iroute causes learn-address for internal hosts

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
xennex81
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 21, 2017 7:41 am

iroute causes learn-address for internal hosts

Post by xennex81 » Tue Feb 21, 2017 7:52 am

I have a config defined for a client that includes an iroute directive:

Code: Select all

iroute 10.5.0.0 255.255.255.0
Now when I access this route over VPN (through the server) the learn address script is called (that I also have) for an internal host particular to that client:

Code: Select all

Tue Feb 21 07:39:40 2017 MULTI: Learn: 10.5.0.1 -> <common name>/<ip address>:1194
As a result, not only is a route added for that host (that's what my learn-address script also does) that already exists (for the 10.5.0.0 subnet, since learn-address is also called for THAT) but also since this learn-address is called with the same common-name, it now replaces my original common name as well in my DNS table (the client of the VPN server).

To put it more succintly, whenever I access this 10.5.0.1 host which is a subnet behind a client OpenVPN recognises it and calls learn-address on it which lands me in trouble :p.

How can I prevent OpenVPN from doing so? Do I have to code for this in my script?

xennex81
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 21, 2017 7:41 am

Re: iroute causes learn-address for internal hosts

Post by xennex81 » Tue Feb 21, 2017 12:09 pm

I found that the learn-address script is called for every time this host is being accessed.

So in this case 10.5.0.1 is constantly getting called in this script whenever data traverses that channel. The logs are filling up ;-), with all these calls :p.

It is easy enough to recognise that the IP is not part of the subnet of the VPN or not an endpoint and not act on it ($ifconfig_pool_remote_ip etc.) but the logs do fill up with these messages (from the MULTI line).

I have differentiated based on these factors for now and no longer suffer my DNS being affected but it's just a bit annoying that any connection with this host or these hosts would get registered in the OpenVPN logs. Sure I could filter that (behind the fact) but yeah.

See ya, and thanks.

kiranp
OpenVpn Newbie
Posts: 2
Joined: Mon May 25, 2020 10:31 am

Re: iroute causes learn-address for internal hosts

Post by kiranp » Mon May 25, 2020 10:40 am

Hello i am facing issues that my far end device is successfully connected and i can ssh the device too but after VPN router internet is not working.
i am getting below logs in /var/log/message, i am getting warning messages in the logs

warning: 'dev-type' is present in local config but missing in remote config
similar warnings for version, kink-mtu, tun-mtu, cipher, auth, keysize, key-method, tls-client

I am not a Linux guy but trying all the possible ways to resolve this issue.

It was working fine before 2 months but suddenly this has stopped working. Any help would be highly appreciated...!!!!

Post Reply