Menu
What's new
By:
Filters Better Search

RT-AC5300 running 386.2_4 not routing between OpenVPN TUN clients and main bridged lan (solved - VM/container range conflict)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ADFHogan

ADFHogan

Regular Contributor
I have an RT-AC5300 running 386.2_4 and have configured an OpenVPN server with the "both" setting.

Code: 
CLIENT:~$ ip r
default via 192.168.2.1 dev tun0 proto static metric 50
default via 10.26.112.1 dev wlp2s0 proto dhcp metric 600
10.26.112.0/20 dev wlp2s0 proto kernel scope link src 10.26.120.81 metric 600
10.26.112.1 dev wlp2s0 proto static scope link metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
192.168.1.0/24 via 192.168.2.1 dev tun0 proto static metric 50
192.168.2.0/24 dev tun0 proto kernel scope link src 192.168.2.2 metric 50
202.173.158.10 via 10.26.112.1 dev wlp2s0 proto static metric 600

Code: 
ROUTER# ip r
202.173.152.255 dev eth0  proto kernel  scope link
192.168.2.0/24 dev tun21  proto kernel  scope link  src 192.168.2.1
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
202.173.152.0/21 dev eth0  proto kernel  scope link  src 202.173.158.10
127.0.0.0/8 dev lo  scope link
default via 202.173.152.255 dev eth0

Merlin generated OpenVPN server config:
Code: 
daemon ovpn-server1
topology subnet
server 192.168.2.0 255.255.255.0
proto udp
multihome
port 1195
dev tun21
txqueuelen 1000
data-ciphers AES-256-GCM:AES-256-CBC
auth SHA256
keepalive 15 60
verb 3
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
client-config-dir ccd
client-to-client
push "dhcp-option DOMAIN REDACTED"
push "dhcp-option DNS 192.168.1.1"
push "redirect-gateway def1"
tls-crypt static.key
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
ca ca.crt
dh dh.pem
cert server.crt
key server.key
script-security 2
up 'ovpn-up 1 server'
down 'ovpn-down 1 server'
status-version 2
status status 5

# Custom Configuration

I can access 192.168.1.1 (the router's primary internal IP) from the VPN client on 192.168.2.2.
I cannot access 192.168.1.2 (a machine on the primary bridged LAN) from the VPN client.

I have the WiFi radios turned off (I have separate APs on site).
I have a few extensions installed (Diversion, Skynet, scribe, scMerlin, uiScribe, YazDHCP, dnscrypt-installer/prox). AMTM reports everything up to date.

If I do a traceroute, everything stops at the router from both sides.
General internet for the client IS being successfully routed.
Skynet doesn't report any logs for the VPN client source IP in debug mode.

Any ideas?
 
Last edited:
*doh* I figured it out...

The VM range on the internal box I was trying to connect to conflicts with the OpenVPN range.
 
You must log in or register to reply here.

Similar threads

S
ASUS VPN Fusion Wireguard client not setting up route(s) on connection
Replies
1
Views
120
eibgrad
eibgrad
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
1K
ragtap
R
I
Bidirectional OpenVPN between two networks
Replies
5
Views
2K
JGrana
JGrana
J
How to understand routing table on merlin
Replies
0
Views
2K
jacbao
J
M
openvpn routing question - multiple lans on clients side
Replies
11
Views
3K
eibgrad
eibgrad
Similar threads
Thread starter Title Forum Replies Date
H Solved xbox one not able to sign in when connected through router running asuswrt-merlin on an rt-ac5300. Asuswrt-Merlin 5
F Unbricking RT-AC5300 using Serial Asuswrt-Merlin 3
raion969 Asus RT-AC5300 best Wireless Settings Asuswrt-Merlin 6
K Request for v2ray installation training on RT-AC5300 router Asuswrt-Merlin 2
W Upgrade Firmware to Merlin rt ac5300 Asuswrt-Merlin 12
B Asus RT-AC5300 and ExpressVPN Asuswrt-Merlin 8
F RT-AC5300 with version 386.13 doesn't show any network activity! Asuswrt-Merlin 1
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
H Asus RT-AX58U v2 Merlin: Route all traffic to Pi-hole (running directly on router itself) Asuswrt-Merlin 12
L "Maximum number of concurrent DNS queries" with strange lb._dns-sd._udp. ... .in-addr.arpa reverse DNS queries (has Pi running Adguard Home + Unbound) Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 610 (members: 26, guests: 584)
Top