I have an OpenVPN system running from a Synology NAS that has worked perfectly until yesterday. I upgraded the firmware on the 2962 router to version 4.3.2.7 and all appeared to be OK.

However, I got a call from a user on Saturday evening to say that the VPN was down. I connected to the NAS and checked the VPN log and I can see that the same user connected on Saturday morning so I know that it was working then. The only change is to the router firmware so I have to assume that this is related to the problem. I checked my own VPN connection and it has the same problem. It reports that it is waiting for the server so it looks like the VPN packets are not getting to the NAS. I'm going into the office later as I don't want to get more messages about the VPN being down on Monday.

For now I'm just flagging up that this problem has occurred and I will update when I have been in and had a chance to try a few things. Perhaps I need to roll back to 4.3.2.6 but other things to try first.

A quick update after my visit to the office on Sunday afternoon.

I had a spare router as supplied by our ISP, a TP-Link device, that has never been used so I decided to give that a try first just to see if it was the 2962 or the NAS that was the root cause of the problem. Configured the TP-Link and got a remote user to test the VPN and it worked. Took the TP-Link back out and reconnected the 2962 and it worked...

I had turned the 2962 off when I reconfigured the connections in the comms cabinet and I'm guessing that power cycle cleared out a temporary corruption following the firmware update and reboot of the router. I have never had a problem before with a firmware upgrade on the Draytek devices, and I have done plenty of them, and I was not in the habit of power cycling them after an upgrade. I will be from now on. I have seen from other posts that firmware issues have been creeping in and I really hope that Draytek get a handle on this as I would prefer not to find another supplier.

It looked like a firewall rule would probably be the culprit as only the VPN traffic was blocked. I'm never happy when I can't pinpoint the root cause of any problem but the VPN is operational again so I should not have a difficult Monday morning after all. If it stays up all week I might even relax a bit more and put this one down as one of those odd-ball events. If you are updating a 2962 to the latest firmware my advice is to power cycle the thing and then see if it is fully functioning.

Ironically, I am in the process of testing the router based WireGuard VPN and that never stopped working. I really must get that project completed and rolled out to my users as it is meant to be a backup just in case we have problems with the OpenVPN system.

I always have IPsec setup as well on the Router itself even if using an internal VPN. Incredibility reliable and fully tested over the years.

I would presume something in Port forward/FW was messed up.