Hi.
i want to setup one openvpn client, one openvpn server and also one no-vpn.
my current openwrt version is 22.03
tried this also OpenVPN client and MWAN3
but ended up with : interface vpnclient1 is error (16) and tracking is active
im newbie in openwrt and networking and trying to learn new stuff
any help will greatly appreciated
Start small, extend as you get a grip on things.
Meddling mwan3, openvpn-server and openvpn-client together is a recipe for hitting the walls left and right. Even with baby-steps, it's going to be a steep learning curve to get on top of this, even more so with the need for some kind of policy-based routing on top of mwan3 and openvpn-client.
1 Like
I've tried that config once again
and gave me same error
interface vpnclient1 is error (16) and tracking is active
Here is some information
MultiWAN Manager - Status
Interface status:
interface wan is online 00h:06m:04s, uptime 00h:06m:14s and tracking is active
interface vpnclient1 is error (16) and tracking is active
interface vpnclient2 is offline and tracking is paused
Current ipv4 policies:
balanced:
wan (100%)
p_vpnclient1:
vpnclient1 (100%)
p_vpnclient2:
unreachable
wan_only:
wan (100%)
Current ipv6 policies:
balanced:
unreachable
p_vpnclient1:
unreachable
p_vpnclient2:
unreachable
wan_only:
unreachable
Directly connected ipv4 networks:
224.0.0.0/3
127.255.255.255
192.168.3.255
192.168.3.0/24
127.0.0.0
192.168.1.2
127.0.0.1
192.168.1.255
192.168.3.0
127.0.0.0/8
192.168.1.0
192.168.3.1
192.168.1.0/24
Directly connected ipv6 networks:
fd09:504:b143::/64
fe80::/64
Active ipv4 user rules:
323 28015 LOG all -- * * 192.168.3.219 0.0.0.0/0
323 28015 - p_vpnclient1 all -- * * 192.168.3.219 0.0.0.0/0
182 14238 S https tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 443
238 15563 - balanced all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 - p_vpnclient2 all -- * * 192.168.1.121 0.0.0.0/0
Active ipv6 user rules:
0 0 S https tcp * * ::/0 ::/0 multiport dports 443
50 8854 - balanced all * * ::/0 ::/0
MultiWAN Manager - Troubleshooting
Software-Version
-------------------------------------------------
OpenWrt - 22.03.0
Output of "ip -4 a show"
-------------------------------------------------
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.2/24 brd 192.168.1.255 scope global wan
valid_lft forever preferred_lft forever
38: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
inet 192.168.3.1/24 brd 192.168.3.255 scope global br-lan
valid_lft forever preferred_lft forever
45: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
inet 10.80.0.8/16 scope global tun1
valid_lft forever preferred_lft forever
Output of "ip -4 route show"
-------------------------------------------------
default via 192.168.1.1 dev wan proto static src 192.168.1.2 metric 10
10.80.0.0/16 dev tun1 proto kernel scope link src 10.80.0.8
192.168.1.0/24 dev wan proto static scope link metric 10
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1
Output of "ip -4 rule show"
-------------------------------------------------
0: from all lookup local
1001: from all iif wan lookup 1
1002: from all iif tun1 lookup 2
2001: from all fwmark 0x100/0x3f00 lookup 1
2002: from all fwmark 0x200/0x3f00 lookup 2
2061: from all fwmark 0x3d00/0x3f00 blackhole
2062: from all fwmark 0x3e00/0x3f00 unreachable
3001: from all fwmark 0x100/0x3f00 unreachable
3002: from all fwmark 0x200/0x3f00 unreachable
32766: from all lookup main
32767: from all lookup default
Output of "ip -4 route list table 1-250"
-------------------------------------------------
Routing table 1:
default via 192.168.1.1 dev wan proto static src 192.168.1.2 metric 10
192.168.1.0/24 dev wan proto static scope link metric 10
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1
Routing table 2:
10.80.0.0/16 dev tun1 proto kernel scope link src 10.80.0.8
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1
Output of "iptables -t mangle -w -L -v -n"
-------------------------------------------------
Chain PREROUTING (policy ACCEPT 3423 packets, 662K bytes)
pkts bytes target prot opt in out source destination
10849 2099K mwan3_hook all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 1800 packets, 278K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1619 packets, 383K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1755 packets, 656K bytes)
pkts bytes target prot opt in out source destination
5060 1596K mwan3_hook all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 3374 packets, 1038K bytes)
pkts bytes target prot opt in out source destination
Chain mwan3_connected_ipv4 (2 references)
pkts bytes target prot opt in out source destination
2950 627K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_connected_ipv4 dst MARK or 0x3f00
Chain mwan3_custom_ipv4 (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_custom_ipv4 dst MARK or 0x3f00
Chain mwan3_dynamic_ipv4 (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_dynamic_ipv4 dst MARK or 0x3f00
Chain mwan3_hook (2 references)
pkts bytes target prot opt in out source destination
14987 3619K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 CONNMARK restore mask 0x3f00
981 81859 mwan3_ifaces_in all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
845 70169 mwan3_custom_ipv4 all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
845 70169 mwan3_connected_ipv4 all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
783 60809 mwan3_dynamic_ipv4 all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
783 60809 mwan3_rules all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
15909 3695K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0x3f00
7599 1630K mwan3_custom_ipv4 all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x3f00/0x3f00
7599 1630K mwan3_connected_ipv4 all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x3f00/0x3f00
4711 1013K mwan3_dynamic_ipv4 all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x3f00/0x3f00
Chain mwan3_iface_in_vpnclient1 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- tun1 * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_custom_ipv4 src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
0 0 MARK all -- tun1 * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_connected_ipv4 src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
0 0 MARK all -- tun1 * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_dynamic_ipv4 src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
0 0 MARK all -- tun1 * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /* vpnclient1 */ MARK xset 0x200/0x3f00
Chain mwan3_iface_in_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- wan * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_custom_ipv4 src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
34 2870 MARK all -- wan * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_connected_ipv4 src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
0 0 MARK all -- wan * 0.0.0.0/0 0.0.0.0/0 match-set mwan3_dynamic_ipv4 src mark match 0x0/0x3f00 /* default */ MARK or 0x3f00
12 1001 MARK all -- wan * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /* wan */ MARK xset 0x100/0x3f00
Chain mwan3_ifaces_in (1 references)
pkts bytes target prot opt in out source destination
978 81170 mwan3_iface_in_wan all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
718 53386 mwan3_iface_in_vpnclient1 all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
Chain mwan3_policy_balanced (2 references)
pkts bytes target prot opt in out source destination
165 11096 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /* wan 3 3 */ MARK xset 0x100/0x3f00
Chain mwan3_policy_p_vpnclient1 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /* vpnclient1 1 1 */ MARK xset 0x200/0x3f00
Chain mwan3_policy_p_vpnclient2 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /* unreachable */ MARK xset 0x3e00/0x3f00
Chain mwan3_policy_wan_only (0 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00 /* wan 3 3 */ MARK xset 0x100/0x3f00
Chain mwan3_rule_https (1 references)
pkts bytes target prot opt in out source destination
207 15738 mwan3_policy_balanced all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
207 15738 SET all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0xfc00/0xfc00 del-set mwan3_rule_ipv4_https src,src
207 15738 SET all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0xfc00/0xfc00 add-set mwan3_rule_ipv4_https src,src
Chain mwan3_rules (1 references)
pkts bytes target prot opt in out source destination
323 28015 LOG all -- * * 192.168.3.219 0.0.0.0/0 mark match 0x0/0x3f00 /* laptop_1 */ LOG flags 0 level 7 prefix "MWAN3(laptop_1)"
323 28015 mwan3_policy_p_vpnclient1 all -- * * 192.168.3.219 0.0.0.0/0 mark match 0x0/0x3f00
207 15738 mwan3_rule_https tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 443 mark match 0x0/0x3f00
250 16367 mwan3_policy_balanced all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x0/0x3f00
0 0 mwan3_policy_p_vpnclient2 all -- * * 192.168.1.121 0.0.0.0/0 mark match 0x0/0x3f00
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.