What's new

OpenVPN : routing conflict after, service state & apply button

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Henk59

Regular Contributor
After reading this; https://vpntips.com/vpn-router-install
I tried to understand what todo because I have also IPVanish, I tried;
ip route delete s.s.s.s

But the IP-adress was always wrong;
RTNETLINK answers: No such process

So what is different instead of IP-adress or VPN-server-adress I could not figure it out.
Until I look into the VPN-LOG there was always sameone IP-adress, so I tried that one.
That was the right IP-adress.
 
After reading this; https://vpntips.com/vpn-router-install
I tried to understand what todo because I have also IPVanish, I tried;
ip route delete s.s.s.s

But the IP-adress was always wrong;
RTNETLINK answers: No such process

So what is different instead of IP-adress or VPN-server-adress I could not figure it out.
Until I look into the VPN-LOG there was always sameone IP-adress, so I tried that one.
That was the right IP-adress.

The 'error' message is annoying but doesn't usually impact the VPN Client connection.

Here is the way to manually identify the correct I/P address to delete:

http://www.snbforums.com/threads/error-routing-conflict.30164/#post-235331

It appears that stopping/starting the VPN Client via the GUI doesn't always flush the VPN routes, so I wrote this script to start/stop the VPN Client which incorporates the function

Flush_VPN_ROUTE()

to identify the route to delete:

Code:
#!/bin/sh

# Switch between VPN Clients and remove obsolete VPN Client routes from table main otherwise Get_ActiveVPN() will never match "2"
#
# See comments at bottom of script for command line args syntax.


# FUNCTIONS
# =========
Say(){
  logger -st "($(basename $0))" $$ $@
}

Get_VPN_ADDR() {

local VPNADDRS=`nvram show | grep vpn_client | grep addr | grep -v t_addr`
local VPN_ADDR=""

for VPN in $VPNADDRS
do

  if [ "${VPN:10:1}" = "$1" ]; then
  VPN_ADDR=${VPN:17}
  #Say "ACTIVE VPN Client="$1 "via" $VPN_ADDR
  #else
  #  Say "Get_VPN_ADDR():" $VPN ">" ${VPN:10:1} ">>" ${VPN:17}
  fi

done

echo $VPN_ADDR

}

Flush_VPN_ROUTE() {
  local VPN_ADDR=$(Get_VPN_ADDR $1)
  local VPNTAG=`grep -i "11"$1 /etc/iproute2/rt_tables | awk '{print $2}'`
  Say "Flushing VPN Client" $1 "route" $VPN_ADDR "("$VPNTAG")"
  ip route del $VPN_ADDR 2> /dev/null > /dev/null
}

Get_ActiveVPN() {

local VPNS=`nvram show | grep vpn_client | grep state | sort -r` # 'sort -r' ensures the lowest numerically VPN instance is returned
local VPN=""
local ACTIVE_VPN=""
local ACTIVE_CNT=0
local ERROR_CNT=0
local VPNTAG="?"

if [ "$1" = "?" ]; then
Say "VPN Client Status:"
fi

for VPN in $VPNS
do
  if [ ${VPN:18:1} = "2" ]; then
  if [ ! -z "$1" ]; then
  if [ "$1" = "?" ]; then
  VPNTAG=`grep -i "11"${VPN:10:1} /etc/iproute2/rt_tables | awk '{print $2}'`
  Say " Client" ${VPN:10:1} "connected ("$VPNTAG")"
  ACTIVE_CNT=`expr $ACTIVE_CNT + 1`
  fi
  if [ "${VPN:10:1}" = "$1" ]; then
  ACTIVE_VPN=${VPN:10:1}
#Say " Get_ActiveVPN(): Matched! ACTIVE_VPN="$ACTIVE_VPN
break
  fi
  else
  ACTIVE_VPN=${VPN:10:1}
  #Say " Get_ActiveVPN(): Found active" $VPN ">" ${VPN:10:1} ">>" ${VPN:18:1}
  fi
  else
    if [ "$1" = "?" ] && [ "$2" = "debug" ]; then
Say " Get_ActiveVPN():" $VPN ">" ${VPN:10:1} ">>" ${VPN:18:1}
  fi
 
  # Check if ERROR such as Routing conflict....
    if [ ${VPN:18:1} = "-" ]; then
if [ "$1" = "fix" ]; then
  Say " Get_ActiveVPN(): Fixing state for" $VPN
  ACTIVE_VPN=${VPN:10:1}
  RC=$(nvram set "vpn_client"$ACTIVE_VPN"_state=2")
else
Say " **Client" ${VPN:10:1} " in ERROR .....("$VPNTAG")**"
ERROR_CNT=`expr $ERROR_CNT + 1`
fi

  fi
  fi
done

if [ "$1" = "?" ]; then
if [ "$ACTIVE_CNT" = "0" ] && [ "$ERROR_CNT" = "0" ]; then
Say " *NO VPN Clients connected*"
else
if [ "$ERROR_CNT" != "0" ]; then
Say " ...recommend you specify 'fix' directive!**"
fi
fi
fi

echo $ACTIVE_VPN

}
Check_VPNState(){

  local i=0
  local OK=0
  local VPNTAG=`grep -i "11"$1 /etc/iproute2/rt_tables | awk '{print $2}'`
 
  if [ "$2" = "2" ]; then
  local WSTATE="connect"
  fi
  if [ "$2" = "0" ]; then
  local WSTATE="disconnect"
  fi
  Say "Waiting for VPN Client" $1 "("$VPNTAG") to" $WSTATE"....."
  while [ $i -lt 60 ]; do
sleep 1
#Say "Waiting for VPN Client" $1 "to" $WSTATE"....." $i
if [ "$(nvram get "vpn_client"$1"_state")" = "$2" ];then
  OK="1"
  break
fi
i=`expr $i + 1`
  done
  if [ "$OK" = "1" ];then
Say "VPN Client" $1 "("$VPNTAG")" $WSTATE"'d in" $i "secs"
  else
Say "***ERROR*** VPN Client" $1 "("$VPNTAG") FAILED to" $WSTATE "after" $i "secs"
  fi
}

Main(){

#Say "Main(): Debug ACTIVE_VPN='"$ACTIVE_VPN"'"
#Say "Main(): NEW_VPN='"$NEW_VPN"'"
#Say "Main(): MATCH_VPN='"$MATCH_VPN"'"
#Say "Main(): Debug ARG1='"$1"'"
#Say "Main(): Debug ARG2='"$2"'"

local IS_VPN_UP="2"
local IS_VPN_DOWN="0"

# If no args supplied assume we should simply bounce the ACTIVE Client or start VPN Client 1 if none ACTIVE
if [ -z $ACTIVE_VPN ]; then # No ACTIVE VPN Client....

  if [ -z $NEW_VPN ]; then # Did user supply VPN Client?
  Flush_VPN_ROUTE 1
  RC=`service restart_vpnclient1`
  # Track VPN Client (DOWN state=0) thru' (CONNECTING state=1) to (UP state=2)  !!!
  Check_VPNState 1 $IS_VPN_UP
  else
  if [ "$NEW_VPN" != "off" ] && [ "$2" != "off" ]; then
  Say "No VPN ACTIVE - Starting VPN Client" $NEW_VPN
  Flush_VPN_ROUTE $NEW_VPN
  RC=`service start_vpnclient$NEW_VPN`
  # Track VPN Client (DOWN state=0) thru' (CONNECTING state=1) to (UP state=2)  !!!
  Check_VPNState $NEW_VPN $IS_VPN_UP
  else
  Say "No VPN ACTIVE - and VPN Client 'off' requested."
  fi
  fi
else

# Don't terminate ACTIVE client if 'on' specified
#if ([ "X$2" != "Xon" ] && [ "X$2" != "X" ]) || [ "$2" == "off" ] || [ "$1" == "off" ]; then
if [ "$2" == "off" ] || [ "$1" == "off" ] || [ -n "$ACTIVE_VPN" ]; then
  if [ -n $1 ] && [ "$2" == "off" ]; then
  ACTIVE_VPN=$1
fi
if [ "$2" != "on" ]; then
Say "Stopping VPN Client" $ACTIVE_VPN
if [ -n $ACTIVE_VPN ]; then

VPNADDR=$(nvram get "vpn_client"$ACTIVE_VPN"_addr")
VPNFORCE=$(nvram get "vpn_client"$ACTIVE_VPN"_enforce")
#Say "Debug: "$VPNADDR "block" $VPNFORCE
if [ ! -z "$VPNADDR" ] && [ "$VPNFORCE" = "1" ]; then
Say "Blocking WAN for VPN Client" $ACTIVE_VPN "to" $VPNADDR
#vpnrouting.sh vpn_flush tun1$ACTIVE_VPN
vpnrouting.sh wan_block tun1$ACTIVE_VPN # Requires Martineau Hacked /jffs/scripts/vpnrouting.sh
fi

RC=`service stop_vpnclient$ACTIVE_VPN`
Check_VPNState $ACTIVE_VPN $IS_VPN_DOWN
if [ "X$2" = "Xoff" ]; then
  NEW_VPN="off"
  #Say  "Debug set NEW_VPN="$NEW_VPN
  fi
fi
fi
fi

  if [ "$NEW_VPN" != "off" ]; then
  if [ -z $NEW_VPN ]; then
  NEW_VPN="1"
  fi
  Say "Starting VPN Client" $NEW_VPN
  Flush_VPN_ROUTE $NEW_VPN
  RC=`service start_vpnclient$NEW_VPN`
  # Track VPN Client (DOWN state=0) thru' (CONNECTING state=1) to (UP state=2)  !!!
  Check_VPNState $NEW_VPN $IS_VPN_UP
  else
  Say "....and VPN Client 'off' requested."
  fi

fi
}
#====================================================================================================

# Switch between VPN Clients
#
#  e.g.  VPN_Switch  [ 1 | 2 | 3 | 4 | 5 ] [off | on] [ ? | list] [ debug]] [ fix ]

#  VPN_Switch
#  Restart current ACTIVE VPN Client but if none ACTIVE, then Start VPN Client 1
#  VPN_Switch  5
#  Terminate current ACTIVE VPN Client then switch to VPN Client 5
#  VPN_Switch  off
#  Terminate current ACTIVE VPN Client.
#  VPN_Switch  3  on
#  Start VPN Client 3
#  VPN_Switch  3  off
#  Stop VPN Client 3
#  VPN_Switch  ?
#  List the status of ALL VPN Clients
#  VPN_Switch  fix
#  Change any VPN client from state=-1(Error Conflict) to state=2(UP) ....use with caution!


Say "Starting....." [$@]


# Wierdly, sometimes the command line under Xshell5 translates '?' as '0' !!!!!!
if [ "$1" = "0" ]; then
Say "**ERROR** Arg '?' is INVALID...use 'list' instead!"
Say "Aborted!"
exit
  exit
fi
if [ "$1" = "?" ] || [ "$1" = "list" ]; then
  ACTIVE_VPN=$(Get_ActiveVPN "?" $2) # List ACTIVE VPN Clients
  exit
fi

if [ "$1" = "fix" ]; then # Fix annoying non-critical VPN Status GUI 'Error Routing conflict'
  ACTIVE_VPN=$(Get_ActiveVPN $1) # VPN Clients in status -1; but assume that they are actually connected and working! ;-)
  exit
fi

# Ensure (if supplied) a valid VPN Client instance was specified
if [ "$1" = "1" -o "$1" = "2" -o "$1" = "3" -o "$1" = "4" -o "$1" = "5" -o "$1" = "" ]; then
ACTIVE_VPN=$(Get_ActiveVPN) # Current ACTIVE VPN Client to terminate
NEW_VPN=$1 # VPN Client to use for NEW connection specified by user
fi

# Use VPN Client 1 if no current ACTIVE VPN Client connection and no preference specified by user.
if [ -z $ACTIVE_VPN ]; then # No ACTIVE VPN Client.....
  MATCH_VPN="1"
  if [ -n $NEW_VPN ]; then # .....and user arg supplied
  MATCH_VPN=$NEW_VPN
  fi
else
  MATCH_VPN=$ACTIVE_VPN
fi

# Check if VPN Client is actually configured.....
VPNADDR=$(Get_VPN_ADDR $MATCH_VPN)
if [ -z $VPNADDR ]; then

if [ "$1" = "1" -o "$1" = "2" -o "$1" = "3" -o "$1" = "4" -o "$1" = "5" ]; then
Say "**ERROR** VPN Client" $NEW_VPN "not configured?"
Say "Aborted!"
exit
else
  if [ ! -z $1 ];then
Say "**ERROR** VPN Client" $NEW_VPN "is INVALID"
Say "Aborted!"
exit
fi
fi
fi

# Switch or Start or Stop the VPN Client connection
Main $1 $2
ACTIVE_VPN=$(Get_ActiveVPN "?") # List ACTIVE VPN Clients

Say "Complete."

exit

Or, rather than manually removing the obsolete routes using a script, if the innocuous error message still bothers you, you can correct it in the VPN GUI status page manually from the cmd line (or call my script with the 'fix' directive!)

http://www.snbforums.com/threads/error-routing-conflict.30164/#post-235773

EDIT: Updated code



:oops:
 
Last edited:
Thanks Martineau.

Really helpfull, both links.
But the Flush_VPN_ROUTE() Code, well its to difficult, for me now to understand, hopefully in time it will...
 
Would this be the expected output to syslog after calling VPN_Switch off and then VPN_Switch to turn client 1 back on?

Code:
Feb 15 07:27:53 (VPN_Switch.sh): 3586 Starting..... [off]
Feb 15 07:27:53 (VPN_Switch.sh): 3586 ....and VPN Client 'off' requested.
Feb 15 07:27:53 (VPN_Switch.sh): 3586 Complete.
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Starting..... []
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Starting VPN Client 1
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Flushing VPN Client 1 route us-east.privateinternetaccess.com
Feb 15 07:28:15 rc_service: service 3670:notify_rc start_vpnclient1
Feb 15 07:28:15 syslog: VPN_LOG_NOTE: 84: VPN Client 1 already running...
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Complete.

The reason I ask is the line that contains VPN_LOG_NOTE states Client 1 is already running.
 
Would this be the expected output to syslog after calling VPN_Switch off and then VPN_Switch to turn client 1 back on?

Code:
Feb 15 07:27:53 (VPN_Switch.sh): 3586 Starting..... [off]
Feb 15 07:27:53 (VPN_Switch.sh): 3586 ....and VPN Client 'off' requested.
Feb 15 07:27:53 (VPN_Switch.sh): 3586 Complete.
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Starting..... []
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Starting VPN Client 1
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Flushing VPN Client 1 route us-east.privateinternetaccess.com
Feb 15 07:28:15 rc_service: service 3670:notify_rc start_vpnclient1
Feb 15 07:28:15 syslog: VPN_LOG_NOTE: 84: VPN Client 1 already running...
Feb 15 07:28:15 (VPN_Switch.sh): 3625 Complete.

The reason I ask is the line that contains VPN_LOG_NOTE states Client 1 is already running.

Apologies, see the EDIT in the original code... (without the fix, the routine never calls the stop client code), basically I moved the main body of the code to a function, and forgot to pass the original command line arguments :oops:o_O
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top