RT-AC5300 running 386.2_4 not routing between OpenVPN TUN clients and main bridged lan (solved - VM/container range conflict)


Regular Contributor
I have an RT-AC5300 running 386.2_4 and have configured an OpenVPN server with the "both" setting.

CLIENT:~$ ip r
default via dev tun0 proto static metric 50
default via dev wlp2s0 proto dhcp metric 600 dev wlp2s0 proto kernel scope link src metric 600 dev wlp2s0 proto static scope link metric 600 dev wlp2s0 scope link metric 1000 via dev tun0 proto static metric 50 dev tun0 proto kernel scope link src metric 50 via dev wlp2s0 proto static metric 600

ROUTER# ip r dev eth0  proto kernel  scope link dev tun21  proto kernel  scope link  src dev br0  proto kernel  scope link  src dev eth0  proto kernel  scope link  src dev lo  scope link
default via dev eth0

Merlin generated OpenVPN server config:
daemon ovpn-server1
topology subnet
proto udp
port 1195
dev tun21
txqueuelen 1000
data-ciphers AES-256-GCM:AES-256-CBC
auth SHA256
keepalive 15 60
verb 3
push "route vpn_gateway 500"
client-config-dir ccd
push "dhcp-option DOMAIN REDACTED"
push "dhcp-option DNS"
push "redirect-gateway def1"
tls-crypt static.key
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up 'ovpn-up 1 server'
down 'ovpn-down 1 server'
status-version 2
status status 5

# Custom Configuration

I can access (the router's primary internal IP) from the VPN client on
I cannot access (a machine on the primary bridged LAN) from the VPN client.

I have the WiFi radios turned off (I have separate APs on site).
I have a few extensions installed (Diversion, Skynet, scribe, scMerlin, uiScribe, YazDHCP, dnscrypt-installer/prox). AMTM reports everything up to date.

If I do a traceroute, everything stops at the router from both sides.
General internet for the client IS being successfully routed.
Skynet doesn't report any logs for the VPN client source IP in debug mode.

Any ideas?
Last edited:


Regular Contributor
*doh* I figured it out...

The VM range on the internal box I was trying to connect to conflicts with the OpenVPN range.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!