Page 1 of 1

[Solved] OpenVPN - Routing Problem?

Posted: Wed Mar 08, 2017 1:09 am
by plouro
Hello,

I'm having a problem but before asking for your help, let me show how are my vpns configured:

Currently I have a 2 sites.

SiteA: -> 172.17.103.0/24
SiteB: -> 172.17.102.0/24
OpenVpn Server -> 172.17.101.0/24

SiteA is connected via IPSEC to SiteB. Both communicate.

At the same time i have a OpenVPN server on SiteA, which works great.

So it raises the need to connect to SiteB via OpenVPN, I created a second Phase2 on IPSEC, tunnel connect and it is here that starts the weird part.



My OS is Fedora25.
[plouro@b50 ~]$ uname -r
4.9.13-200.fc25.x86_64



I have configured OpenVPN in System->Network, has a profile, when I activate the vpn all good, I am able to connect to SiteB via openVpn.
OpenVpn->SiteA->IPsec->SiteB

But if I launch the vpn connection via CLI, sudo openvpn file.ovpn, the connection is made, I can connect to SiteA but not to SiteB.

So I tried on windows and it has the same result, I cant connect to SiteB via openVPN.

One thing I noticed is when i launch openVPN via CLI here is my routing:

[plouro@b50 ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default dsldevice.lan 0.0.0.0 UG 600 0 0 wlp9s0
172.17.103.0 172.17.101.1 255.255.255.0 UG 0 0 0 tun0
172.17.101.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp9s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0


But when I launch openVpn via System->Network (openVpn profile), here is my routing:

[plouro@b50 ~]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 50 0 0 tun0
default gateway 0.0.0.0 UG 600 0 0 wlp9s0
static-wan-bl3- gateway 255.255.255.255 UGH 600 0 0 wlp9s0
172.17.101.0 0.0.0.0 255.255.255.0 U 50 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp9s0
gateway 0.0.0.0 255.255.255.255 UH 600 0 0 wlp9s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

I have disabled selinux, firewalld to troubleshoot and make sure that was not a problem with permissions.

Here is my .ovpn file

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote (Public IP) 12345 udp
verify-x509-name "Fw2ServerVPN" name
auth-user-pass
pkcs12 fw02-udp-34768-plouro.p12
tls-auth fw02-udp-34768-plouro-tls.key 1
ns-cert-type server
comp-lzo adaptive

nevertheless, it's not making many sense to me why works when I activate via NetworkProfile, and it does not work when I activate via CLI or on Windows...

Is this a bug?

Please advice, thank you

Re: OpenVPN - Routing Problem?

Posted: Wed Mar 08, 2017 1:45 am
by TinCanTech
Is that Openvpn-Access-Server or the free version of Openvpn ?

Re: OpenVPN - Routing Problem?

Posted: Wed Mar 08, 2017 10:35 am
by plouro
Hello TinCanTech,

It is the free version, I noticed now that I posted on the wrong threat.

Could you move to the right one?

Thank you

Re: OpenVPN - Routing Problem?

Posted: Wed Mar 08, 2017 11:52 am
by plouro
TinCanTech,

Just solved my problem, in fact was a routing problem.

So i manually add a route:
ip route add 172.17.102.0/24 via 172.17.101.1 dev tun0

And was able to communicate to SiteB via openVpn.

Still remains a mistery why via NetworkVPNProfile the route 0.0.0.0 via 172.17.101.1 works and if i manually add this route when i start up openVPN via CLI it breaks the connnection.

So I went to the openVPN server, add a push "route 172.17.102.0 255.255.255.0" start the client on Windows and Fedora via CLI and my connection is all good.

OpenVPN->SiteA->IPsec->SiteB


Hope this helps someone.
Thank you