RT-AC5300 running 386.2_4 not routing between OpenVPN TUN clients and main bridged lan (solved - VM/container range conflict)

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

ADFHogan

Occasional Visitor
I have an RT-AC5300 running 386.2_4 and have configured an OpenVPN server with the "both" setting.

Code:
CLIENT:~$ ip r
default via 192.168.2.1 dev tun0 proto static metric 50
default via 10.26.112.1 dev wlp2s0 proto dhcp metric 600
10.26.112.0/20 dev wlp2s0 proto kernel scope link src 10.26.120.81 metric 600
10.26.112.1 dev wlp2s0 proto static scope link metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
192.168.1.0/24 via 192.168.2.1 dev tun0 proto static metric 50
192.168.2.0/24 dev tun0 proto kernel scope link src 192.168.2.2 metric 50
202.173.158.10 via 10.26.112.1 dev wlp2s0 proto static metric 600

Code:
ROUTER# ip r
202.173.152.255 dev eth0  proto kernel  scope link
192.168.2.0/24 dev tun21  proto kernel  scope link  src 192.168.2.1
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
202.173.152.0/21 dev eth0  proto kernel  scope link  src 202.173.158.10
127.0.0.0/8 dev lo  scope link
default via 202.173.152.255 dev eth0

Merlin generated OpenVPN server config:
Code:
daemon ovpn-server1
topology subnet
server 192.168.2.0 255.255.255.0
proto udp
multihome
port 1195
dev tun21
txqueuelen 1000
data-ciphers AES-256-GCM:AES-256-CBC
auth SHA256
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
client-config-dir ccd
client-to-client
push "dhcp-option DOMAIN REDACTED"
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
tls-crypt static.key
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up 'ovpn-up 1 server'
down 'ovpn-down 1 server'
status-version 2
status status 5

# Custom Configuration

I can access 192.168.1.1 (the router's primary internal IP) from the VPN client on 192.168.2.2.
I cannot access 192.168.1.2 (a machine on the primary bridged LAN) from the VPN client.

I have the WiFi radios turned off (I have separate APs on site).
I have a few extensions installed (Diversion, Skynet, scribe, scMerlin, uiScribe, YazDHCP, dnscrypt-installer/prox). AMTM reports everything up to date.

If I do a traceroute, everything stops at the router from both sides.
General internet for the client IS being successfully routed.
Skynet doesn't report any logs for the VPN client source IP in debug mode.

Any ideas?
 
Last edited:

ADFHogan

Occasional Visitor
*doh* I figured it out...

The VM range on the internal box I was trying to connect to conflicts with the OpenVPN range.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top