Page 1 of 1

iroute causes learn-address for internal hosts

Posted: Tue Feb 21, 2017 7:52 am
by xennex81
I have a config defined for a client that includes an iroute directive:

Code: Select all

Now when I access this route over VPN (through the server) the learn address script is called (that I also have) for an internal host particular to that client:

Code: Select all

Tue Feb 21 07:39:40 2017 MULTI: Learn: -> <common name>/<ip address>:1194
As a result, not only is a route added for that host (that's what my learn-address script also does) that already exists (for the subnet, since learn-address is also called for THAT) but also since this learn-address is called with the same common-name, it now replaces my original common name as well in my DNS table (the client of the VPN server).

To put it more succintly, whenever I access this host which is a subnet behind a client OpenVPN recognises it and calls learn-address on it which lands me in trouble :p.

How can I prevent OpenVPN from doing so? Do I have to code for this in my script?

Re: iroute causes learn-address for internal hosts

Posted: Tue Feb 21, 2017 12:09 pm
by xennex81
I found that the learn-address script is called for every time this host is being accessed.

So in this case is constantly getting called in this script whenever data traverses that channel. The logs are filling up ;-), with all these calls :p.

It is easy enough to recognise that the IP is not part of the subnet of the VPN or not an endpoint and not act on it ($ifconfig_pool_remote_ip etc.) but the logs do fill up with these messages (from the MULTI line).

I have differentiated based on these factors for now and no longer suffer my DNS being affected but it's just a bit annoying that any connection with this host or these hosts would get registered in the OpenVPN logs. Sure I could filter that (behind the fact) but yeah.

See ya, and thanks.

Re: iroute causes learn-address for internal hosts

Posted: Mon May 25, 2020 10:40 am
by kiranp
Hello i am facing issues that my far end device is successfully connected and i can ssh the device too but after VPN router internet is not working.
i am getting below logs in /var/log/message, i am getting warning messages in the logs

warning: 'dev-type' is present in local config but missing in remote config
similar warnings for version, kink-mtu, tun-mtu, cipher, auth, keysize, key-method, tls-client

I am not a Linux guy but trying all the possible ways to resolve this issue.

It was working fine before 2 months but suddenly this has stopped working. Any help would be highly appreciated...!!!!