ER605 Stand Alone Mode and OpenVPN issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ER605 Stand Alone Mode and OpenVPN issue

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 Stand Alone Mode and OpenVPN issue
ER605 Stand Alone Mode and OpenVPN issue
2022-03-23 20:29:24 - last edited 2022-04-07 06:35:59
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0 build 20220114

Hello,

I configured the ER605 in standalone mode and I created an OpenVPN Server with these parameters:

Protocol: UDP

Service Port: 1194

Local Netword 10.8.0.0/24

WAN: WAN

IP Pool: 10.8.0.0/24

 

The Default Gataway of LAN (ISP's Modem/Router has address 192.168.1.1)

The ER605's WAN port has the address 192.168.1.151 (255.255.255.0)

 

When I connect from remote client (win 10) the "tunnel" is OK (green flag on OpenVPN Client GUI) but the log says:

 

ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=7]

 

Of course I cannot reach any host on the remote LAN.

 

Do you have any suggestion?

 

thanks in advance.

  0      
  0      
#1
Options
1 Accepted Solution
Re:ER605 Stand Alone Mode and OpenVPN issue-Solution
2022-04-03 15:11:13 - last edited 2022-04-07 06:35:59

  @shberge 

 

thank you for your suggestions.

My mistake is to set the [Local Network] parameter in OpenVPN Server settings:


NO 10.8.0.0/24 but 192.168.0.0/24

 

Now is working correctly.

 

Thanks again.

 

Recommended Solution
  4  
  4  
#18
Options
19 Reply
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-24 08:54:10

Dear @LucioRib ,

 

LucioRib wrote

The Default Gataway of LAN (ISP's Modem/Router has address 192.168.1.1)

The ER605's WAN port has the address 192.168.1.151 (255.255.255.0)

When I connect from remote client (win 10) the "tunnel" is OK (green flag on OpenVPN Client GUI) but the log says:

ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=7]

Of course I cannot reach any host on the remote LAN.

 

1. After your VPN client has connected to the OpenVPN server set up on this R605, please use the ipconfig command to see what VPN IP address the client is getting at this time?
Then use the route print command to see if there is an entry in the routing table for the same router as 10.8.0.0/24?
If so, there may be the IP conflict in your settings and you may try setting the VPN Pool to the subnet on another network segment.


2. Did you add any other parameters when you exported the OpenVPN configuration file?

 

Best Regards!

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-24 20:32:39

  @Hank21 

the client get the address 10.8.0.6

 

here are the output of ipconfig and route print commands before and after the VPN connection:

=======================================================================================
=======================================================================================
=======================================================================================
                                  PRE-VPN Connection
=======================================================================================
=======================================================================================
=======================================================================================
Configurazione IP di Windows
Scheda sconosciuta Connessione alla rete locale (LAN):
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
Scheda sconosciuta OpenVPN Wintun:
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
Scheda Ethernet Ethernet0:
   Suffisso DNS specifico per connessione:
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::a9e3:7cfc:ecb4:2fdf%12
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.101
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Gateway predefinito . . . . . . . . . : 192.168.1.1
Scheda sconosciuta OpenVPN TAP-Windows6:
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
---------------------------------------------------------------------------------------

===========================================================================
Elenco interfacce
  7...00 ff 75 d1 c1 b0 ......TAP-Windows Adapter V9 for OpenVPN Connect
  6...........................Wintun Userspace Tunnel
 12...00 0c 29 a4 7d e5 ......Intel(R) 82574L Gigabit Network Connection
 16...00 ff eb 5a ff ae ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
===========================================================================
Route permanenti:
  Nessuna

IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
  1    331 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::a9e3:7cfc:ecb4:2fdf/128
                                    On-link
  1    331 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna

=======================================================================================
=======================================================================================
=======================================================================================
                                POST-VPN Connection
=======================================================================================
=======================================================================================
=======================================================================================
Configurazione IP di Windows
Scheda sconosciuta Connessione alla rete locale (LAN):
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
Scheda sconosciuta OpenVPN Wintun:
   Stato supporto. . . . . . . . . . . . : Supporto disconnesso
   Suffisso DNS specifico per connessione:
Scheda Ethernet Ethernet0:
   Suffisso DNS specifico per connessione:
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::a9e3:7cfc:ecb4:2fdf%12
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.101
   Subnet mask . . . . . . . . . . . . . : 255.255.255.0
   Gateway predefinito . . . . . . . . . : 192.168.1.1
Scheda sconosciuta OpenVPN TAP-Windows6:
   Suffisso DNS specifico per connessione:
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::6129:3fed:84e4:25cb%16
   Indirizzo IPv4. . . . . . . . . . . . : 10.8.0.6
   Subnet mask . . . . . . . . . . . . . : 255.255.255.252
   Gateway predefinito . . . . . . . . . :

===========================================================================
Elenco interfacce
  7...00 ff 75 d1 c1 b0 ......TAP-Windows Adapter V9 for OpenVPN Connect
  6...........................Wintun Userspace Tunnel
 12...00 0c 29 a4 7d e5 ......Intel(R) 82574L Gigabit Network Connection
 16...00 ff eb 5a ff ae ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
         10.8.0.0    255.255.255.0         10.8.0.5         10.8.0.6    281
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    281
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    281
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    281
===========================================================================
Route permanenti:
  Nessuna

IPv6 Tabella route
===========================================================================
Route attive:
 Interf Metrica Rete Destinazione      Gateway
  1    331 ::1/128                  On-link
 12    281 fe80::/64                On-link
 16    281 fe80::/64                On-link
 16    281 fe80::6129:3fed:84e4:25cb/128
                                    On-link
 12    281 fe80::a9e3:7cfc:ecb4:2fdf/128
                                    On-link
  1    331 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
 16    281 ff00::/8                 On-link
===========================================================================
Route permanenti:
  Nessuna

  0  
  0  
#3
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-25 10:03:16

Dear @LucioRib ,

 

LucioRib wrote

the client get the address 10.8.0.6

 

Thanks for the detailed information, actually we tried the same settings locally but can not reproduce your issue.

The VPN is working fine even though it shows the same error message.

 

Could you please set the VPN again but use a different IP address like 192.168.20.0/24 to test?

If it still doesn't work, please try to ping the Local IP address showed in the tunnel list and check whether you can ping through it.

 

Best Regards!

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-26 20:27:30

 Dear@Hank21 ,

as you suggest I tried to set the VPN address as 192.168.20.0/24 without success.

When the "tunnel" is OK i'm able to ping the local ip address but nothing other one.

I notice, looking the result of ipconfig command that it seems that the default gateway is missing (see below):


Scheda sconosciuta OpenVPN TAP-Windows6:

   Suffisso DNS specifico per connessione:
   Indirizzo IPv6 locale rispetto al collegamento . : fe80::6129:3fed:84e4:25cb%16
   Indirizzo IPv4. . . . . . . . . . . . : 192.168.20.10
   Subnet mask . . . . . . . . . . . . . : 255.255.255.252
   Gateway predefinito . . . . . . . . . :

 

Here are the Route Table of ER605:

ID    Destination IP    Subnet Mask    Next Hop    Interface    Metric
----+---------------+---------------+--------------+----------+-------
1    0.0.0.0         0.0.0.0          192.168.1.1    WAN       0
2    127.0.0.0       255.0.0.0        0.0.0.0        lo        0
3    192.168.1.0     255.255.255.0    0.0.0.0        WAN       0
4    192.168.1.1     255.255.255.255  0.0.0.0        WAN       0
5    192.168.20.2    255.255.255.255  0.0.0.0        tun0      0
6    192.168.0.0     255.255.255.0    0.0.0.0        LAN       0

 

I'm afraid is a configuration problem of OpenVPN Server on ER605, because with the same SW client on the same PC there is no problem to connect to a OpenVPN Server hosted on a PC with Synology Open VPN Server.

 

Thank you again for your kindly support.

  0  
  0  
#5
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-27 00:33:37 - last edited 2022-03-27 00:56:17

  @LucioRib 

 

you can say a lot about VPN on ER605 but in this case it is probably how you have connected your PC, to me it looks like you have connected the PC between WAN on ER605 and LAN on another router. if ER605 has ip WAN 192.168.1.151, and your PC has ip 192.168.1.101 with gateway to 192.168.1.1,  to access your LAN you must have a route to ER605 (192.168.1.151)

 

Try to set manual ip on your computer with gateway to 192.168.1.151 (ER605 WAN)

 

You probably connected like this to test OpenVPN, but you should port NAT the OpenVPN port in your internet router to ER605 and test this from Internett.

  0  
  0  
#6
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-28 16:52:32

  Hello @shberge,

I connected my PC "remote" through Ethernet cable to a tp-link MR-6400 (with IP Address 192.168.1.1 that obviously it's not connected to the home network)

The ISP router of the home network casually has the same IP Address 192.168.1.1 of the "remote" MR-6400; but this is not a problem because I tested this configuration with another OpenVPN Server and in that case it's all OK.

When the VPN is ON (I can see the connection, into the  WEB interface, with another PC connected to the LAN port of ER605) the "remote" PC acquires a second IP address (for VPN) 10.8.0.6


The issue is that the VPN is ON but I can't react any host on the home lan...


Thanks in advance

  0  
  0  
#7
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-28 18:18:19

  @LucioRib 

 

Ok, maybe it's a bug with OpenVPN in stand alone, I have not tested this, but I have several ER605 With OpenVPN Server configured in Omada SDN.

Did you get the NAT (port Forward) in to ER605  on UDP port 1194 ?

You can also try another port eg UDP 1195.

 

 

 

  0  
  0  
#8
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-29 08:56:52 - last edited 2022-03-29 09:02:54

  @LucioRib 

 

I did a quick test with an ER605 in stand alone, also behind another natted firewall, it worked right away with no issues.

here is my setup

 

 

When ping remote site 

 

 

 

you also need to edit the OVPN file so that you get the right WAN ip

 

 

 

 

  0  
  0  
#9
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-29 09:19:04

Hello  @shberge 

I am afraid I could made some confusion in the hardware connections and about settings of the home LAN.

All my home device are on the 192.168.1.0/24 network.

the ISP's Router is the default gateway (192.168.1.1)

I phisycal connected the ER605's WAN port (address 192.168.1.151) with a home network switch.

 

The LAN port of ER605 has address 192.168.0.1 (the DHCP server is active)

 

Is this correct that, in the ER605, the WAN port has address 192.168.1.151 and the LAN port 192.168.0.1?

 

Thanks.

  0  
  0  
#10
Options
Re:ER605 Stand Alone Mode and OpenVPN issue
2022-03-29 09:35:13

  @LucioRib 

 

I do not quite understand how you have connected your network, so if you can draw a sketch of how things are connected, it will be easier.

in principle, you should not connect all LAN devices on the same network as WAN on ER605, All LAN devices should be connected to LAN on ER605 not on WAN

the best thing would have been to connect the WAN port on the ER605 directly to the internet and not go via another router.

 

  0  
  0  
#11
Options