[solved] OpenVPN on ASUS causing IP/routing conflict

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
quarantinho
OpenVpn Newbie
Posts: 10
Joined: Mon Dec 28, 2020 7:35 pm

[solved] OpenVPN on ASUS causing IP/routing conflict

Post by quarantinho » Wed Dec 30, 2020 2:29 pm

Hey guys,

I posted this in the wrong forum before, I think it's better suited here:

So my dad has set up a VPN for me from his home and I'm able to connect via OpenVPN from my PC just fine. However, attempting to set up the VPN throuhg my ASUS router has not been working due to a "IP/routing conflict" which I can't seem to be able to resolve. Here's how everything is set up at home:

Cable Modem -> ASUS router (via WAN) -> PC (via Ethernet)

IPs:

Modem: 192.168.99.1
Router: 192.168.5.1
PC: 192.168.5.175

IPconfig (when connected via Windows PC)

Image

My dad's LAN assigns IPs in the 192.168.100.X range and I have tried several configurations at my place to change my LAN IPs, none of which have been able to resolve the conflict.

When connected to the VPN via the desktop client, I'm assigned this IP: 10.8.0.6

Here's the result, the exclamation marks reveals an "IP/routing conflict"

Image

I was advised to connect Cable Modem <-> Router via LAN instead of WAN and only enable DHCP on the Modem, however that didn't work either. Instead of getting the IP/routing conflict, it left me with this constant loading screen:

Image

Also, if I connect my router via LAN instead of WAN, I would have to put my router in Acess Point Mode as far as I understand but I can't access any VPN options in the ASUS interface if I do so. So I'm "forced" to put ASUS in router mode although it doesn't seem to make such sense to set up my home network that way:

Image

This is how my network would look like - the internet works fine but again, it doesn't solve the OpenVPN issue, just creates a new one.

Any ideas what I'm doing wrong?
Last edited by quarantinho on Wed Dec 30, 2020 7:31 pm, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by TinCanTech » Wed Dec 30, 2020 3:28 pm

Look in your openvpn log files.

quarantinho
OpenVpn Newbie
Posts: 10
Joined: Mon Dec 28, 2020 7:35 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by quarantinho » Wed Dec 30, 2020 3:34 pm

Ok, this should be it:

Code: Select all

Dec 30 16:26:59 acsd: eth2: NONACSD channel switching to channel spec: 0xd966 (104u)
Dec 30 16:35:14 rc_service: httpd 6575:notify_rc restart_vpncall
Dec 30 16:35:15 vpnclient5[7037]: event_wait : Interrupted system call (code=4)
Dec 30 16:35:15 vpnclient5[7037]: Closing TUN/TAP interface
Dec 30 16:35:15 vpnclient5[7037]: /sbin/ifconfig tun15 0.0.0.0
Dec 30 16:35:15 vpnclient5[7037]: /etc/openvpn/ovpn-down tun15 1500 1558 10.8.0.10 10.8.0.9 init
Dec 30 16:35:15 vpnclient5[7037]: SIGTERM[hard,] received, process exiting
Dec 30 16:35:41 rc_service: httpd 6575:notify_rc restart_vpncall
Dec 30 16:35:41 vpnclient5[9204]: OpenVPN 2.4.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun  9 2020
Dec 30 16:35:41 vpnclient5[9204]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.03
Dec 30 16:35:41 vpnclient5[9206]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 30 16:35:41 vpnclient5[9206]: TCP/UDP: Preserving recently used remote address: [AF_INET]93.137.141.15:1194
Dec 30 16:35:41 vpnclient5[9206]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Dec 30 16:35:41 vpnclient5[9206]: UDP link local: (not bound)
Dec 30 16:35:41 vpnclient5[9206]: UDP link remote: [AF_INET]93.177.145.15:1194
Dec 30 16:35:41 vpnclient5[9206]: TLS: Initial packet from [AF_INET]93.177.145.15:1194, sid=58d49b34 8466a76f
Dec 30 16:35:42 vpnclient5[9206]: VERIFY OK: depth=1, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:42 vpnclient5[9206]: VERIFY KU OK
Dec 30 16:35:42 vpnclient5[9206]: Validating certificate extended key usage
Dec 30 16:35:42 vpnclient5[9206]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 30 16:35:42 vpnclient5[9206]: VERIFY EKU OK
Dec 30 16:35:42 vpnclient5[9206]: VERIFY OK: depth=0, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=server, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:42 vpnclient5[9206]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Dec 30 16:35:42 vpnclient5[9206]: [server] Peer Connection Initiated with [AF_INET]93.137.141.15:1194
Dec 30 16:35:43 rc_service: httpd 6575:notify_rc restart_vpncall
Dec 30 16:35:43 vpnclient5[9206]: event_wait : Interrupted system call (code=4)
Dec 30 16:35:43 vpnclient5[9206]: SIGTERM[hard,] received, process exiting
Dec 30 16:35:45 vpnclient5[9273]: OpenVPN 2.4.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun  9 2020
Dec 30 16:35:45 vpnclient5[9273]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.03
Dec 30 16:35:45 vpnclient5[9275]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 30 16:35:45 vpnclient5[9275]: TCP/UDP: Preserving recently used remote address: [AF_INET]93.137.141.15:1194
Dec 30 16:35:45 vpnclient5[9275]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Dec 30 16:35:45 vpnclient5[9275]: UDP link local: (not bound)
Dec 30 16:35:45 vpnclient5[9275]: UDP link remote: [AF_INET]93.177.145.15:1194
Dec 30 16:35:45 vpnclient5[9275]: TLS: Initial packet from [AF_INET]93.177.145.15:1194, sid=957b3198 d060f5fd
Dec 30 16:35:46 vpnclient5[9275]: VERIFY OK: depth=1, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:46 vpnclient5[9275]: VERIFY KU OK
Dec 30 16:35:46 vpnclient5[9275]: Validating certificate extended key usage
Dec 30 16:35:46 vpnclient5[9275]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 30 16:35:46 vpnclient5[9275]: VERIFY EKU OK
Dec 30 16:35:46 vpnclient5[9275]: VERIFY OK: depth=0, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=server, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:46 vpnclient5[9275]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Dec 30 16:35:46 vpnclient5[9275]: [server] Peer Connection Initiated with [AF_INET]93.137.141.15:1194
Dec 30 16:35:47 vpnclient5[9275]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Dec 30 16:35:47 vpnclient5[9275]: PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,redirect-gateway def1,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,dhcp-option DNS 10.8.0.1,dhcp-option DNS 8.8.8.8,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.14 10.8.0.13'
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: route options modified
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 30 16:35:48 vpnclient5[9275]: Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 30 16:35:48 vpnclient5[9275]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 30 16:35:48 vpnclient5[9275]: Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 30 16:35:48 vpnclient5[9275]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 30 16:35:48 vpnclient5[9275]: TUN/TAP device tun15 opened
Dec 30 16:35:48 vpnclient5[9275]: TUN/TAP TX queue length set to 100
Dec 30 16:35:48 vpnclient5[9275]: /sbin/ifconfig tun15 10.8.0.14 pointopoint 10.8.0.13 mtu 1500
Dec 30 16:35:48 vpnclient5[9275]: /etc/openvpn/ovpn-up tun15 1500 1558 10.8.0.14 10.8.0.13 init
Dec 30 16:35:48 vpnclient5: WARNING: Replace default vpn gateway by using 0.0.0.0/1 and 128.0.0.0/1
Dec 30 16:35:48 vpnclient5[9275]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 30 16:35:48 vpnclient5[9275]: Initialization Sequence Completed
Last edited by quarantinho on Wed Dec 30, 2020 7:37 pm, edited 2 times in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by TinCanTech » Wed Dec 30, 2020 3:36 pm

quarantinho wrote:
Wed Dec 30, 2020 3:34 pm
Sorry if I'm misunderstanding but if I set up the connection via my router, I don't get any log files do I?
That would make your router fairly dumb .. and if true, I would report that as a bug to ASUS.

quarantinho
OpenVpn Newbie
Posts: 10
Joined: Mon Dec 28, 2020 7:35 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by quarantinho » Wed Dec 30, 2020 3:37 pm

fixed, see above.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by TinCanTech » Wed Dec 30, 2020 3:55 pm

Remove

Code: Select all

push "route 0.0.0.0 0.0.0.0"
from your server config.

quarantinho
OpenVpn Newbie
Posts: 10
Joined: Mon Dec 28, 2020 7:35 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by quarantinho » Wed Dec 30, 2020 4:10 pm

Ok, so what significance does that hold? Unfortunately it's not my own server config, my dad sent me this. Is there any way to fix them issue from my side or do I have to ask him to do changes?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OpenVPN on ASUS causing IP/routing conflict

Post by Pippin » Wed Dec 30, 2020 4:38 pm

You can possibly add

Code: Select all

pull-filter ignore "route 0.0.0.0 0.0.0.0"
to your client config.

See

Code: Select all

--pull-filter accept|ignore|reject text 
in manual 2.4:
https://community.openvpn.net/openvpn/w ... n24ManPage
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

quarantinho
OpenVpn Newbie
Posts: 10
Joined: Mon Dec 28, 2020 7:35 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by quarantinho » Wed Dec 30, 2020 5:12 pm

Image

Wow! That actually made the VPN enable in my router, but oddly enough, now my PC's traffic is not going through the VPN. I assume that I have to make some changes to the ASUS interface to ensure that all traffic is routed through the VPN now. Any pointers would be appreciated! I don't want to &nbsp; up what's already working :D

Apparently, from the server side we could add this:

Code: Select all

push "redirect-gateway def1"
Is there an aquivalent functionality from client side? Either through the ovpn config or my ASUS interface?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by TinCanTech » Wed Dec 30, 2020 7:14 pm

According to your previous log, you are already using --redirect-gateway def1
quarantinho wrote:
Wed Dec 30, 2020 3:34 pm
Dec 30 16:35:47 vpnclient5[9275]: PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,redirect-gateway def1,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,dhcp-option DNS 10.8.0.1,dhcp-option DNS 8.8.8.8,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.14 10.8.0.13'

quarantinho
OpenVpn Newbie
Posts: 10
Joined: Mon Dec 28, 2020 7:35 pm

Re: OpenVPN on ASUS causing IP/routing conflict

Post by quarantinho » Wed Dec 30, 2020 7:30 pm

OK - weird. Didn't work with the default ASUS firmware. I've flashed the router with Merlin and it seems to be up and running now so this thread can be treated as solved. Thansk for your help!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: [solved] OpenVPN on ASUS causing IP/routing conflict

Post by TinCanTech » Wed Dec 30, 2020 8:32 pm

quarantinho wrote:
Wed Dec 30, 2020 7:30 pm
Didn't work with the default ASUS firmware. I've flashed the router with Merlin and it seems to be up and running
Maybe flashing the Firmware reset a setting you previously set incorrectly...

Thanks for letting us know 8-)

quarantinho
OpenVpn Newbie
Posts: 10
Joined: Mon Dec 28, 2020 7:35 pm

Re: [solved] OpenVPN on ASUS causing IP/routing conflict

Post by quarantinho » Thu Dec 31, 2020 9:45 am

TinCanTech wrote:
Wed Dec 30, 2020 8:32 pm
quarantinho wrote:
Wed Dec 30, 2020 7:30 pm
Didn't work with the default ASUS firmware. I've flashed the router with Merlin and it seems to be up and running
Maybe flashing the Firmware reset a setting you previously set incorrectly...

Thanks for letting us know 8-)
Sure thing ;). I'd say it's a bit unlikely that it would have worked with the factory settings in the first place. In the process of setting everything up, I reset the router a couple of times so I did have some tries with the config as it is/was PLUS the factory settings of the router. So that's why it's kind of odd that it wasn't directing my PC's traffic through the tunnel.

Post Reply