Bad news ..
----- Original Message -----
From: "Jan Just Keijser" <janj...@nikhef.nl>
To: "jack seth" <bird_...@hotmail.com>
Cc: <openvpn-users@lists.sourceforge.net>
Sent: Saturday, June 06, 2015 11:56 PM
Subject: Re: [Openvpn-users] How do I define vpn_gateway?
> On 06/06/15 18:02, jack seth wrote:
>>
>>
>> > From: debbie...@gmail.com
>> > To: bird_...@hotmail.com
>> > CC: openvpn-users@lists.sourceforge.net
>> > Subject: Re: [Openvpn-users] How do I define vpn_gateway?
>> > Date: Sat, 6 Jun 2015 16:59:22 +0100
>> >
>> >
>> > ----- Original Message -----
>> > From: "jack seth" <bird_...@hotmail.com>
>> > To: <debbie...@gmail.com>
>> > Cc: <openvpn-users@lists.sourceforge.net>
>> > Sent: Saturday, June 06, 2015 3:58 PM
>> > Subject: RE: [Openvpn-users] How do I define vpn_gateway?
>> >
>> >
>> > > I'm using 'route-gateway dhcp'. Can 'vpn_gateway' not be used with
>> this?
>> >
>> > Testing on my setup appears to indicate that they cannot be used
>> together.
>> > But I did not test very thoroughly and you have not posted details
>> of your
>> > setup.
>> > eg: TAP or TUN .. etc
>> >
>> > From the manual:
>> > --route-gateway gw|'dhcp'
>> > Specify a default gateway gw for use with --route.
>> > If dhcp is specified as the parameter, the gateway address will be
>> extracted
>> > from ** a DHCP negotiation ** with the OpenVPN server-side LAN.
>> >
>> > This implies that it also requires --dev tap as ** a DHCP negotiation
>> > **
>> > will probably use broadcasts ..
>> >
>> > Regards
>>
>> Yes, it's tap. It may be a timing thing.
>>
> As Gert said: don't use this unless you absolute have to , and don't use
> this unless you know what you are doing.
> If you *must* use this feature, try adding
> route-delay 5
> which will cause OpenVPN to delay for 5 seconds before attempting to add
> routes - with any luck, the DHCP assigned gateway will be available on
> the client.
>
> HTH,
>
> JJK
>
>
Thanks for the suggestion JJK but it is not suitable.
Further testing reveals (Relevant details):
Server config:
dev tap
server-bridge
push "route-delay 10"
push "route 10.44.3.0 255.255.255.0 vpn_gateway"
push "route 10.44.4.0 255.255.255.0 172.17.2.1"
Client config:
route-delay 10
Client log:
Sun Jun 07 15:11:52 2015 us=945564 PUSH: Received control message:
'PUSH_REPLY,route-delay 10,route 10.44.3.0 255.255.255.0 vpn_gateway,route
10.44.4.0 255.255.255.0 172.17.2.1,route-gateway dhcp,ping 10,ping-restart
30,peer-id 1'
Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: timers and/or timeouts
modified
Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: route options modified
Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: route-related options
modified
Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: peer-id set
Sun Jun 07 15:11:53 2015 us=50715 OpenVPN ROUTE: vpn_gateway undefined
Sun Jun 07 15:11:53 2015 us=50715 OpenVPN ROUTE: failed to parse/resolve
route for host/network: 10.44.3.0
Sun Jun 07 15:11:53 2015 us=65737 open_tun, tt->ipv6=0
Sun Jun 07 15:11:53 2015 us=65737 TAP-WIN32 device [OpenVPN] opened:
\\.\Global\{9F7B824B-4984-4396-B6AB-98C4042C14D2}.tap
Sun Jun 07 15:11:53 2015 us=80758 TAP-Windows Driver Version 9.9
Sun Jun 07 15:11:53 2015 us=80758 TAP-Windows MTU=1500
Sun Jun 07 15:11:53 2015 us=95780 NOTE: FlushIpNetTable failed on interface
[4] {9F7B824B-4984-4396-B6AB-98C4042C14D2} (status=1413) : Invalid index.
Sun Jun 07 15:11:54 2015 us=808242 Extracted DHCP router address: 172.17.2.1
Sun Jun 07 15:12:03 2015 us=295446 TEST ROUTES: 1/1 succeeded len=1 ret=1
a=0 u/d=up
Sun Jun 07 15:12:03 2015 us=295446 MANAGEMENT:
>STATE:1433686323,ADD_ROUTES,,,
Sun Jun 07 15:12:03 2015 us=295446 C:\WINDOWS\system32\route.exe ADD
10.44.4.0 MASK 255.255.255.0 172.17.2.1
Sun Jun 07 15:12:03 2015 us=310468 Route addition via IPAPI succeeded
[adaptive]
Sun Jun 07 15:12:03 2015 us=310468 Initialization Sequence Completed
It appears openvpn tries to evaluate "vpn_gateway" before adding routes
*and* before route delay.
The router address is "extracted" drom DHCP after trying to evaluate
"vpn_gateway"
So the bad news is .. it appears that your config (Jack Seth) is
incompatible.
Regards
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
