Menu
What's new
By:
Filters Better Search

Asus rt-n66u: strange route issue after enable openvpn

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

johnqhu

Occasional Visitor
I bought a rt-n66u and installed Merlin 378.55 firmware. Then I enabled the openvpn server1. After the vpn server is enabled. I found I can't access some website. Such as 14.17.32.229.

I checked the route table. It's

admin@RT-N66U-6BA0:/tmp/home/root# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
171.214.206.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 br0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
8.0.0.0 * 248.0.0.0 U 0 0 0 tun21
default 171.214.206.1 0.0.0.0 UG 0 0 0 ppp0
default 192.168.1.1 0.0.0.0 UG 1 0 0 eth0

I think it's "8.0.0.0/248.0.0.0" of the vpn interface that make me can't access 14.17.32.229.

Then I disabled the vpn server and the "8.0.0.0/248.0.0.0" rule gone and everything is OK.

I use static key for openvpn.
# Automatically generated configuration
daemon
topology subnet
ifconfig 10.10.0.1 10.10.0.2
proto udp
rcvbuf 0
sndbuf 0
port 34568
dev tun22
comp-lzo adaptive
keepalive 15 60
verb 3
secret static.key
status-version 2
status status

# Custom Configuration
The vpn server itself works well.


So how can I fix the route issue? I need the vpn server. Thanks!
 
8.0.0.0/5 does include that ip. So i'd guess that route is your issue.... but I have no idea why its there. I dont get odd routes with both my vpns started.
 
Calisro said:
8.0.0.0/5 does include that ip. So i'd guess that route is your issue.... but I have no idea why its there. I dont get odd routes with both my vpns started.
Click to expand...
I doubt there should be no "topology subnet" because I use static key.
 
john9527 said:
Did you accidentally edit the VPN subnet field in the setup page? The default is 10.8.0.0
Click to expand...

I did edit the VPN sbunet. For static key, the default is 10.8.0.1 and 10.8.0.2. I changed it to 10.10.0.1 and 10.10.0.2. I think it should be OK.

And today I find if I change the IP address, the route desitination and mask will change. And if I change to the default 10.8.0.1 and 10.8.0.2, something more weird happen.

With default 10.8.0.1 and 10.8.0.2, there is no strange route in the route table anymore. But when trying to connect, there is warning.

At server side
WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.8.0.0 10.8.0.2', remote='ifconfig 10.8.0.1 10.8.0.2'
At client side
WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.8.0.2 10.8.0.1', remote='ifconfig 10.8.0.0 10.8.0.2'

But I checked the server and client config, it's no problem.

server: ifconfig 10.8.0.1 10.8.0.2
client: ifconfig 10.8.0.2 10.8.0.1

And because of the warnings, the connection can't be established successfully. You even can't ping.

So if I use default 10.8.0.1/2, the vpn connection can't be established. And if I use other ip address, there is strange route issue and I can't access some website which is affected by that route.

Hope someone can help me to fix it.
 
Hi Guys,

Finally I fixed this problem today.

The problem is there should be no "topology subnet" statement in the server config file. Just remove it and everything is OK. Now the route is:

10.100.0.2 * 255.255.255.255 UH 0 0 0 tun21

The mask is 255.255.255.255 now. Whatever IP address you use.

To remove the "topology subnet" permanently, some steps need to be done.

1. Enable JFFS custom scripts and configs. It's in web UI, Administration->System.
2. Copy the original server config file to JFFS partion. I put it just at /jffs/scripts/config.opvn. Then edit it and delete the line "topology subnet".
3. Create file openvpnserver1.postconf. Change mode to 777. Then edit it and add

#!/bin/sh

cp /jffs/scripts/config.ovpn /tmp/etc/openvpn/server1/config.ovpn

4. Restart openvpn server from web UI and everything is OK.
 
You must log in or register to reply here.

Similar threads

CaptnDanLKW
Simple Route Add Command
Replies
9
Views
588
ColinTaylor
C
A
ASUS Dual WAN Failover, Then Failback, Leaves Secondary LAN in "Hot Standby"
Replies
4
Views
666
Kingp1n
K
gallahermike
GT-BE98 Pro and OpenVPN problem
Replies
7
Views
677
gallahermike
gallahermike
M
IPv6 and Router Advertisement adding route to delegated /56 via WAN interface
Replies
0
Views
240
MrC99
M
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
Similar threads
Thread starter Title Forum Replies Date
C DDNS Update frequency increase for Asus DDNS Asuswrt-Merlin 5
GreyHawkz Asus RT-AX82U Stock vs Merlin Advantage? Asuswrt-Merlin 1
A Question about Asus Merlin Router behind a firewalla? Asuswrt-Merlin 8
A LAN - IPTV - what does it do, and how to reproduce it on other than asus devices? Asuswrt-Merlin 1
L IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot Asuswrt-Merlin 0
Z Solved Accidentally flashed XT12 latest merlin on a ET12 Asus Zenwifi Pro. Can't flash back stock FW. Asuswrt-Merlin 11
B Asus RT-AC5300 and ExpressVPN Asuswrt-Merlin 8
T Asus RT-AX86U vs RT-AX68U (with Merlin cake SQM) Asuswrt-Merlin 9
Coldblackice Does ASUS Merlin's QoS consider DSCP? Asuswrt-Merlin 6
JA93 iVentoy on Asus Merlin Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 571 (members: 22, guests: 549)
Top