceptable.
So this is the status of the probelm now.... because of it's instability, UDP is sadly unusable, so I have switched to the lower speeds of TCP to gain the constant connection. But of course the speeds of UDP are more desireable and so if that was to ever become stable like the TCP is now, I'd love to switch.
Regarding a remote session, if you think it may be of use, it's a possibility. However, curently I am in need of my network constantly due to remote working, so downtime isn't too much of an option with regards to internet connectivity (separate to any VPN that is set up on my router). I have been having conversation on and off with supprt also, and they have requested simliar. My only question would be, is it necessary for remote session? I'd be really interested to see if a test 8411 your end is able to sustain a constant uninterrupted connection to, for eg: NordVPN via UDP, or if it suffers the same issues I (and others) have currently. This would perhaps indicate if it's my 8411 specifiacally, or if it is comon with all 8411s?
Thanks again.
If you have contacted the support team regarding this and with an existing case, I will stop following this up. Please reply to the email from the support team.
I would highly recommend you remote to debug this issue and it is necessary.
Here's why, let me iterate this we have NOT reproduced the issue with the UDP with the OVPN with two Omada routers. We have continuously failed to reproduce what's been reported on the forum in our test environment. We cannot pinpoint the reason and cause for this reported issue. We really need an environment where you can reproduce the issue so that we can debug what's wrong.
And this is why this case was long overdue and had no fixes.
- Copy Link
- Report Inappropriate Content
some updated info..
I have started preparing for omada ver. 5.15 and OpenVPN policy route, so I installed an ubuntu server and OpenVPN from pivpn, the server runs UDP, it's an old laptop that is the server but the speed is about 200-250 Mbps so it's not too bad, it's probably the server that's the brake ..
since Omada does not have policy route, I have added 112 push route to different networks on the pivpn server, all networks seem to work very well without me having time to test them all.
I haven't noticed any instabilities so far, but I'm early in the test, it's only been running for a few hours. but I'm impressed so far.
I have copied some files, tested hppt, and ssh, cisco asdm tool works as it should, the same does Winbox from Mikrotik.
what seems to be the problem now is TCP on OpenVPN, painfully slow, on my ER8411 the speed is only 30-40mbps on download even lower on upload. so there must be a mistake somewhere when using TCP
I will be run with this setup now and hope it stays as it is now until Policy route coming to Omada
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2931
Replies: 45
Voters 0
No one has voted for it yet.