Vypr VPN Auto-Reconnect and Fixes for Tomato Router Issues After an Upgrade

Vypr VPN Auto-Reconnect and Fixes for Tomato Router Issues After an Upgrade

This post records two small issues related to VyprVPN and Tomato routers: first, how to make the router automatically reconnect after the VPN drops; second, what to check when the VPN client suddenly stops working after upgrading Tomato firmware.

1. Let VyprVPN Reconnect Automatically

On Tomato's OpenVPN Client page, you can usually start by confirming these basics:

  1. Enable Start with WAN.
  2. Make sure Interface Type, Protocol, server address, port, and certificate settings match VyprVPN's official configuration.
  3. Make sure the router time is correct, otherwise certificate verification may fail.
  4. Make sure the DNS settings work, to avoid a situation where the connection succeeds but domain names cannot be resolved.

If the VPN only drops occasionally, you can add a periodic check script under Tomato's Administration -> Scheduler. The idea is simple: check whether the VPN interface exists, or check whether a specific site can be reached through the VPN; if the check fails, restart the OpenVPN client.

Here is an example script. Adjust vpnclient1 according to your own client number:

#!/bin/sh

VPN_SERVICE="vpnclient1"
TEST_HOST="8.8.8.8"

if ! ping -c 3 -W 3 "$TEST_HOST" >/dev/null 2>&1; then
  logger -t vyprvpn-watchdog "VPN check failed, restarting $VPN_SERVICE"
  service "$VPN_SERVICE" restart
fi

You can run it every 5 to 10 minutes. Do not set the interval too short, otherwise brief network fluctuations may cause the VPN to restart frequently and make things worse.

If you want to confirm that traffic is really going through the VPN, do not rely only on pinging a public DNS server. A more reliable approach is to check the outbound IP, or ping an address that should only route out through the VPN. Commands vary slightly between Tomato branches, so it is best to SSH into the router and run the command manually once before putting it into Scheduler.

2. Troubleshooting After Tomato Stops Working Following an Upgrade

After a Tomato upgrade, when the OpenVPN client no longer works, the common cause is usually not that the VyprVPN account itself has expired, but that the old configuration is incompatible with the new firmware's OpenVPN version, encryption parameters, or NVRAM configuration.

You can handle it in the following order.

1. Check the Logs

First go to Status -> Logs, or check the system log through SSH:

logread | grep -i openvpn

Pay particular attention to these messages:

  • certificate, time, and TLS handshake errors;
  • encryption parameter errors involving cipher, auth, ncp, data-ciphers, and similar options;
  • DNS resolution failures;
  • username and password authentication failures;
  • routing table failures or tun/tap interface creation failures.

The first clear error in the log is usually more important than the retry messages that follow.

2. Update the VyprVPN Configuration

After upgrading firmware, it is better not to keep using a .ovpn configuration from many years ago unchanged. Go to the VyprVPN dashboard or official help page, download a current OpenVPN configuration file, and then fill in the Tomato page item by item based on that file.

Pay special attention to:

  • whether the server address and port are still valid;
  • whether UDP or TCP is being used;
  • whether the certificate content has been copied completely;
  • whether the username and password are still saved in the correct place;
  • whether parameters such as cipher and auth are accepted by the newer OpenVPN version.

If an encryption parameter reports an error in the new firmware, do not blindly delete all advanced options. First use the log to confirm exactly which item is incompatible, then adjust it according to the current configuration file.

3. Clear the Old Configuration and Re-enter It

If the page configuration looks normal after the upgrade but the connection keeps failing, you can try clearing the corresponding OpenVPN Client page, saving, restarting the router, and then entering the configuration again.

A more thorough approach is to back up the configuration, clear NVRAM, and then manually configure everything again. This operation will wipe the router settings, so before doing it, make sure you can restore basic settings such as WAN, Wi-Fi, and the admin password.

4. Check Routing and DNS

When the VPN shows as connected but websites will not open, routing and DNS are usually the things to check:

ifconfig
route -n
cat /etc/resolv.conf

Confirm whether a tun interface appears, whether the default route is taken over by the VPN, and whether DNS can resolve domains. If you only want part of the traffic to go through the VPN, you also need to check whether the policy routing rules still apply to the upgraded firmware.

5. The Final Restart Script

After confirming that the configuration itself is fine, then enable the auto-reconnect script. Auto-reconnect can only handle "occasional drops"; it cannot fix "configuration errors." If the configuration itself is incompatible, the script will only keep restarting OpenVPN, and the logs will become increasingly messy.

A practical order of operations is:

  1. Connect manually once first, and confirm that there are no configuration errors in the log.
  2. Then test manual reconnection after a drop.
  3. Only then add the automatic check in Scheduler.

After handling it this way, VyprVPN on Tomato can usually be restored to its pre-upgrade working state.