need to add static route over openvpn tun interface

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
dr.x
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 09, 2017 8:26 am

need to add static route over openvpn tun interface

Postby dr.x » Thu Feb 09, 2017 9:47 am

Hi folks .
i have VPN server (A) on centos 6 os
i have VPN client (B) on ubuntu 12
================
i had the tunnel up and running and i have problem with routing .
=====================
so the topology is
lan1-----serverA-----internet-------servrB----lan2
===============
server A side :
[root@li90-82 ~]# cat /etc/openvpn/server.conf
topology subnet
#local 192.168.178.2
push "route 192.168.178.0 255.255.255.0"
duplicate-cn
port 1171 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ifconfig 10.8.222.41 10.8.222.40
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
push "route 1.1.1.0 255.255.255.0"
#push "route 192.168.100.0 255.255.255.0"
#push "route 10.160.150.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1171.log
verb 3



client B side :

client
dev tun
proto udp
remote x.x.248.82 1171 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun


<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>

<cert>
xxx
</cert>

<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>

comp-lzo
reneg-sec 0
verb 3


now i have the connection fine and the ping between 10.8.0.x is boring fine fro both directions .
the clint had ip 10.8.0.2 and we can ping 10.8.0.x without issues
but .....
from the server A i tried to add route static over the tun interface as below :
route add -net 10.50.60.0 netmask 255.255.255.0 gw 10.8.0.2

and when i try to ping to 10.50.60.x which is clint (B) side , it don't work
and its even don't pass the tun interface
i did tcpdump and its not passing the traffic o that interface
so I'm sure its something relative to VPN
also i verified that route is valid in table of server A:

[root@li90-82 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw-li90.linode. 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
10.50.60.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
74.207.248.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth0
[root@li90-82 ~]#


also verified that routing is enabled on both server & clint side ==> net.ipv4.ip_forward = 1

so i need a help on how can we add static routes form system linux level not from openvpn after the VPN is up

thanks very much

Return to “Routing and Firewall Scripts”

Who is online

Users browsing this forum: No registered users and 1 guest