need to add static route over openvpn tun interface
Posted: Thu Feb 09, 2017 9:47 am
Hi folks .
i have VPN server (A) on centos 6 os
i have VPN client (B) on ubuntu 12
================
i had the tunnel up and running and i have problem with routing .
=====================
so the topology is
lan1-----serverA-----internet-------servrB----lan2
===============
server A side :
[root@li90-82 ~]# cat /etc/openvpn/server.conf
topology subnet
#local 192.168.178.2
push "route 192.168.178.0 255.255.255.0"
duplicate-cn
port 1171 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ifconfig 10.8.222.41 10.8.222.40
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
push "route 1.1.1.0 255.255.255.0"
#push "route 192.168.100.0 255.255.255.0"
#push "route 10.160.150.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1171.log
verb 3
client B side :
client
dev tun
proto udp
remote x.x.248.82 1171 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
<cert>
xxx
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>
comp-lzo
reneg-sec 0
verb 3
now i have the connection fine and the ping between 10.8.0.x is boring fine fro both directions .
the clint had ip 10.8.0.2 and we can ping 10.8.0.x without issues
but .....
from the server A i tried to add route static over the tun interface as below :
route add -net 10.50.60.0 netmask 255.255.255.0 gw 10.8.0.2
and when i try to ping to 10.50.60.x which is clint (B) side , it don't work
and its even don't pass the tun interface
i did tcpdump and its not passing the traffic o that interface
so I'm sure its something relative to VPN
also i verified that route is valid in table of server A:
[root@li90-82 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw-li90.linode. 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
10.50.60.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
74.207.248.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth0
[root@li90-82 ~]#
also verified that routing is enabled on both server & clint side ==> net.ipv4.ip_forward = 1
so i need a help on how can we add static routes form system linux level not from openvpn after the VPN is up
thanks very much
i have VPN server (A) on centos 6 os
i have VPN client (B) on ubuntu 12
================
i had the tunnel up and running and i have problem with routing .
=====================
so the topology is
lan1-----serverA-----internet-------servrB----lan2
===============
server A side :
[root@li90-82 ~]# cat /etc/openvpn/server.conf
topology subnet
#local 192.168.178.2
push "route 192.168.178.0 255.255.255.0"
duplicate-cn
port 1171 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ifconfig 10.8.222.41 10.8.222.40
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
#push "redirect-gateway def1"
push "route 1.1.1.0 255.255.255.0"
#push "route 192.168.100.0 255.255.255.0"
#push "route 10.160.150.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1171.log
verb 3
client B side :
client
dev tun
proto udp
remote x.x.248.82 1171 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
<cert>
xxx
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>
comp-lzo
reneg-sec 0
verb 3
now i have the connection fine and the ping between 10.8.0.x is boring fine fro both directions .
the clint had ip 10.8.0.2 and we can ping 10.8.0.x without issues
but .....
from the server A i tried to add route static over the tun interface as below :
route add -net 10.50.60.0 netmask 255.255.255.0 gw 10.8.0.2
and when i try to ping to 10.50.60.x which is clint (B) side , it don't work
and its even don't pass the tun interface
i did tcpdump and its not passing the traffic o that interface
so I'm sure its something relative to VPN
also i verified that route is valid in table of server A:
[root@li90-82 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw-li90.linode. 0.0.0.0 UG 0 0 0 eth0
10.8.0.0 * 255.255.255.0 U 0 0 0 tun0
10.50.60.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0
74.207.248.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth0
[root@li90-82 ~]#
also verified that routing is enabled on both server & clint side ==> net.ipv4.ip_forward = 1
so i need a help on how can we add static routes form system linux level not from openvpn after the VPN is up
thanks very much