iroute causes learn-address for internal hosts

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
xennex81
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 21, 2017 7:41 am

iroute causes learn-address for internal hosts

Postby xennex81 » Tue Feb 21, 2017 7:52 am

I have a config defined for a client that includes an iroute directive:

Code: Select all

iroute 10.5.0.0 255.255.255.0


Now when I access this route over VPN (through the server) the learn address script is called (that I also have) for an internal host particular to that client:

Code: Select all

Tue Feb 21 07:39:40 2017 MULTI: Learn: 10.5.0.1 -> <common name>/<ip address>:1194


As a result, not only is a route added for that host (that's what my learn-address script also does) that already exists (for the 10.5.0.0 subnet, since learn-address is also called for THAT) but also since this learn-address is called with the same common-name, it now replaces my original common name as well in my DNS table (the client of the VPN server).

To put it more succintly, whenever I access this 10.5.0.1 host which is a subnet behind a client OpenVPN recognises it and calls learn-address on it which lands me in trouble :p.

How can I prevent OpenVPN from doing so? Do I have to code for this in my script?

xennex81
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 21, 2017 7:41 am

Re: iroute causes learn-address for internal hosts

Postby xennex81 » Tue Feb 21, 2017 12:09 pm

I found that the learn-address script is called for every time this host is being accessed.

So in this case 10.5.0.1 is constantly getting called in this script whenever data traverses that channel. The logs are filling up ;-), with all these calls :p.

It is easy enough to recognise that the IP is not part of the subnet of the VPN or not an endpoint and not act on it ($ifconfig_pool_remote_ip etc.) but the logs do fill up with these messages (from the MULTI line).

I have differentiated based on these factors for now and no longer suffer my DNS being affected but it's just a bit annoying that any connection with this host or these hosts would get registered in the OpenVPN logs. Sure I could filter that (behind the fact) but yeah.

See ya, and thanks.


Return to “Routing and Firewall Scripts”

Who is online

Users browsing this forum: No registered users and 2 guests