Create static route during OpenVPN for server access

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
arnova
OpenVpn Newbie
Posts: 1
Joined: Mon Sep 18, 2017 7:12 pm

Create static route during OpenVPN for server access

Post by arnova » Mon Sep 18, 2017 7:20 pm

I have a NAS (ReadyNAS running Linux) in my LAN which I don't want to have access to the internet, except via VPN. I accomplished this by removing it's default gateway (actually it's default gw is pointing to an unused IP (192.168.1.2) as it doesn't allow removing it completely) and using my LAN's internal DNS server. Now I want OpenVPN to setup a static route to my LAN's default gateway for the VPN server it's going to use. I've tried several things but I only got it to work by doing this
....
persist-tun
script-security 2
up /etc/openvpn/openvpn_up.sh
.....

and in the shell script:

.....
#!/bin/sh

MY_REAL_GATEWAY="192.168.1.1"

# Set the static route for the selected VPN server:
/sbin/ip route del ${untrusted_ip}/32 2>/dev/null
/sbin/ip route add ${untrusted_ip}/32 via ${MY_REAL_GATEWAY}
.....

It feels like a hack, especially since on Linux OpenVPN always has restart once (due to ping-restart) due to the fact that the default gateway is setup too late in the process (after the UDP socket is already opened). I'm therefor looking for a cleaner solution. I already tried using --route etc. but I ran into the same problems there. I also noticed in OpenVPN's log file that OpenVPN itself is also setting up a static route from my system's (non working) gateway (192.168.1.2) for the VPN server's IP address, but that's also done after the UDP socket is already opened, so that can never work on Linux anyway?!

Is there a proper way or is this some kind of feature that could be implemented?

Post Reply