[Openvpn-users] How can I consistently get redirect-gateway def1 to work?

jack seth Thu, 06 Nov 2014 20:48:07 -0800

I have my server TAP interface bridged to my lan so that when my client 
connects it gets assigned an IP in the same subnet as my lan.  Sometimes 
'redirect-gateway def1' creates the proper routes and sometimes it doesn't.  
During my testing, I manually created the same functionality as 
'redirect-gateway def1' by using these commands


route 0.0.0.0 128.0.0.0 192.168.200.1 (This command and the one below 
effectively replace the default routes to send all traffic to my server)
route 128.0.0.0 128.0.0.0 192.168.200.1
route 192.168.200.0 255.255.255.0 192.168.200.1 (This is a route for the lan 
traffic)
route ****.***.com 255.255.255.255 net_gateway (This is a route to my server 
from the public internet)


The above seems to work but I would like to use 'redirect-gateway def1' to 
accomplish this, if not that then the above commands using the variables. Like 
this

route 0.0.0.0 128.0.0.0 vpn_gateway
route 128.0.0.0 128.0.0.0 vpn_gateway
route 192.168.200.0 255.255.255.0 vpn_gateway
route remote_host 255.255.255.255 net_gateway


It almost seems like it is a timing issue. As if the client doesn't have all 
the variables before it tries to setup all the routes. Is it possible to delay 
this action somehow so the variables get populated before the the routes are 
set?   Client is Windows 7 running Openvpn 2.3.4.   Here are the configs, log 
and route info

Client log

Wed Nov 05 17:29:01 2014 us=838318 RESOLVE: Cannot parse IP address: net_gateway
Wed Nov 05 17:29:01 2014 us=838318 OpenVPN ROUTE: failed to parse/resolve route 
for host/network: remote_host
Wed Nov 05 17:29:01 2014 us=838318 OpenVPN ROUTE: vpn_gateway undefined
Wed Nov 05 17:29:01 2014 us=838318 OpenVPN ROUTE: failed to parse/resolve route 
for host/network: 0.0.0.0
Wed Nov 05 17:29:01 2014 us=838318 OpenVPN ROUTE: vpn_gateway undefined
Wed Nov 05 17:29:01 2014 us=838318 OpenVPN ROUTE: failed to parse/resolve route 
for host/network: 128.0.0.0
Wed Nov 05 17:29:01 2014 us=838318 OpenVPN ROUTE: vpn_gateway undefined
Wed Nov 05 17:29:01 2014 us=838318 OpenVPN ROUTE: failed to parse/resolve route 
for host/network: 192.168.200.0

Client config

client
dev tap
resolv-retry infinite
nobind
persist-key
persist-tun
#auth-user-pass
#auth-nocache
float
#user nobody
#group nobody
cipher AES-256-CBC
auth SHA256
tls-client
tls-version-min 1.0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
route-gateway dhcp
route-delay 5
#route-method exe #Default is 'adaptive'
redirect-gateway def1
#route ****.****.** 255.255.255.255 net_gateway
#route 0.0.0.0 128.0.0.0 vpn_gateway
#route 128.0.0.0 128.0.0.0 vpn_gateway
#route 192.168.200.0 255.255.255.0 vpn_gateway
ca "c:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "c:\\Program Files\\OpenVPN\\config\\hdx.crt"
key "c:\\Program Files\\OpenVPN\\config\\hdx.key"
tls-auth "c:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server
comp-lzo
verb 3

<connection>
remote ****.****.**
proto udp
port 1194
#mute-replay-warnings
</connection>

<connection>
remote ****.****.**
proto tcp-client
port 1195
</connection>

Server config

mode server      
proto udp         
port 1194         
dev tap0          
script-security 2
keepalive 15 60    
daemon            
verb 3             
comp-lzo         
persist-key
persist-tun
user nobody
group nobody
cipher AES-256-CBC
auth SHA256
#max-clients 3
client-to-client 
tls-server 
tls-version-min 1.0
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
tls-auth /opt/downloads/openvpn/ta.key 0 
ca /opt/downloads/openvpn/ca.crt         
dh /opt/downloads/openvpn/dh4096.pem  
cert /opt/downloads/openvpn/server.crt  
key /opt/downloads/openvpn/server.key


Route table before VPN connection

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.31.98.1    172.31.98.255     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link     172.31.98.255     31
  169.254.255.255  255.255.255.255         On-link     172.31.98.255    286
      172.31.98.0    255.255.254.0         On-link     172.31.98.255    286
    172.31.98.255  255.255.255.255         On-link     172.31.98.255    286
    172.31.99.255  255.255.255.255         On-link     172.31.98.255    286
   195.93.243.115  255.255.255.255    192.168.200.1    172.31.98.255     31
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     172.31.98.255    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     172.31.98.255    286
===========================================================================

Route table after VPN connection

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.31.98.1    172.31.98.255     25
          0.0.0.0        128.0.0.0     172.16.242.1  192.168.200.125     31
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0     172.16.242.1  192.168.200.125     31
      169.254.0.0      255.255.0.0         On-link     172.31.98.255     26
      169.254.0.0      255.255.0.0  192.168.200.116  192.168.200.125     31
  169.254.255.255  255.255.255.255         On-link     172.31.98.255    281
     172.16.242.0    255.255.255.0     172.16.242.1  192.168.200.125     32
      172.31.98.0    255.255.254.0         On-link     172.31.98.255    281
    172.31.98.255  255.255.255.255         On-link     172.31.98.255    281
    172.31.99.255  255.255.255.255         On-link     172.31.98.255    281
    192.168.200.0    255.255.255.0         On-link   192.168.200.125    286
  192.168.200.125  255.255.255.255         On-link   192.168.200.125    286
  192.168.200.255  255.255.255.255         On-link   192.168.200.125    286
   195.93.243.115  255.255.255.255    192.168.200.1    172.31.98.255     26
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     172.31.98.255    281
        224.0.0.0        240.0.0.0         On-link   192.168.200.125    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     172.31.98.255    281
  255.255.255.255  255.255.255.255         On-link   192.168.200.125    286
===========================================================================

It was suggested that I need the server IP address (i.e. 192.168.200.1) in the 
server config so I tried that but I still couldn't get 'redirect-gateway def1' 
to consistently work,

------------------------------------------------------------------------------

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] How can I consistently get redirect-gateway def1 to work?

Reply via email to