Cant connect to openvpn server with a static route

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Sat Jun 19, 2021 9:26 am

Goal: force all traffic through VPN only.

Client: Windows in VM
VPN: OPENVPN

I delete the 0.0.0.0 route in the client. I make a route for the destination of my VPN server with my LAN default gateway as the gateway (192.168.1.1). So, in practice when I turn on openvpn, it attempts to connect to the server IP which has a route through my local LAN gateway, which would result in a connection and a new VPN connection established. And when the VPN connection drops, all traffic stops.

However, I am unable to connect to the VPN server. I can ping it though. I was able to replicate the same scenario in a windows VM with softether client and a third party VPN and can connect successfully. What am I doing wrong?

chilinux
OpenVPN Power User
Posts: 105
Joined: Thu Mar 28, 2013 8:31 am

Re: Cant connect to openvpn server with a static route

Post by chilinux » Sat Jun 19, 2021 6:04 pm

What version of OpenVPN Access Server are you using?

imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Re: Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Sat Jun 19, 2021 6:31 pm

openvpn version v2.8.3

imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Re: Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Sat Jun 19, 2021 8:43 pm

OpenVPN has the server IP, and the gateway IP. The gateway IP is established only after the client connects to the server and under ipconfig this openvpn gateway ip shows under the adapter: "TAP-Windows Adapter V9 for OpenVPN Connect". This becomes the new default 0.0.0.0 route on the routing table.

So with the 0.0.0.0 default route (the LAN route, not the openvpn gateway) deleted and a static route to the openvpn server I can ping it no problem. The admin openvpn portal even shows "Current Active Users: 1" when I attempt to connect, but eventually drops off. So this means I can communicate with the server, but it wont establish a connection. Why it wont is beyond me. I was able to replicate the exact same scenario in an additonal VM but with softether client and a third party vpn.

My setup is Windows in VMware, the network connection settings for VMware is "bridged", with "replicate physical network conneciton state" check marked.

Heres a picture of my network, note the .78 ip is the openvpn server: https://i.imgur.com/zDN5gvR.png

imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Re: Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Sat Jun 19, 2021 9:26 pm

Also, logs dont show any error. Appears as though I am connecting. https://i.imgur.com/4E5179X.png

chilinux
OpenVPN Power User
Posts: 105
Joined: Thu Mar 28, 2013 8:31 am

Re: Cant connect to openvpn server with a static route

Post by chilinux » Sat Jun 19, 2021 10:15 pm

Is there any information in the client log (the icon in the upper right corner)?

imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Re: Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Sat Jun 19, 2021 10:28 pm

Nothing on the client log. Heres also a picture of the openvpn server, when I attempt to conenct it shows briefly 1 active user before dropping off. https://i.imgur.com/w5LrdoZ.png

imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Re: Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Sun Jun 20, 2021 7:37 am

The servers ports are open.

On the clients side (windows WM) I can also SSH in to the openvpn server using putty. The only solution so far is to add back the 0.0.0.0 192.168.1.1 route, and OpenVPN connections no problem, but that defeats the purpose as I want to force all traffic to only go through the VPN, and nothing else.

I also added a -p route for 172.16.0.0 255.255.255.255 192.168.1.1 just in case ( this is the network the VPN gateway is create on), but to no avail.

I do not understand how the openvpn cannot connect unless the 0.0.0.0 route is added. Any idea what I could do to fix this?

chilinux
OpenVPN Power User
Posts: 105
Joined: Thu Mar 28, 2013 8:31 am

Re: Cant connect to openvpn server with a static route

Post by chilinux » Mon Jun 21, 2021 2:25 pm

You shouldn't need to manually change the routes on the client side.

Instead, in the administrative web panel, go to Configuration -> VPN Settings -> Should client Internet traffic be routed through the VPN?

Then make sure the setting is set to Yes.

Manually changing the default route will impact the route to the VPN servers itself. The VPN server can not be reached via the VPN, but rather must always must be routed through your internet service provider.

imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Re: Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Mon Jun 21, 2021 9:57 pm

The "Should client Internet traffic be routed through the VPN?" is set to "yes".

However, I want all traffic to only be able to go through the VPN. This is extremely important, and the only fool-proof way of doing this is making a static route, so for what ever reason if the VPN flakes for 2 seconds or I somehow forget to connect to the VPN, im not leusin, aking my IP.

Theres got to be something going on here that OpenVPN is doing differently. The VPN server can be reached with a static route using my default gateway, I can even ping it. As I stated, I have no problem on a different machine connecting to a third-party VPN using softether using the exact same technique with only a static route to the VPN server. Any idea what it is?

imfiringmylaser12
OpenVpn Newbie
Posts: 13
Joined: Sat Jun 19, 2021 9:25 am

Re: Cant connect to openvpn server with a static route

Post by imfiringmylaser12 » Tue Jun 22, 2021 9:39 am

I have a persistent route to the VPN (160.50.59.40 255.255.255.255 192.168.1.1), I connect to the VPN then remove the default LAN gateway ( 0.0.0.0 0.0.0.0 192.168.1.1) so all traffic only goes through the VPN. I take a picture of this routing table.

I then restart windows with a fresh routing table (with the persistent route still) and add all these routes exactly as the seen in the picture I took, then I remove the default LAN gateway ( 0.0.0.0 0.0.0.0 192.168.1.1)... and I still cant connect.

I want to be clear here, I have have the exact same routing setup in another windows machine, with softether and a third party VPN (compared to the current windows machine with openvpn connect, and openvpn server running in oracle cloud) and I have had absolutley no problems connecting with the default LAN gateway route deleted, and just a default LAN gateway route to the VPN only. Ive been comparing both machines, their routing tables, their adapters, the software, and I cant understand how this is possible on one and not the other.

Note: Deleting the default LAN gateway ( 0.0.0.0 0.0.0.0 192.168.1.1) is to make it impossible for windows to leak your real IP if the VPN ever flakes for 2 seconds (which it will). I can also ping the VPN at anypoint because of the persitent route.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 220
Joined: Tue Feb 16, 2021 10:41 am

Re: Cant connect to openvpn server with a static route

Post by openvpn_inc » Wed Jun 23, 2021 12:01 pm

Hello imfiringmylaser12,

I saw your other ticket on the forum too about this issue. So it is a bug, but one that was solved a while ago. You are apparently using an older client?

Please get latest version here: https://openvpn.net/downloads/openvpn-c ... indows.msi and then try again.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply