Error - Routing conflict!

[Killswitch42]

I am running Firmware:380.57 on the Asus RT-N66U

OpenVPN Clients page
Service state
Warning: any unsaved change will be lost.
Error - Routing conflict!

On VPN Status page
OpenVPN Client 1 - Error connecting - IP/Routing conflict

This is a major pain that has been going on for a while now, but I have no idea why. I had just ONE vpn on the system under Client 1, and it was perfect, ran perfect, but it became so unresponsive that I decided to change server, and added a new one in to Client 2, and since then, I got the above error. I have no idea how to delete profiles, let alone how to solve this issue.

I don't even see where there is a routing conflict. ALl the information supplied is correct, and I only ever have one VPN on at once.

I had this problem in the previous firmware version too. Does anyone know how to solve this? I can't connect at all now to any VPN server via the firmware as it always gives this error.

 

[Martineau]

I am running Firmware:380.57 on the Asus RT-N66U

OpenVPN Clients page
Service state
Warning: any unsaved change will be lost.
Error - Routing conflict!

On VPN Status page
OpenVPN Client 1 - Error connecting - IP/Routing conflict

This is a major pain that has been going on for a while now, but I have no idea why. I had just ONE vpn on the system under Client 1, and it was perfect, ran perfect, but it became so unresponsive that I decided to change server, and added a new one in to Client 2, and since then, I got the above error. I have no idea how to delete profiles, let alone how to solve this issue.

I don't even see where there is a routing conflict. ALl the information supplied is correct, and I only ever have one VPN on at once.

I had this problem in the previous firmware version too. Does anyone know how to solve this? I can't connect at all now to any VPN server via the firmware as it always gives this error.

After a reboot, both VPN Clients should correctly show 'connected'.

Issue

ip  route

vpn1.xxx.xxx.xxx   via   $(nvram get wan0_gateway)   dev   $(nvram get wan0_ifname)
vpn2.xxx.xxx.xxx   via   $(nvram get wan0_gateway)   dev   $(nvram get wan0_ifname)

e.g. on my system
192.157.56.146    via    xxx.xxx.xxx.xxx    dev    vlan2

If you now manually stop both VPN Clients via the GUI and reissue the above command, the resulting two lines are probably still present?

Now if you start VPN Client 1 you will get the 'Error routing conflict' for VPN Client 1, and the same message whenever you manually restart either VPN Client.

Hopefully, despite the warning error message, both VPNs are actually working correctly?

I use a script to basically start/stop the VPN Clients rather than use the GUI, which calls this function

Flush_VPN_ROUTE() {
  logger -s -t "($(basename $0))" $$ "Flushing VPN Client" $MATCH_VPN "route" $VPN_ADDR
  ip route del $VPN_ADDR 2> /dev/null > /dev/null
}

to delete the previous VPN Client routes prior to restarting the associated VPN Client.

e.g.

To perform this manually (ensuring the VPNs are both stopped) issue

ip  route  del  vpn1.xxx.xxx.xxx
ip  route  del  vpn2.xxx.xxx.xxx

then start a VPN client...hopefully the VPN Client status now correctly shows as connected.

 

[Killswitch42]

Thank you Martin,

I can't quite find out where to enter those scripts but after doing some testing, I found despite the error message that the VPN was actually connected. Although somewhat disconcerting to see such error, I am pleased it works.

Hopefully if this is a bug within Merlin, it will be rectified soon

Thanks

 

[Martineau]

Thank you Martin,

I can't quite find out where to enter those scripts but after doing some testing, I found despite the error message that the VPN was actually connected. Although somewhat disconcerting to see such error, I am pleased it works.

Hopefully if this is a bug within Merlin, it will be rectified soon

Thanks

If the VPN is actually connected, then a quick cosmetic GUI display 'fix' from a SSH command prompt

e.g. VPN Client 1

nvram   get   vpn_client1_state

if it returns value "-1" then

nvram   set   vpn_client1_state=2

 

[netguru]

Hi,

without reading the other Posts ...
there is still a conflict if you had another vpn Client before ...
i recognized it, when i tried with vpn Client 1, then disabled it and then choose to use Client 2 ...
the Client 1 was still blocking my WAN port ...

i did a complete new Setup, then it works

 

[darkpollo]

Hi,
I am having the same issue. I have the log:


May 1 19:02:54 openvpn[2219]: OpenVPN 2.3.10 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 20 2016
May 1 19:02:54 openvpn[2219]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
May 1 19:02:54 openvpn[2223]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
May 1 19:02:54 openvpn[2223]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 1 19:02:54 openvpn[2223]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
May 1 19:02:54 openvpn[2223]: UDPv4 link local: [undef]
May 1 19:02:54 openvpn[2223]: UDPv4 link remote: [AF_INET]
May 1 19:02:56 openvpn[2223]: [server] Peer Connection Initiated with [AF_INET]
May 1 19:02:58 openvpn[2223]: TUN/TAP device tun12 opened
May 1 19:02:58 openvpn[2223]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 1 19:02:58 openvpn[2223]: /usr/sbin/ip link set dev tun12 up mtu 1500
May 1 19:02:58 openvpn[2223]: /usr/sbin/ip addr add dev tun12 local 10.8.0.6 peer 10.8.0.5
May 1 19:03:00 openvpn[2223]: ERROR: Linux route add command failed: external program exited with error status: 2
May 1 19:03:00 openvpn[2223]: Ignore conflicted routing rule: 10.8.0.0 255.255.255.0
May 1 19:03:00 openvpn-routing: Skipping, client 2 not in routing policy mode
May 1 19:03:00 openvpn[2223]: Initialization Sequence Completed

But the vpn connects after this.
How did you clean the client 1 to make a complete new setup?

EDIT: using a different client gives me the same error.


Thanks

 

[netguru]

i did a complete new Setup (complete Router) , then it works

 

[darkpollo]

That seems like a lot. I will review the post again nex weekend and see If i find the issue.

Thanks!

 

[MoBlues]

I am running Firmware:380.57 on the Asus RT-N66U
OpenVPN Client 1 - Error connecting - IP/Routing conflict

I've had to run this after login via PuTTY: nvram set vpn_client1_state=2

Works every time to fix.

 

[tomtomclub]

If the VPN is actually connected, then a quick cosmetic GUI display 'fix' from a SSH command prompt

e.g. VPN Client 1

nvram   get   vpn_client1_state

if it returns value "-1" then

nvram   set   vpn_client1_state=2

yesssss thanks men it works now

 

[bem7]

If the VPN is actually connected, then a quick cosmetic GUI display 'fix' from a SSH command prompt

e.g. VPN Client 1

nvram   get   vpn_client1_state

if it returns value "-1" then

nvram   set   vpn_client1_state=2

Thank you so much, the command fixed my issue, been looking for months.