Hi,
On 07/06/15 16:41, debbie...@gmail.com wrote:
> Bad news ..
>
I can confirm debbie10t's analysis below.
this could be considered a (minor) bug, as this kind of setup is rather
insane (but not unthinkable).
the work around is to explicitly push the IP address of the router
instead of using "dhcp" - if your network setup does not allow that
(i.e. the router IP is too DHCP dependent) then you really should
consider your LAN setup - gateways don't tend to change that often.
Note that if you push the route-gateway from the server that it will
override any settings made on the client side.
HTH,
JJK
> ----- Original Message ----- From: "Jan Just Keijser" <janj...@nikhef.nl>
> To: "jack seth" <bird_...@hotmail.com>
> Cc: <openvpn-users@lists.sourceforge.net>
> Sent: Saturday, June 06, 2015 11:56 PM
> Subject: Re: [Openvpn-users] How do I define vpn_gateway?
>
>
>> On 06/06/15 18:02, jack seth wrote:
>>>
>>>
>>> > From: debbie...@gmail.com
>>> > To: bird_...@hotmail.com
>>> > CC: openvpn-users@lists.sourceforge.net
>>> > Subject: Re: [Openvpn-users] How do I define vpn_gateway?
>>> > Date: Sat, 6 Jun 2015 16:59:22 +0100
>>> >
>>> >
>>> > ----- Original Message -----
>>> > From: "jack seth" <bird_...@hotmail.com>
>>> > To: <debbie...@gmail.com>
>>> > Cc: <openvpn-users@lists.sourceforge.net>
>>> > Sent: Saturday, June 06, 2015 3:58 PM
>>> > Subject: RE: [Openvpn-users] How do I define vpn_gateway?
>>> >
>>> >
>>> > > I'm using 'route-gateway dhcp'. Can 'vpn_gateway' not be used with
>>> this?
>>> >
>>> > Testing on my setup appears to indicate that they cannot be used
>>> together.
>>> > But I did not test very thoroughly and you have not posted details
>>> of your
>>> > setup.
>>> > eg: TAP or TUN .. etc
>>> >
>>> > From the manual:
>>> > --route-gateway gw|'dhcp'
>>> > Specify a default gateway gw for use with --route.
>>> > If dhcp is specified as the parameter, the gateway address will be
>>> extracted
>>> > from ** a DHCP negotiation ** with the OpenVPN server-side LAN.
>>> >
>>> > This implies that it also requires --dev tap as ** a DHCP
>>> negotiation > **
>>> > will probably use broadcasts ..
>>> >
>>> > Regards
>>>
>>> Yes, it's tap. It may be a timing thing.
>>>
>> As Gert said: don't use this unless you absolute have to , and don't use
>> this unless you know what you are doing.
>> If you *must* use this feature, try adding
>> route-delay 5
>> which will cause OpenVPN to delay for 5 seconds before attempting to add
>> routes - with any luck, the DHCP assigned gateway will be available on
>> the client.
>>
>> HTH,
>>
>> JJK
>>
>>
>
> Thanks for the suggestion JJK but it is not suitable.
>
> Further testing reveals (Relevant details):
>
> Server config:
> dev tap
> server-bridge
> push "route-delay 10"
> push "route 10.44.3.0 255.255.255.0 vpn_gateway"
> push "route 10.44.4.0 255.255.255.0 172.17.2.1"
>
> Client config:
> route-delay 10
>
> Client log:
> Sun Jun 07 15:11:52 2015 us=945564 PUSH: Received control message:
> 'PUSH_REPLY,route-delay 10,route 10.44.3.0 255.255.255.0
> vpn_gateway,route 10.44.4.0 255.255.255.0 172.17.2.1,route-gateway
> dhcp,ping 10,ping-restart 30,peer-id 1'
> Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: timers and/or
> timeouts modified
> Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: route options modified
> Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: route-related
> options modified
> Sun Jun 07 15:11:52 2015 us=945564 OPTIONS IMPORT: peer-id set
> Sun Jun 07 15:11:53 2015 us=50715 OpenVPN ROUTE: vpn_gateway undefined
> Sun Jun 07 15:11:53 2015 us=50715 OpenVPN ROUTE: failed to
> parse/resolve route for host/network: 10.44.3.0
> Sun Jun 07 15:11:53 2015 us=65737 open_tun, tt->ipv6=0
> Sun Jun 07 15:11:53 2015 us=65737 TAP-WIN32 device [OpenVPN] opened:
> \\.\Global\{9F7B824B-4984-4396-B6AB-98C4042C14D2}.tap
> Sun Jun 07 15:11:53 2015 us=80758 TAP-Windows Driver Version 9.9
> Sun Jun 07 15:11:53 2015 us=80758 TAP-Windows MTU=1500
> Sun Jun 07 15:11:53 2015 us=95780 NOTE: FlushIpNetTable failed on
> interface [4] {9F7B824B-4984-4396-B6AB-98C4042C14D2} (status=1413) :
> Invalid index.
> Sun Jun 07 15:11:54 2015 us=808242 Extracted DHCP router address:
> 172.17.2.1
> Sun Jun 07 15:12:03 2015 us=295446 TEST ROUTES: 1/1 succeeded len=1
> ret=1 a=0 u/d=up
> Sun Jun 07 15:12:03 2015 us=295446 MANAGEMENT:
> >STATE:1433686323,ADD_ROUTES,,,
> Sun Jun 07 15:12:03 2015 us=295446 C:\WINDOWS\system32\route.exe ADD
> 10.44.4.0 MASK 255.255.255.0 172.17.2.1
> Sun Jun 07 15:12:03 2015 us=310468 Route addition via IPAPI succeeded
> [adaptive]
> Sun Jun 07 15:12:03 2015 us=310468 Initialization Sequence Completed
>
> It appears openvpn tries to evaluate "vpn_gateway" before adding
> routes *and* before route delay.
> The router address is "extracted" drom DHCP after trying to evaluate
> "vpn_gateway"
> So the bad news is .. it appears that your config (Jack Seth) is
> incompatible.
>
> Regards
>
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
