Need example of ip route add command

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Rombo

Occasional Visitor
So, I'm trying to add a route on my asus merlin RT-AC86U. Very frustrating since i haven't been able to find examples and what I type in errors off.
I can't see any VPN Client devices and trying to figure out routing on the VPN Server side so I can see them.

VPN Client 192.168.100.0/24
VPN Client connection 10.8.0.2
VPN Server LAN 192.168.1.0/24

ip route add 192.168.100.0/24 via 10.8.0.0
RTNETLINK answers: Invalid argument
ip route add 192.168.100.0/24 vi 10.8.0.2
RTNETLINK answers: File exists

iptables --line -t nat -nvL POSTROUTING
Chain POSTROUTING (policy ACCEPT 2549 packets, 150K bytes)
num pkts bytes target prot opt in out source destination
1 3392 355K MASQUERADE all -- * tun12 0.0.0.0/0 0.0.0.0/0
2 2622 201K PUPNP all -- * eth0 0.0.0.0/0 0.0.0.0/0
3 1664 138K MASQUERADE all -- * eth0 !47.186.10.8 0.0.0.0/0 (address changed for this post)
4 212 55341 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24

ip rule
0: from all lookup local
10201: from 192.168.1.185 lookup main
10202: from 192.168.1.191 lookup main
10203: from 192.168.1.193 lookup main
10204: from 192.168.1.196 lookup main
10205: from 192.168.1.197 lookup main
10206: from 192.16.1.198 lookup main
10207: from 192.168.1.199 lookup main
10208: from 192.168.1.162 lookup main
10209: from 192.168.1.34 lookup main
10210: from 192.168.1.163 lookup main
10211: from 192.168.1.107 lookup main
10301: from 192.168.1.0/24 lookup ovpnc2
32766: from all lookup main
32767: from all lookup default

route -e
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 47-186-10-1.dll 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun21
10.8.3.0 * 255.255.255.0 U 0 0 0 tun12
47.186.10.0 * 255.255.255.0 U 0 0 0 eth0
47.186.10.1 * 255.255.255.255 UH 0 0 0 eth0
89.187.114.4 47-186-10-1.dll 255.255.255.255 UGH 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.168.100.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun21
 

Rombo

Occasional Visitor
Thank you. Guess routing isn't the problem with one subnet not being able to see the other subnet via VPN Server/VPN Client.

%^(
 

eibgrad

Very Senior Member
Are you trying to reach the 192.168.100.0/24 network from the 192.168.1.0/24 network (server->client)? IOW, this is a site-to-site configuration? Because if it is, you also have to configure the OpenVPN server "Manage Client-Specific Options" section and add an entry that tells the server the 192.168.100.0 255.255.255.0 network lies behind that OpenVPN client based on the client's CN (common name) on its cert. THIS is what actually adds the necessary routing information, both route and iroute directives (under the covers).

 

Rombo

Occasional Visitor
That is exactly what I am trying to do. These are two separate networks (VPN Server 192.168.1.0/24 and VPN Client 192.168.100.0/24). I want to see all 192.168.100.0/24 devices from 192.168.1.0/24 and vice versa. I can't seem to work this out though. The thing really confusing me is the VPN Client connects as 10.8.0.2 so I don't know how this plays into coding the correct route add statements. To really make it confusing, both VPN Server and VPN Client used NordVPN. From the VPN Client, I can only see devices that NordVPN has defined as WAN (Asus Merlin VPN Client options).

Currently, I am just trying to see the 192.168.100.0/24 devices frm 192.168.1.0/24 VPN Server. Once I get that one solved, I can worry about route add on the VPN Client side.

Will study the link you sent & see what clues that might give me. Thanks.
 

eibgrad

Very Senior Member
If what you're telling me is that you not only have a *remote* OpenVPN client connected to your *local* OpenVPN server, but also a *local* OpenVPN client connected to NordVPN, that's a completely separate issue. And I'm not sure what issue(s) that's creating. All I can really say at the moment is that as far as the site-to-site situation, all you need is to properly configure the "Manage Client-Specific Options" section, which should only take a few seconds. I only provided the link so you understood the underlying problem that that section in the OpenVPN server config is specifically addressing, both the why and the how.
 
Last edited:

Rombo

Occasional Visitor
I finally found a SNBForums thread that discusses this exact issue. I really appreciate your responses.

The thread is at: https://www.snbforums.com/threads/simultaneous-vpn-server-and-vpn-client.39508/

I plan to shut down NordVPN on both routers to test the site-to-site VPN Server/VPN Client to see if it works per normal. Once that is done, I will study the heck out of the thread above to see if there is a solution with NordVPN turned on AND the site-to-site VPN is running.k

Cheers & Thanks again!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top