ER605 Stand Alone Mode and OpenVPN issue
ER605 Stand Alone Mode and OpenVPN issue
Hello,
I configured the ER605 in standalone mode and I created an OpenVPN Server with these parameters:
Protocol: UDP
Service Port: 1194
Local Netword 10.8.0.0/24
WAN: WAN
IP Pool: 10.8.0.0/24
The Default Gataway of LAN (ISP's Modem/Router has address 192.168.1.1)
The ER605's WAN port has the address 192.168.1.151 (255.255.255.0)
When I connect from remote client (win 10) the "tunnel" is OK (green flag on OpenVPN Client GUI) but the log says:
ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=7]
Of course I cannot reach any host on the remote LAN.
Do you have any suggestion?
thanks in advance.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
thank you for your suggestions.
My mistake is to set the [Local Network] parameter in OpenVPN Server settings:
NO 10.8.0.0/24 but 192.168.0.0/24
Now is working correctly.
Thanks again.
- Copy Link
- Report Inappropriate Content
Dear @LucioRib ,
LucioRib wrote
The Default Gataway of LAN (ISP's Modem/Router has address 192.168.1.1)
The ER605's WAN port has the address 192.168.1.151 (255.255.255.0)
When I connect from remote client (win 10) the "tunnel" is OK (green flag on OpenVPN Client GUI) but the log says:
ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=7]
Of course I cannot reach any host on the remote LAN.
1. After your VPN client has connected to the OpenVPN server set up on this R605, please use the ipconfig command to see what VPN IP address the client is getting at this time?
Then use the route print command to see if there is an entry in the routing table for the same router as 10.8.0.0/24?
If so, there may be the IP conflict in your settings and you may try setting the VPN Pool to the subnet on another network segment.
2. Did you add any other parameters when you exported the OpenVPN configuration file?
Best Regards!
- Copy Link
- Report Inappropriate Content
the client get the address 10.8.0.6
here are the output of ipconfig and route print commands before and after the VPN connection:
======================================================================================= ======================================================================================= ======================================================================================= PRE-VPN Connection ======================================================================================= ======================================================================================= ======================================================================================= Configurazione IP di Windows Scheda sconosciuta Connessione alla rete locale (LAN): Stato supporto. . . . . . . . . . . . : Supporto disconnesso Suffisso DNS specifico per connessione: Scheda sconosciuta OpenVPN Wintun: Stato supporto. . . . . . . . . . . . : Supporto disconnesso Suffisso DNS specifico per connessione: Scheda Ethernet Ethernet0: Suffisso DNS specifico per connessione: Indirizzo IPv6 locale rispetto al collegamento . : fe80::a9e3:7cfc:ecb4:2fdf%12 Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.101 Subnet mask . . . . . . . . . . . . . : 255.255.255.0 Gateway predefinito . . . . . . . . . : 192.168.1.1 Scheda sconosciuta OpenVPN TAP-Windows6: Stato supporto. . . . . . . . . . . . : Supporto disconnesso Suffisso DNS specifico per connessione: --------------------------------------------------------------------------------------- =========================================================================== Elenco interfacce 7...00 ff 75 d1 c1 b0 ......TAP-Windows Adapter V9 for OpenVPN Connect 6...........................Wintun Userspace Tunnel 12...00 0c 29 a4 7d e5 ......Intel(R) 82574L Gigabit Network Connection 16...00 ff eb 5a ff ae ......TAP-Windows Adapter V9 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Tabella route =========================================================================== Route attive: Indirizzo rete Mask Gateway Interfaccia Metrica 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.1.0 255.255.255.0 On-link 192.168.1.101 281 192.168.1.101 255.255.255.255 On-link 192.168.1.101 281 192.168.1.255 255.255.255.255 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.1.101 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.1.101 281 =========================================================================== Route permanenti: Nessuna IPv6 Tabella route =========================================================================== Route attive: Interf Metrica Rete Destinazione Gateway 1 331 ::1/128 On-link 12 281 fe80::/64 On-link 12 281 fe80::a9e3:7cfc:ecb4:2fdf/128 On-link 1 331 ff00::/8 On-link 12 281 ff00::/8 On-link =========================================================================== Route permanenti: Nessuna ======================================================================================= ======================================================================================= ======================================================================================= POST-VPN Connection ======================================================================================= ======================================================================================= ======================================================================================= Configurazione IP di Windows Scheda sconosciuta Connessione alla rete locale (LAN): Stato supporto. . . . . . . . . . . . : Supporto disconnesso Suffisso DNS specifico per connessione: Scheda sconosciuta OpenVPN Wintun: Stato supporto. . . . . . . . . . . . : Supporto disconnesso Suffisso DNS specifico per connessione: Scheda Ethernet Ethernet0: Suffisso DNS specifico per connessione: Indirizzo IPv6 locale rispetto al collegamento . : fe80::a9e3:7cfc:ecb4:2fdf%12 Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.101 Subnet mask . . . . . . . . . . . . . : 255.255.255.0 Gateway predefinito . . . . . . . . . : 192.168.1.1 Scheda sconosciuta OpenVPN TAP-Windows6: Suffisso DNS specifico per connessione: Indirizzo IPv6 locale rispetto al collegamento . : fe80::6129:3fed:84e4:25cb%16 Indirizzo IPv4. . . . . . . . . . . . : 10.8.0.6 Subnet mask . . . . . . . . . . . . . : 255.255.255.252 Gateway predefinito . . . . . . . . . : =========================================================================== Elenco interfacce 7...00 ff 75 d1 c1 b0 ......TAP-Windows Adapter V9 for OpenVPN Connect 6...........................Wintun Userspace Tunnel 12...00 0c 29 a4 7d e5 ......Intel(R) 82574L Gigabit Network Connection 16...00 ff eb 5a ff ae ......TAP-Windows Adapter V9 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Tabella route =========================================================================== Route attive: Indirizzo rete Mask Gateway Interfaccia Metrica 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25 10.8.0.0 255.255.255.0 10.8.0.5 10.8.0.6 281 10.8.0.4 255.255.255.252 On-link 10.8.0.6 281 10.8.0.6 255.255.255.255 On-link 10.8.0.6 281 10.8.0.7 255.255.255.255 On-link 10.8.0.6 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.1.0 255.255.255.0 On-link 192.168.1.101 281 192.168.1.101 255.255.255.255 On-link 192.168.1.101 281 192.168.1.255 255.255.255.255 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.1.101 281 224.0.0.0 240.0.0.0 On-link 10.8.0.6 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.1.101 281 255.255.255.255 255.255.255.255 On-link 10.8.0.6 281 =========================================================================== Route permanenti: Nessuna IPv6 Tabella route =========================================================================== Route attive: Interf Metrica Rete Destinazione Gateway 1 331 ::1/128 On-link 12 281 fe80::/64 On-link 16 281 fe80::/64 On-link 16 281 fe80::6129:3fed:84e4:25cb/128 On-link 12 281 fe80::a9e3:7cfc:ecb4:2fdf/128 On-link 1 331 ff00::/8 On-link 12 281 ff00::/8 On-link 16 281 ff00::/8 On-link =========================================================================== Route permanenti: Nessuna
- Copy Link
- Report Inappropriate Content
Dear @LucioRib ,
LucioRib wrote
the client get the address 10.8.0.6
Thanks for the detailed information, actually we tried the same settings locally but can not reproduce your issue.
The VPN is working fine even though it shows the same error message.
Could you please set the VPN again but use a different IP address like 192.168.20.0/24 to test?
If it still doesn't work, please try to ping the Local IP address showed in the tunnel list and check whether you can ping through it.
Best Regards!
- Copy Link
- Report Inappropriate Content
Dear@Hank21 ,
as you suggest I tried to set the VPN address as 192.168.20.0/24 without success.
When the "tunnel" is OK i'm able to ping the local ip address but nothing other one.
I notice, looking the result of ipconfig command that it seems that the default gateway is missing (see below):
Scheda sconosciuta OpenVPN TAP-Windows6:
Suffisso DNS specifico per connessione:
Indirizzo IPv6 locale rispetto al collegamento . : fe80::6129:3fed:84e4:25cb%16
Indirizzo IPv4. . . . . . . . . . . . : 192.168.20.10
Subnet mask . . . . . . . . . . . . . : 255.255.255.252
Gateway predefinito . . . . . . . . . :
Here are the Route Table of ER605:
ID Destination IP Subnet Mask Next Hop Interface Metric
----+---------------+---------------+--------------+----------+-------
1 0.0.0.0 0.0.0.0 192.168.1.1 WAN 0
2 127.0.0.0 255.0.0.0 0.0.0.0 lo 0
3 192.168.1.0 255.255.255.0 0.0.0.0 WAN 0
4 192.168.1.1 255.255.255.255 0.0.0.0 WAN 0
5 192.168.20.2 255.255.255.255 0.0.0.0 tun0 0
6 192.168.0.0 255.255.255.0 0.0.0.0 LAN 0
I'm afraid is a configuration problem of OpenVPN Server on ER605, because with the same SW client on the same PC there is no problem to connect to a OpenVPN Server hosted on a PC with Synology Open VPN Server.
Thank you again for your kindly support.
- Copy Link
- Report Inappropriate Content
you can say a lot about VPN on ER605 but in this case it is probably how you have connected your PC, to me it looks like you have connected the PC between WAN on ER605 and LAN on another router. if ER605 has ip WAN 192.168.1.151, and your PC has ip 192.168.1.101 with gateway to 192.168.1.1, to access your LAN you must have a route to ER605 (192.168.1.151)
Try to set manual ip on your computer with gateway to 192.168.1.151 (ER605 WAN)
You probably connected like this to test OpenVPN, but you should port NAT the OpenVPN port in your internet router to ER605 and test this from Internett.
- Copy Link
- Report Inappropriate Content
Hello @shberge,
I connected my PC "remote" through Ethernet cable to a tp-link MR-6400 (with IP Address 192.168.1.1 that obviously it's not connected to the home network)
The ISP router of the home network casually has the same IP Address 192.168.1.1 of the "remote" MR-6400; but this is not a problem because I tested this configuration with another OpenVPN Server and in that case it's all OK.
When the VPN is ON (I can see the connection, into the WEB interface, with another PC connected to the LAN port of ER605) the "remote" PC acquires a second IP address (for VPN) 10.8.0.6
The issue is that the VPN is ON but I can't react any host on the home lan...
Thanks in advance
- Copy Link
- Report Inappropriate Content
Ok, maybe it's a bug with OpenVPN in stand alone, I have not tested this, but I have several ER605 With OpenVPN Server configured in Omada SDN.
Did you get the NAT (port Forward) in to ER605 on UDP port 1194 ?
You can also try another port eg UDP 1195.
- Copy Link
- Report Inappropriate Content
I did a quick test with an ER605 in stand alone, also behind another natted firewall, it worked right away with no issues.
here is my setup
When ping remote site
you also need to edit the OVPN file so that you get the right WAN ip
- Copy Link
- Report Inappropriate Content
Hello @shberge
I am afraid I could made some confusion in the hardware connections and about settings of the home LAN.
All my home device are on the 192.168.1.0/24 network.
the ISP's Router is the default gateway (192.168.1.1)
I phisycal connected the ER605's WAN port (address 192.168.1.151) with a home network switch.
The LAN port of ER605 has address 192.168.0.1 (the DHCP server is active)
Is this correct that, in the ER605, the WAN port has address 192.168.1.151 and the LAN port 192.168.0.1?
Thanks.
- Copy Link
- Report Inappropriate Content
I do not quite understand how you have connected your network, so if you can draw a sketch of how things are connected, it will be easier.
in principle, you should not connect all LAN devices on the same network as WAN on ER605, All LAN devices should be connected to LAN on ER605 not on WAN
the best thing would have been to connect the WAN port on the ER605 directly to the internet and not go via another router.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 9066
Replies: 19
Voters 0
No one has voted for it yet.