[solved] OpenVPN on ASUS causing IP/routing conflict
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 28, 2020 7:35 pm
[solved] OpenVPN on ASUS causing IP/routing conflict
Hey guys,
I posted this in the wrong forum before, I think it's better suited here:
So my dad has set up a VPN for me from his home and I'm able to connect via OpenVPN from my PC just fine. However, attempting to set up the VPN throuhg my ASUS router has not been working due to a "IP/routing conflict" which I can't seem to be able to resolve. Here's how everything is set up at home:
Cable Modem -> ASUS router (via WAN) -> PC (via Ethernet)
IPs:
Modem: 192.168.99.1
Router: 192.168.5.1
PC: 192.168.5.175
IPconfig (when connected via Windows PC)
My dad's LAN assigns IPs in the 192.168.100.X range and I have tried several configurations at my place to change my LAN IPs, none of which have been able to resolve the conflict.
When connected to the VPN via the desktop client, I'm assigned this IP: 10.8.0.6
Here's the result, the exclamation marks reveals an "IP/routing conflict"
I was advised to connect Cable Modem <-> Router via LAN instead of WAN and only enable DHCP on the Modem, however that didn't work either. Instead of getting the IP/routing conflict, it left me with this constant loading screen:
Also, if I connect my router via LAN instead of WAN, I would have to put my router in Acess Point Mode as far as I understand but I can't access any VPN options in the ASUS interface if I do so. So I'm "forced" to put ASUS in router mode although it doesn't seem to make such sense to set up my home network that way:
This is how my network would look like - the internet works fine but again, it doesn't solve the OpenVPN issue, just creates a new one.
Any ideas what I'm doing wrong?
I posted this in the wrong forum before, I think it's better suited here:
So my dad has set up a VPN for me from his home and I'm able to connect via OpenVPN from my PC just fine. However, attempting to set up the VPN throuhg my ASUS router has not been working due to a "IP/routing conflict" which I can't seem to be able to resolve. Here's how everything is set up at home:
Cable Modem -> ASUS router (via WAN) -> PC (via Ethernet)
IPs:
Modem: 192.168.99.1
Router: 192.168.5.1
PC: 192.168.5.175
IPconfig (when connected via Windows PC)
My dad's LAN assigns IPs in the 192.168.100.X range and I have tried several configurations at my place to change my LAN IPs, none of which have been able to resolve the conflict.
When connected to the VPN via the desktop client, I'm assigned this IP: 10.8.0.6
Here's the result, the exclamation marks reveals an "IP/routing conflict"
I was advised to connect Cable Modem <-> Router via LAN instead of WAN and only enable DHCP on the Modem, however that didn't work either. Instead of getting the IP/routing conflict, it left me with this constant loading screen:
Also, if I connect my router via LAN instead of WAN, I would have to put my router in Acess Point Mode as far as I understand but I can't access any VPN options in the ASUS interface if I do so. So I'm "forced" to put ASUS in router mode although it doesn't seem to make such sense to set up my home network that way:
This is how my network would look like - the internet works fine but again, it doesn't solve the OpenVPN issue, just creates a new one.
Any ideas what I'm doing wrong?
Last edited by quarantinho on Wed Dec 30, 2020 7:31 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN on ASUS causing IP/routing conflict
Look in your openvpn log files.
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 28, 2020 7:35 pm
Re: OpenVPN on ASUS causing IP/routing conflict
Ok, this should be it:
Code: Select all
Dec 30 16:26:59 acsd: eth2: NONACSD channel switching to channel spec: 0xd966 (104u)
Dec 30 16:35:14 rc_service: httpd 6575:notify_rc restart_vpncall
Dec 30 16:35:15 vpnclient5[7037]: event_wait : Interrupted system call (code=4)
Dec 30 16:35:15 vpnclient5[7037]: Closing TUN/TAP interface
Dec 30 16:35:15 vpnclient5[7037]: /sbin/ifconfig tun15 0.0.0.0
Dec 30 16:35:15 vpnclient5[7037]: /etc/openvpn/ovpn-down tun15 1500 1558 10.8.0.10 10.8.0.9 init
Dec 30 16:35:15 vpnclient5[7037]: SIGTERM[hard,] received, process exiting
Dec 30 16:35:41 rc_service: httpd 6575:notify_rc restart_vpncall
Dec 30 16:35:41 vpnclient5[9204]: OpenVPN 2.4.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 9 2020
Dec 30 16:35:41 vpnclient5[9204]: library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.03
Dec 30 16:35:41 vpnclient5[9206]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 30 16:35:41 vpnclient5[9206]: TCP/UDP: Preserving recently used remote address: [AF_INET]93.137.141.15:1194
Dec 30 16:35:41 vpnclient5[9206]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Dec 30 16:35:41 vpnclient5[9206]: UDP link local: (not bound)
Dec 30 16:35:41 vpnclient5[9206]: UDP link remote: [AF_INET]93.177.145.15:1194
Dec 30 16:35:41 vpnclient5[9206]: TLS: Initial packet from [AF_INET]93.177.145.15:1194, sid=58d49b34 8466a76f
Dec 30 16:35:42 vpnclient5[9206]: VERIFY OK: depth=1, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:42 vpnclient5[9206]: VERIFY KU OK
Dec 30 16:35:42 vpnclient5[9206]: Validating certificate extended key usage
Dec 30 16:35:42 vpnclient5[9206]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 30 16:35:42 vpnclient5[9206]: VERIFY EKU OK
Dec 30 16:35:42 vpnclient5[9206]: VERIFY OK: depth=0, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=server, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:42 vpnclient5[9206]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Dec 30 16:35:42 vpnclient5[9206]: [server] Peer Connection Initiated with [AF_INET]93.137.141.15:1194
Dec 30 16:35:43 rc_service: httpd 6575:notify_rc restart_vpncall
Dec 30 16:35:43 vpnclient5[9206]: event_wait : Interrupted system call (code=4)
Dec 30 16:35:43 vpnclient5[9206]: SIGTERM[hard,] received, process exiting
Dec 30 16:35:45 vpnclient5[9273]: OpenVPN 2.4.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 9 2020
Dec 30 16:35:45 vpnclient5[9273]: library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.03
Dec 30 16:35:45 vpnclient5[9275]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 30 16:35:45 vpnclient5[9275]: TCP/UDP: Preserving recently used remote address: [AF_INET]93.137.141.15:1194
Dec 30 16:35:45 vpnclient5[9275]: Socket Buffers: R=[118784->118784] S=[118784->118784]
Dec 30 16:35:45 vpnclient5[9275]: UDP link local: (not bound)
Dec 30 16:35:45 vpnclient5[9275]: UDP link remote: [AF_INET]93.177.145.15:1194
Dec 30 16:35:45 vpnclient5[9275]: TLS: Initial packet from [AF_INET]93.177.145.15:1194, sid=957b3198 d060f5fd
Dec 30 16:35:46 vpnclient5[9275]: VERIFY OK: depth=1, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=TP-Link CA, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:46 vpnclient5[9275]: VERIFY KU OK
Dec 30 16:35:46 vpnclient5[9275]: Validating certificate extended key usage
Dec 30 16:35:46 vpnclient5[9275]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 30 16:35:46 vpnclient5[9275]: VERIFY EKU OK
Dec 30 16:35:46 vpnclient5[9275]: VERIFY OK: depth=0, C=CN, ST=GD, L=ShenZhen, O=TP-Link, OU=SOHO-I18N, CN=server, name=EasyRSA, emailAddress=xxxx@xxxx
Dec 30 16:35:46 vpnclient5[9275]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Dec 30 16:35:46 vpnclient5[9275]: [server] Peer Connection Initiated with [AF_INET]93.137.141.15:1194
Dec 30 16:35:47 vpnclient5[9275]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Dec 30 16:35:47 vpnclient5[9275]: PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,redirect-gateway def1,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,dhcp-option DNS 10.8.0.1,dhcp-option DNS 8.8.8.8,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.14 10.8.0.13'
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: route options modified
Dec 30 16:35:48 vpnclient5[9275]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 30 16:35:48 vpnclient5[9275]: Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 30 16:35:48 vpnclient5[9275]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 30 16:35:48 vpnclient5[9275]: Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 30 16:35:48 vpnclient5[9275]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 30 16:35:48 vpnclient5[9275]: TUN/TAP device tun15 opened
Dec 30 16:35:48 vpnclient5[9275]: TUN/TAP TX queue length set to 100
Dec 30 16:35:48 vpnclient5[9275]: /sbin/ifconfig tun15 10.8.0.14 pointopoint 10.8.0.13 mtu 1500
Dec 30 16:35:48 vpnclient5[9275]: /etc/openvpn/ovpn-up tun15 1500 1558 10.8.0.14 10.8.0.13 init
Dec 30 16:35:48 vpnclient5: WARNING: Replace default vpn gateway by using 0.0.0.0/1 and 128.0.0.0/1
Dec 30 16:35:48 vpnclient5[9275]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 30 16:35:48 vpnclient5[9275]: Initialization Sequence Completed
Last edited by quarantinho on Wed Dec 30, 2020 7:37 pm, edited 2 times in total.
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN on ASUS causing IP/routing conflict
That would make your router fairly dumb .. and if true, I would report that as a bug to ASUS.quarantinho wrote: ↑Wed Dec 30, 2020 3:34 pmSorry if I'm misunderstanding but if I set up the connection via my router, I don't get any log files do I?
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 28, 2020 7:35 pm
Re: OpenVPN on ASUS causing IP/routing conflict
fixed, see above.
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN on ASUS causing IP/routing conflict
Remove from your server config.
Code: Select all
push "route 0.0.0.0 0.0.0.0"
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 28, 2020 7:35 pm
Re: OpenVPN on ASUS causing IP/routing conflict
Ok, so what significance does that hold? Unfortunately it's not my own server config, my dad sent me this. Is there any way to fix them issue from my side or do I have to ask him to do changes?
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: OpenVPN on ASUS causing IP/routing conflict
You can possibly add
to your client config.
See
in manual 2.4:
https://community.openvpn.net/openvpn/w ... n24ManPage
Code: Select all
pull-filter ignore "route 0.0.0.0 0.0.0.0"
See
Code: Select all
--pull-filter accept|ignore|reject text
https://community.openvpn.net/openvpn/w ... n24ManPage
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 28, 2020 7:35 pm
Re: OpenVPN on ASUS causing IP/routing conflict
Wow! That actually made the VPN enable in my router, but oddly enough, now my PC's traffic is not going through the VPN. I assume that I have to make some changes to the ASUS interface to ensure that all traffic is routed through the VPN now. Any pointers would be appreciated! I don't want to up what's already working
Apparently, from the server side we could add this:
Code: Select all
push "redirect-gateway def1"
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN on ASUS causing IP/routing conflict
According to your previous log, you are already using --redirect-gateway def1
quarantinho wrote: ↑Wed Dec 30, 2020 3:34 pmDec 30 16:35:47 vpnclient5[9275]: PUSH: Received control message: 'PUSH_REPLY,route 0.0.0.0 0.0.0.0,redirect-gateway def1,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,dhcp-option DNS 10.8.0.1,dhcp-option DNS 8.8.8.8,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.14 10.8.0.13'
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 28, 2020 7:35 pm
Re: OpenVPN on ASUS causing IP/routing conflict
OK - weird. Didn't work with the default ASUS firmware. I've flashed the router with Merlin and it seems to be up and running now so this thread can be treated as solved. Thansk for your help!
-
- OpenVPN Protagonist
- Posts: 11138
- Joined: Fri Jun 03, 2016 1:17 pm
Re: [solved] OpenVPN on ASUS causing IP/routing conflict
Maybe flashing the Firmware reset a setting you previously set incorrectly...quarantinho wrote: ↑Wed Dec 30, 2020 7:30 pmDidn't work with the default ASUS firmware. I've flashed the router with Merlin and it seems to be up and running
Thanks for letting us know
-
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 28, 2020 7:35 pm
Re: [solved] OpenVPN on ASUS causing IP/routing conflict
Sure thing . I'd say it's a bit unlikely that it would have worked with the factory settings in the first place. In the process of setting everything up, I reset the router a couple of times so I did have some tries with the config as it is/was PLUS the factory settings of the router. So that's why it's kind of odd that it wasn't directing my PC's traffic through the tunnel.TinCanTech wrote: ↑Wed Dec 30, 2020 8:32 pmMaybe flashing the Firmware reset a setting you previously set incorrectly...quarantinho wrote: ↑Wed Dec 30, 2020 7:30 pmDidn't work with the default ASUS firmware. I've flashed the router with Merlin and it seems to be up and running
Thanks for letting us know
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Aug 04, 2024 2:36 pm
Re: [solved] OpenVPN on ASUS causing IP/routing conflict
This made me crazy for days. I tried everything and nothing would get rid of the red "connection failed ip/routing conflict" on my Asus RT-AX86U Router. The solution for me was to turn OFF the OpenVPN server I had running in the VPN Server tab. Hope it is as simple a solution for you!