Unable to start 2 vpn at same time, wireguard and openvpn

I have to connect 2 VPN service at same time. one to be used as default gateway, and other for only tunnel behind NAT to manage that device from outside.
Openvpn works perfect fine (if only openvpn is connected) , no dis-connections, nothing, but as soon as i start the wireguard vpn ( i already have disabled its gateway feature so that it does not become default gateway), then openvn stops working, keeps saying it cannot connect to remote server.

How to make both work ? at same time
(they do work sometimes randomly though)

The output of ip route (in various configurations) would be the place to start looking. This sounds like a problem with conflicting routes to me.

1 Like

How to check which routes are conflicting? and resolve them? as i need both up and running without conflict

It’s a challenge to guess what you’ve got. If you post here, using the preformat button in the editor toolbar </> (masking any sensitive data, but not so much that the routes don’t make sense), you can probably get some good insights from the people here. I would post at least three conditions:

  • No VPN
  • One activated
  • Both activated

What information do you need to diagnose it? only routing table? in all 3 cases?

That’s where I’d start if I were in front of your device.

With openvpn (only)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.21.9.1       128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.0.1     0.0.0.0         UG    10     0        0 eth0.2
10.21.9.0       0.0.0.0         255.255.255.0   U     0      0        0 tun0
44.242.1.87   192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
127.0.0.1       192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
128.0.0.0       10.21.9.1       128.0.0.0       UG    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     10     0        0 eth0.2
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

Without any VPN:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    10     0        0 eth0.2
192.168.0.0     0.0.0.0         255.255.255.0   U     10     0        0 eth0.2
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

with both vpn (openvpn and Wireguard)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.21.9.1       128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.0.1     0.0.0.0         UG    10     0        0 eth0.2
10.9.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
10.21.9.0       0.0.0.0         255.255.255.0   U     0      0        0 tun0
44.242.1.87   192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
127.0.0.1       192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
128.0.0.0       10.21.9.1       128.0.0.0       UG    0      0        0 tun0
169.33.231.9  192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
192.168.0.0     0.0.0.0         255.255.255.0   U     10     0        0 eth0.2
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

But right now internet is working.

Now when i reboot router, then the routing table becomes like below. and there is no internet connection at all. I have to manually stop openvpn as well as wireguard, to resolve it.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         128.0.0.0       U     0      0        0 wg0
0.0.0.0         192.168.0.1     0.0.0.0         UG    10     0        0 eth0.2
10.9.0.0        0.0.0.0         255.255.255.0   U     0      0        0 wg0
127.0.0.1       192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
128.0.0.0       0.0.0.0         128.0.0.0       U     0      0        0 wg0
169.33.231.9  192.168.0.1     255.255.255.255 UGH   0      0        0 eth0.2
192.168.0.0     0.0.0.0         255.255.255.0   U     10     0        0 eth0.2
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

Also, when i do the startvpn init script, i get lot of errors , not sure if it is common or not

root@GL-MT300N-V2:~# /etc/init.d/startvpn restart
uci: Entry not found
uci: Entry not found
well
RTNETLINK answers: No such process
uci: Entry not found

  • Clearing IPv4 filter table
  • Clearing IPv4 nat table
  • Clearing IPv4 mangle table
  • Populating IPv4 filter table
    • Rule ‘Allow-DHCP-Renew’
    • Rule ‘Allow-Ping’
    • Rule ‘Allow-IGMP’
    • Rule ‘Allow-IPSec-ESP’
    • Rule ‘Allow-ISAKMP’
    • Forward ‘lan’ -> ‘wan’
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv4 nat table
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv4 mangle table
    • Zone ‘lan’
    • Zone ‘wan’
  • Clearing IPv6 filter table
  • Clearing IPv6 mangle table
  • Populating IPv6 filter table
    • Rule ‘Allow-DHCPv6’
    • Rule ‘Allow-MLD’
    • Rule ‘Allow-ICMPv6-Input’
    • Rule ‘Allow-ICMPv6-Forward’
    • Rule ‘Allow-IPSec-ESP’
    • Rule ‘Allow-ISAKMP’
    • Forward ‘lan’ -> ‘wan’
    • Zone ‘lan’
    • Zone ‘wan’
  • Populating IPv6 mangle table
    • Zone ‘lan’
    • Zone ‘wan’
  • Set tcp_ecn to off
  • Set tcp_syncookies to on
  • Set tcp_window_scaling to on
  • Running script ‘/etc/firewall.user’
    uci: Entry not found
    iptables: No chain/target/match by that name.
    iptables: No chain/target/match by that name.
  • Running script ‘/usr/bin/glfw.sh’
    uci: Entry not found
    uci: Entry not found
  • Running script ‘/usr/sbin/glqos.sh’
    ! Skipping due to path error: No such file or directory
  • Running script ‘/var/etc/mwan3.include’