Ip route conflict

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Final9mare
OpenVpn Newbie
Posts: 7
Joined: Sat Mar 11, 2017 11:43 pm

Ip route conflict

Post by Final9mare » Sun Mar 12, 2017 9:22 am

Im not sure why i am getting an ip route conflict when I connect my router to the openvpn

Code: Select all

Mar 11 21:20:10 openvpn[6933]: TUN/TAP device tun15 opened
Mar 11 21:20:10 openvpn[6933]: TUN/TAP TX queue length set to 100
Mar 11 21:20:10 openvpn[6933]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 11 21:20:10 openvpn[6933]: /sbin/ifconfig tun15 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 192.168.1.0 255.255.255.0
Mar 11 21:20:10 openvpn[6933]: Initialization Sequence Completed
my server conf:

Code: Select all

port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#push "redirect-gateway def1 bypass-dhcp"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
client-to-client
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
client-config-dir /etc/openvpn/ccd

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ip route conflict

Post by TinCanTech » Sun Mar 12, 2017 12:26 pm

Final9mare wrote:Mar 11 21:20:10 openvpn[6933]: /sbin/ifconfig tun15 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
It looks like you are running more than one instance of openvpn ..
Final9mare wrote:Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 192.168.1.0 255.255.255.0
Your server does not need to be configured with the route for its LAN .. it's already done.

Also,
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN :!:
  • You are advised to change your server LAN to a more unique RFC1918 compliant subnet.
    For example: 192.168.143.0/24
Out of curiosity, what version of openvpn is that ?

Final9mare
OpenVpn Newbie
Posts: 7
Joined: Sat Mar 11, 2017 11:43 pm

Re: Ip route conflict

Post by Final9mare » Sun Mar 12, 2017 9:49 pm

I understand that using the common subnet is a problem but I am just testing it before I deploy it. I did not know the server routed the LAN automatically. I am still not able to access the LAN from my phone though. The documentation I was reading said I needed to do this. I am at a loss.

The Version is this

Code: Select all

 OpenVPN 2.3.11 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2016
library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ip route conflict

Post by TinCanTech » Sun Mar 12, 2017 11:54 pm

Final9mare wrote: I did not know the server routed the LAN automatically
It does not .. please read this:
HOWTO: Expanding the scope of the VPN to include additional machines

Note, the server LAN is handled by the server network stack ..

This message:
Final9mare wrote:Mar 11 21:20:10 openvpn[6933]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
does not appear in the openvpn 2.3.11 source code, so I am guessing it is something to do with your router.

It also, very likely, means you are running two openvpns with that same subnet.

Final9mare
OpenVpn Newbie
Posts: 7
Joined: Sat Mar 11, 2017 11:43 pm

Re: Ip route conflict

Post by Final9mare » Mon Mar 13, 2017 1:05 am

Are you suggesting im running two openvpns on my VPS side?

Final9mare
OpenVpn Newbie
Posts: 7
Joined: Sat Mar 11, 2017 11:43 pm

Re: Ip route conflict

Post by Final9mare » Mon Mar 13, 2017 1:15 am

Okay I understand, I am not routing any LAN on the server side so i don't need the first part of that HOWTO. However I am trying to include the subnet on the client side. I created the ccd file and did the

Code: Select all

 iroute 192.168.1.0 255.255.255.0
and then I add to the server conf

Code: Select all

route 192.168.1.0 255.255.255.0
and then I also add

Code: Select all

client-to-client
push "route 192.168.1.0 255.255.255.0"
What am I doing wrong? that is not letting my other client which is a phone access the LAN?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ip route conflict

Post by TinCanTech » Mon Mar 13, 2017 1:26 am

Stop using 192.168.1.0/24 everywhere :geek:

Final9mare
OpenVpn Newbie
Posts: 7
Joined: Sat Mar 11, 2017 11:43 pm

Re: Ip route conflict

Post by Final9mare » Mon Mar 13, 2017 1:39 am

I am just following the https://openvpn.net/index.php/open-sour ... html#scope instructions for client :(

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ip route conflict

Post by TinCanTech » Mon Mar 13, 2017 1:49 am

I think you need to learn about routing and so : tincanteksup <at> gmail

If anybody else wants to step in here .. please do.

Post Reply