Need example of ip route add command

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Occasional Visitor
So, I'm trying to add a route on my asus merlin RT-AC86U. Very frustrating since i haven't been able to find examples and what I type in errors off.
I can't see any VPN Client devices and trying to figure out routing on the VPN Server side so I can see them.

VPN Client
VPN Client connection
VPN Server LAN

ip route add via
RTNETLINK answers: Invalid argument
ip route add vi
RTNETLINK answers: File exists

iptables --line -t nat -nvL POSTROUTING
Chain POSTROUTING (policy ACCEPT 2549 packets, 150K bytes)
num pkts bytes target prot opt in out source destination
1 3392 355K MASQUERADE all -- * tun12
2 2622 201K PUPNP all -- * eth0
3 1664 138K MASQUERADE all -- * eth0 ! (address changed for this post)
4 212 55341 MASQUERADE all -- * br0

ip rule
0: from all lookup local
10201: from lookup main
10202: from lookup main
10203: from lookup main
10204: from lookup main
10205: from lookup main
10206: from lookup main
10207: from lookup main
10208: from lookup main
10209: from lookup main
10210: from lookup main
10211: from lookup main
10301: from lookup ovpnc2
32766: from all lookup main
32767: from all lookup default

route -e
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default 47-186-10-1.dll UG 0 0 0 eth0 * U 0 0 0 tun21 * U 0 0 0 tun12 * U 0 0 0 eth0 * UH 0 0 0 eth0 47-186-10-1.dll UGH 0 0 0 eth0 * U 0 0 0 lo * U 0 0 0 br0 UG 0 0 0 tun21


Occasional Visitor
Thank you. Guess routing isn't the problem with one subnet not being able to see the other subnet via VPN Server/VPN Client.



Very Senior Member
Are you trying to reach the network from the network (server->client)? IOW, this is a site-to-site configuration? Because if it is, you also have to configure the OpenVPN server "Manage Client-Specific Options" section and add an entry that tells the server the network lies behind that OpenVPN client based on the client's CN (common name) on its cert. THIS is what actually adds the necessary routing information, both route and iroute directives (under the covers).



Occasional Visitor
That is exactly what I am trying to do. These are two separate networks (VPN Server and VPN Client I want to see all devices from and vice versa. I can't seem to work this out though. The thing really confusing me is the VPN Client connects as so I don't know how this plays into coding the correct route add statements. To really make it confusing, both VPN Server and VPN Client used NordVPN. From the VPN Client, I can only see devices that NordVPN has defined as WAN (Asus Merlin VPN Client options).

Currently, I am just trying to see the devices frm VPN Server. Once I get that one solved, I can worry about route add on the VPN Client side.

Will study the link you sent & see what clues that might give me. Thanks.


Very Senior Member
If what you're telling me is that you not only have a *remote* OpenVPN client connected to your *local* OpenVPN server, but also a *local* OpenVPN client connected to NordVPN, that's a completely separate issue. And I'm not sure what issue(s) that's creating. All I can really say at the moment is that as far as the site-to-site situation, all you need is to properly configure the "Manage Client-Specific Options" section, which should only take a few seconds. I only provided the link so you understood the underlying problem that that section in the OpenVPN server config is specifically addressing, both the why and the how.
Last edited:


Occasional Visitor
I finally found a SNBForums thread that discusses this exact issue. I really appreciate your responses.

The thread is at:

I plan to shut down NordVPN on both routers to test the site-to-site VPN Server/VPN Client to see if it works per normal. Once that is done, I will study the heck out of the thread above to see if there is a solution with NordVPN turned on AND the site-to-site VPN is running.k

Cheers & Thanks again!

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!