1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Error - Routing conflict!

Discussion in 'Asuswrt-Merlin' started by Killswitch42, Jan 31, 2016.

  1. Killswitch42

    Killswitch42 New Around Here

    Joined:
    Nov 7, 2015
    Messages:
    5
    I am running Firmware:380.57 on the Asus RT-N66U

    OpenVPN Clients page
    Service state
    Warning: any unsaved change will be lost.
    Error - Routing conflict!

    On VPN Status page
    OpenVPN Client 1 - Error connecting - IP/Routing conflict

    This is a major pain that has been going on for a while now, but I have no idea why. I had just ONE vpn on the system under Client 1, and it was perfect, ran perfect, but it became so unresponsive that I decided to change server, and added a new one in to Client 2, and since then, I got the above error. I have no idea how to delete profiles, let alone how to solve this issue.

    I don't even see where there is a routing conflict. ALl the information supplied is correct, and I only ever have one VPN on at once.

    I had this problem in the previous firmware version too. Does anyone know how to solve this? I can't connect at all now to any VPN server via the firmware as it always gives this error.
     
  2. Martineau

    Martineau Part of the Furniture

    Joined:
    Jul 8, 2012
    Messages:
    2,892
    Location:
    UK
    After a reboot, both VPN Clients should correctly show 'connected'.

    Issue
    Code:
    ip  route
    
    vpn1.xxx.xxx.xxx   via   $(nvram get wan0_gateway)   dev   $(nvram get wan0_ifname)
    vpn2.xxx.xxx.xxx   via   $(nvram get wan0_gateway)   dev   $(nvram get wan0_ifname)
    
    e.g. on my system
    192.157.56.146    via    xxx.xxx.xxx.xxx    dev    vlan2
    
    
    
    
    
    If you now manually stop both VPN Clients via the GUI and reissue the above command, the resulting two lines are probably still present?

    Now if you start VPN Client 1 you will get the 'Error routing conflict' for VPN Client 1, and the same message whenever you manually restart either VPN Client.

    Hopefully, despite the warning error message, both VPNs are actually working correctly?

    I use a script to basically start/stop the VPN Clients rather than use the GUI, which calls this function
    Code:
    Flush_VPN_ROUTE() {
      logger -s -t "($(basename $0))" $$ "Flushing VPN Client" $MATCH_VPN "route" $VPN_ADDR
      ip route del $VPN_ADDR 2> /dev/null > /dev/null
    }
    to delete the previous VPN Client routes prior to restarting the associated VPN Client.

    e.g.

    To perform this manually (ensuring the VPNs are both stopped) issue
    Code:
    ip  route  del  vpn1.xxx.xxx.xxx
    ip  route  del  vpn2.xxx.xxx.xxx

    then start a VPN client...hopefully the VPN Client status now correctly shows as connected.
     
    Last edited: Feb 1, 2016
  3. Killswitch42

    Killswitch42 New Around Here

    Joined:
    Nov 7, 2015
    Messages:
    5
    Thank you Martin,

    I can't quite find out where to enter those scripts but after doing some testing, I found despite the error message that the VPN was actually connected. Although somewhat disconcerting to see such error, I am pleased it works.

    Hopefully if this is a bug within Merlin, it will be rectified soon :)

    Thanks
     
  4. Martineau

    Martineau Part of the Furniture

    Joined:
    Jul 8, 2012
    Messages:
    2,892
    Location:
    UK
    If the VPN is actually connected, then a quick cosmetic GUI display 'fix' from a SSH command prompt

    e.g. VPN Client 1

    Code:
    nvram   get   vpn_client1_state

    if it returns value "-1" then

    Code:
    nvram   set   vpn_client1_state=2
     
    bem7 and tomtomclub like this.
  5. netguru

    netguru Regular Contributor

    Joined:
    Dec 24, 2015
    Messages:
    60
    Hi,

    without reading the other Posts ...
    there is still a conflict if you had another vpn Client before ...
    i recognized it, when i tried with vpn Client 1, then disabled it and then choose to use Client 2 ...
    the Client 1 was still blocking my WAN port ...

    i did a complete new Setup, then it works
     
  6. darkpollo

    darkpollo Occasional Visitor

    Joined:
    Dec 1, 2012
    Messages:
    22
    Hi,
    I am having the same issue. I have the log:


    May 1 19:02:54 openvpn[2219]: OpenVPN 2.3.10 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 20 2016
    May 1 19:02:54 openvpn[2219]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
    May 1 19:02:54 openvpn[2223]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    May 1 19:02:54 openvpn[2223]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    May 1 19:02:54 openvpn[2223]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
    May 1 19:02:54 openvpn[2223]: UDPv4 link local: [undef]
    May 1 19:02:54 openvpn[2223]: UDPv4 link remote: [AF_INET]
    May 1 19:02:56 openvpn[2223]: [server] Peer Connection Initiated with [AF_INET]
    May 1 19:02:58 openvpn[2223]: TUN/TAP device tun12 opened
    May 1 19:02:58 openvpn[2223]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    May 1 19:02:58 openvpn[2223]: /usr/sbin/ip link set dev tun12 up mtu 1500
    May 1 19:02:58 openvpn[2223]: /usr/sbin/ip addr add dev tun12 local 10.8.0.6 peer 10.8.0.5
    May 1 19:03:00 openvpn[2223]: ERROR: Linux route add command failed: external program exited with error status: 2
    May 1 19:03:00 openvpn[2223]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
    May 1 19:03:00 openvpn-routing: Skipping, client 2 not in routing policy mode
    May 1 19:03:00 openvpn[2223]: Initialization Sequence Completed

    But the vpn connects after this.
    How did you clean the client 1 to make a complete new setup?

    EDIT: using a different client gives me the same error.


    Thanks
     
  7. netguru

    netguru Regular Contributor

    Joined:
    Dec 24, 2015
    Messages:
    60
    i did a complete new Setup (complete Router) , then it works
     
  8. darkpollo

    darkpollo Occasional Visitor

    Joined:
    Dec 1, 2012
    Messages:
    22
    That seems like a lot. I will review the post again nex weekend and see If i find the issue.

    Thanks!
     
  9. MoBlues

    MoBlues Occasional Visitor

    Joined:
    Feb 23, 2016
    Messages:
    19
    I've had to run this after login via PuTTY: nvram set vpn_client1_state=2

    Works every time to fix.
     
    Stern likes this.
  10. tomtomclub

    tomtomclub New Around Here

    Joined:
    Sep 14, 2014
    Messages:
    7

    yesssss thanks men it works now
     
  11. bem7

    bem7 New Around Here

    Joined:
    Aug 22, 2015
    Messages:
    2
    Thank you so much, the command fixed my issue, been looking for months.