need to add static route over openvpn tun interface

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
Post Reply
dr.x
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 09, 2017 8:26 am

need to add static route over openvpn tun interface

Post by dr.x » Thu Feb 09, 2017 9:47 am

Hi folks .
i have VPN server (A) on centos 6 os
i have VPN client (B) on ubuntu 12
================
i had the tunnel up and running and i have problem with routing .
=====================
so the topology is
lan1-----serverA-----internet-------servrB----lan2
===============
server A side :
[root@li90-82 ~]# cat /etc/openvpn/server.conf
topology subnet
#local 192.168.178.2
push "route 192.168.178.0 255.255.255.0"
duplicate-cn
port 1171 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ifconfig 10.8.222.41 10.8.222.40
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
push "route 1.1.1.0 255.255.255.0"
#push "route 192.168.100.0 255.255.255.0"
#push "route 10.160.150.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1171.log
verb 3



client B side :

client
dev tun
proto udp
remote x.x.248.82 1171 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun


<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>

<cert>
xxx
</cert>

<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>

comp-lzo
reneg-sec 0
verb 3


now i have the connection fine and the ping between 10.8.0.x is boring fine fro both directions .
the clint had ip 10.8.0.2 and we can ping 10.8.0.x without issues
but .....
from the server A i tried to add route static over the tun interface as below :
route add -net 10.50.60.0 netmask 255.255.255.0 gw 10.8.0.2

and when i try to ping to 10.50.60.x which is clint (B) side , it don't work
and its even don't pass the tun interface
i did tcpdump and its not passing the traffic o that interface
so I'm sure its something relative to VPN
also i verified that route is valid in table of server A:

[root@li90-82 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw-li90.linode. 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
10.50.60.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
74.207.248.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth0
[root@li90-82 ~]#


also verified that routing is enabled on both server & clint side ==> net.ipv4.ip_forward = 1

so i need a help on how can we add static routes form system linux level not from openvpn after the VPN is up

thanks very much

Post Reply