FWIW: You CANNOT pick and choose between --den tun and --dev tap As the client, you MUST use the same as the server setting.
Regards ----- Original Message ----- From: "Hongyi Zhao" <hongyi.z...@gmail.com> To: "Magiel van der Meer" <mag...@v-dmeer.nl> Cc: <openvpn-users@lists.sourceforge.net> Sent: Wednesday, October 14, 2015 8:53 AM Subject: Re: [Openvpn-users] Cann't restore route tables based on the previously save route tables when using openvpn. > 2015-10-14 14:29 GMT+08:00 Magiel van der Meer <mag...@v-dmeer.nl>: >> The tap0 interface seems down, thats why ifconfig isnt showing it. >> Ifconfig is deprecated and will, depending on your distro, be removed in >> favor of 'ip'. >> >> You can try to tell the client to bring the tap device up but you should >> google for the command, dont know it by heart. Not sure why the tap >> interface is down, I believe the openvpn client process should bring it >> up when the connection is succesfull > > Thanks, I tried the following two commands: > > sudo ifconfig tap0 up > or > sudo ip link set tap0 up > > Bothe of them can bring up the tap device. See the followong for detail: > > $ sudo ifconfig > [snipped] > tap0 Link encap:Ethernet HWaddr 16:66:ee:12:66:1e > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:55 errors:0 dropped:0 overruns:0 frame:0 > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:100 > RX bytes:2610 (2.5 KiB) TX bytes:0 (0.0 B) > > > But, as you can see, the tap device leave unconfiged with any addresses. > > How should solve this issue? > > Regards > > >> >> -- >> Met vriendelijke groet, >> With kind regards, >> >> Magiel van der Meer >> mag...@v-dmeer.nl >> >> On 14 Oct 2015, at 03:46, Hongyi Zhao <hongyi.z...@gmail.com> wrote: >> >>>> Hi, >>> >>>> I see what you mean. It has been a while I have last worked with TUN >>>> adapters. I’m always using TAP. But I remember > that TUN interfaces >>>> aren’t ‘normal’ network devices as we're used to. Look at the net mask >>>> definition of the tungfwlbist > interface. This is a /32. For your >>>> Linux system there is only 1 IP address in this /32, namely >>>> 10.211.72.117. Any other > address (even the remote site ’10.211.72.118’) >>>> is outside this scope. Linux will fail adding custom routing to an >>>> address outside the subnet. >>> >>>> You can try two things: let openvpn handle all routing, although I >>>> understand that this is not desirable in your situation. > Second, >>>> switch to use TAP interfaces. These emulate ethernet devices and if you’re >>>> using a bigger subnet with the >>>> VPN server having an IP address ending in .1, you can use personal, >>>> custom routing within your operating system. For > this reason i’m >>>> always using TAP. >>> >>>> Regards, >>>> Magiel >>> >>> Based on your advice, I've tried the openvpn with ``--dev tap`` >>> option, for detail, you can see the following output >>> log by openvpn: >>> >>> >>> ---------------- >>> $ sudo openvpn --config vpngate_183.161.242.87_tcp_1220.ovpn --dev tap >>> [snipped] >>> Wed Oct 14 09:29:29 2015 TUN/TAP device tap0 opened >>> Wed Oct 14 09:29:29 2015 TUN/TAP TX queue length set to 100 >>> Wed Oct 14 09:29:29 2015 Initialization Sequence Completed >>> ------------------- >>> >>> Then I run the following commands to check the openvpn tap0 nic card >>> and corresponding route table setting: >>> >>> $ sudo ifconfig >>> eth0 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f0 >>> inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:27503 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:26596 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:15565564 (14.8 MiB) TX bytes:6109190 (5.8 MiB) >>> Memory:de200000-de27ffff >>> >>> eth1 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f1 >>> UP BROADCAST MULTICAST MTU:1500 Metric:1 >>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) >>> Memory:de100000-de17ffff >>> >>> lo Link encap:Local Loopback >>> inet addr:127.0.0.1 Mask:255.0.0.0 >>> UP LOOPBACK RUNNING MTU:65536 Metric:1 >>> RX packets:13629 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:13629 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:0 >>> RX bytes:1462913 (1.3 MiB) TX bytes:1462913 (1.3 MiB) >>> >>> $ ip link >>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >>> mode DEFAULT group default >>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP >>> mode DEFAULT group default qlen 1000 >>> link/ether 0c:c4:7a:6a:f7:f0 brd ff:ff:ff:ff:ff:ff >>> 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state >>> DOWN mode DEFAULT group default qlen 1000 >>> link/ether 0c:c4:7a:6a:f7:f1 brd ff:ff:ff:ff:ff:ff >>> 16: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode >>> DEFAULT group default qlen 100 >>> link/ether c6:d0:66:11:4e:be brd ff:ff:ff:ff:ff:ff >>> >>> As you can see, the ifconfid will not show the tap0 at all for me, >>> while the ``ip link`` can give the information on it. >>> >>> And the route table for tap0 is empty: >>> >>> $ ip route show dev tap0 >>> >>> At this step, how should I do the further settings so let the openvpn >>> client can work for me with appropriate routing tables? >>> >>> Regards >>> >>> >>>> On 13 Oct 2015, at 15:04, Hongyi Zhao <hongyi.z...@gmail.com> wrote: >>>> >>>> 2015-10-13 14:54 GMT+08:00 Magiel van der Meer <mag...@v-dmeer.nl>: >>>>> This means most likely that the default gateway you're trying to add >>>>> isn't within a local connected subnet. >>>> >>>> See the information in detail for my case: >>>> >>>> $ sudo ifconfig >>>> eth0 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f0 >>>> inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:5605 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:10072 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:1000 >>>> RX bytes:2846126 (2.7 MiB) TX bytes:2330753 (2.2 MiB) >>>> Memory:de200000-de27ffff >>>> >>>> eth1 Link encap:Ethernet HWaddr 0c:c4:7a:6a:f7:f1 >>>> UP BROADCAST MULTICAST MTU:1500 Metric:1 >>>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:1000 >>>> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) >>>> Memory:de100000-de17ffff >>>> >>>> lo Link encap:Local Loopback >>>> inet addr:127.0.0.1 Mask:255.0.0.0 >>>> UP LOOPBACK RUNNING MTU:65536 Metric:1 >>>> RX packets:4969 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:4969 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:0 >>>> RX bytes:468967 (457.9 KiB) TX bytes:468967 (457.9 KiB) >>>> >>>> tun-gfwlist Link encap:UNSPEC HWaddr >>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 >>>> inet addr:10.211.72.117 P-t-P:10.211.72.118 >>>> Mask:255.255.255.255 >>>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 >>>> RX packets:1919 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:1597 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:100 >>>> RX bytes:1215481 (1.1 MiB) TX bytes:200464 (195.7 KiB) >>>> >>>> For my case, the eth0 is up, the eth0 is down. And the vpn created a >>>> virtual nic named as tun-gfwlist. >>>> >>>> As you can see, the tun-gfwlist use point to point method to connetc >>>> the remote network. And the gateway may be different for each >>>> connection. So I use the the following command to create all of these >>>> route table entries used by openvpn: >>>> >>>> sudo ip route add dstination-network-address/cidr-prefix dev >>>> tun-gfwlist table openvpn >>>> >>>> And then I meet the issue I posted here. >>>> >>>> Regards >>>> >>>>> >>>>> -- >>>>> Met vriendelijke groet, >>>>> With kind regards, >>>>> >>>>> Magiel van der Meer >>>>> mag...@v-dmeer.nl >>>>> >>>>>> On 13 Oct 2015, at 05:58, Hongyi Zhao <hongyi.z...@gmail.com> wrote: >>>>>> >>>>>> Hi all, >>>>>> >>>>>> I use openvpn to access the web via the vpngate's vpn servers. >>>>>> >>>>>> I don't use the global vpn mode, so I must add some specific routes >>>>>> for the websites which I want to access throuth the >>>>>> vpngate's vpn servers. For my case, I use the --route-nopull option >>>>>> for this purpose. >>>>>> >>>>>> Due to the route tables used by openvpn for my purpose may be so >>>>>> huge. >>>>>> I use the following method to save the route tables used by openvpn >>>>>> and restore them: >>>>>> >>>>>> ip route save table openvpn > rt_openvpn >>>>>> >>>>>> And then, after I restart my openvpn and connected susscessfully, >>>>>> issuing the following command: >>>>>> >>>>>> sudo ip route restore table openvpn < rt_openvpn >>>>>> >>>>>> But, at this step, I meet the following errors: >>>>>> >>>>>> RTNETLINK answers: No such device >>>>>> >>>>>> And failed to restore the previously save route tables. >>>>>> >>>>>> Any hints for this issue? >>>>>> >>>>>> Regards >>>>>> -- >>>>>> Hongyi Zhao <hongyi.z...@gmail.com> >>>>>> Xinjiang Technical Institute of Physics and Chemistry >>>>>> Chinese Academy of Sciences >>>>>> GnuPG DSA: 0xD108493 >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> _______________________________________________ >>>>>> Openvpn-users mailing list >>>>>> Openvpn-users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users >>>> >>>> >>>> >>>> -- >>>> Hongyi Zhao <hongyi.z...@gmail.com> >>>> Xinjiang Technical Institute of Physics and Chemistry >>>> Chinese Academy of Sciences >>>> GnuPG DSA: 0xD108493 >>> <smime.p7s> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> Openvpn-users mailing list >>> Openvpn-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > -- > Hongyi Zhao <hongyi.z...@gmail.com> > Xinjiang Technical Institute of Physics and Chemistry > Chinese Academy of Sciences > GnuPG DSA: 0xD108493 > > ------------------------------------------------------------------------------ > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > ------------------------------------------------------------------------------ _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
