us=924829 Recursive routing detected, drop tun packet to

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
AreebSooYasir
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 10, 2017 5:13 pm

us=924829 Recursive routing detected, drop tun packet to

Post by AreebSooYasir » Fri Aug 11, 2017 5:58 am

I am doing bridging, on the client side everything is working fine (I can ping the remote default gateway). Once I do a brctl addif br0 tap0 then I get this message and basically the VPN tunnel stops working:

us=924829 Recursive routing detected, drop tun packet to

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: us=924829 Recursive routing detected, drop tun packet to

Post by TinCanTech » Fri Aug 11, 2017 10:36 am


AreebSooYasir
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 10, 2017 5:13 pm

Re: us=924829 Recursive routing detected, drop tun packet to

Post by AreebSooYasir » Fri Aug 11, 2017 6:37 pm

Thanks have done this and will make a new thread with full details.

Cheers

AreebSooYasir
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 10, 2017 5:13 pm

OpenVPN Public IP Unique Bridging Issue - How To Route Both on the LAN and through the bridge as needed?

Post by AreebSooYasir » Fri Aug 11, 2017 6:44 pm

I am trying to accomplish the following. I want clients to use the "Client Side" VPN bridge as sort of router on the LAN to use public IPs from the server side via the bridge. I am able to sort of make it work on the client end by assigning a public IP to tap0 and it is reachable from the outside world.

However the true goal of having other systems on the LAN assign public IPs and use the .254 address assigned to br0:0 on the Client side LAN to route back to the remote gateway only works with some routing hacking. And only for 30 seconds by adding tap0 to br0 (the problem is that by doing this it breaks the public IP connectivity from tap0 but does allow traffic to flow temporarily maybe until the port comes up).

Basically the problem is that how do I allow the VPN client side to pass traffic to the tap0 when necessary but also communicate with other clients on the LAN who have assigned the same range? I have tried different routes and used iptables with no solid solution.


Would be very grateful for any help.

Cheers


Server


Operating System:
Centos 6.9
Linux openvpntest 2.6.32-696.6.3.el6.x86_64 #1 SMP Wed Jul 12 14:17:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux




Network Setup:

Code: Select all

br0       Link encap:Ethernet  HWaddr 0A:E5:A9:37:9E:43  
          inet addr:94.22.41.81  Bcast:94.22.41.255  Mask:255.255.255.0
          inet6 addr: fe80::dcad:beff:feef:f215/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7201 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6698 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:564241 (551.0 KiB)  TX bytes:1023323 (999.3 KiB)

eth0      Link encap:Ethernet  HWaddr DE:AD:BE:EF:F2:15  
          inet6 addr: fe80::dcad:beff:feef:f215/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9401 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8209 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:794954 (776.3 KiB)  TX bytes:1128533 (1.0 MiB)
          Interrupt:10 Base address:0x4000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tap0      Link encap:Ethernet  HWaddr 0A:E5:A9:37:9E:43  
          inet6 addr: fe80::8e5:a9ff:fe37:9e43/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6373 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:108108 (105.5 KiB)  TX bytes:573560 (560.1 KiB)
server.conf


Code: Select all

tls-server
port 11194
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
client-to-client
#client-config-dir /etc/openvpn/clients
#server 10.10.10.0 255.255.255.0
route 94.22.41.0 255.255.255.0
mode server
#tun-mtu 1400
keepalive 10 30
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
verb 4
Client

Operating system:
Centos 6.9
Linux localhost.localdomain 2.6.32-696.6.3.el6.x86_64 #1 SMP Wed Jul 12 14:17:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Network setup:

Code: Select all

br0       Link encap:Ethernet  HWaddr 08:00:27:68:3D:D8  
          inet addr:192.168.1.30  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe68:3dd8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:637935 errors:0 dropped:0 overruns:0 frame:0
          TX packets:154089 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:71459109 (68.1 MiB)  TX bytes:20399688 (19.4 MiB)

br0:0     Link encap:Ethernet  HWaddr 08:00:27:68:3D:D8  
          inet addr:94.22.41.254  Bcast:94.22.41.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 08:00:27:68:3D:D8  
          inet6 addr: fe80::a00:27ff:fe68:3dd8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:592682 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157850 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:76504192 (72.9 MiB)  TX bytes:21193653 (20.2 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:17128 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17128 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1917780 (1.8 MiB)  TX bytes:1917780 (1.8 MiB)

tap0      Link encap:Ethernet  HWaddr 4A:05:AA:EF:6B:06  
          inet addr:94.22.41.82  Bcast:94.22.41.255  Mask:255.255.255.0
          inet6 addr: fe80::4805:aaff:feef:6b06/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:1812 (1.7 KiB)


client.ovpn

Code: Select all

proto udp
port 11194
dev tap
remote 94.22.41.81
script-security 3
route-up "/root/clientside-restore/tap0-up.sh"
tls-client
ca ca.crt
cert client.crt
key client.key
pull
comp-lzo
verb 4
tap0-up.sh

Code: Select all

#!/bin/bash
export PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
#echo 1 > /proc/sys/net/ipv4/conf/br0/proxy_arp
#echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp
tap=tap0
remoteip=94.22.41.81
localgateway=192.168.1.1
remotegateway=94.22.41.1
tap0ip=94.22.41.82
br0ip=94.22.41.254
ip route add $remoteip via $localgateway dev br0
ip link set dev $tap address 4A:05:AA:EF:6B:06
ifconfig tap0 94.22.41.82 netmask 255.255.255.0 up
ifconfig br0:0 $br0ip netmask 255.255.255.0 up
route del default gw $localgateway
route add 94.22.41.1 dev tap0
route add default gw $remotegateway dev tap0
#this seems to make it possible for the remote IP to work
#ip route del 94.22.41.0/24 dev tap0
#ip route del 94.22.41.0/24 dev tap0
#adding tap0 to the interface makes the public IP stop working
#however sometimes if you delete and readd it allows a LAN client public IP to work for 30 seconds until the port is enabled very weird
#brctl addif br0 tap0

routing:

Code: Select all

ip route show
94.22.41.81 via 192.168.1.1 dev br0 
94.22.41.1 dev tap0  scope link 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.30 
94.22.41.0/24 dev tap0  proto kernel  scope link  src 94.22.41.82 
169.254.0.0/16 dev br0  scope link  metric 1003 
default via 94.22.41.1 dev tap0 

Post Reply