Metric is forcing to 1 on tap adapter after connection

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
shawntech1
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2021 8:02 pm

Metric is forcing to 1 on tap adapter after connection

Post by shawntech1 » Thu Nov 04, 2021 8:03 pm

This is causing some local resources to not work while VPN is connected. Windows 10 client, tried latest and previous OpenVPN connect clients. I do not see any server side settings that would tell the client to force Metric=1 on the client TAP adapter.

I can as a workaround set the metric manually after the connection is made but it reverts to METRIC 1 after disconnecting/reconnecting.

Any ideas?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by openvpn_inc » Fri Nov 05, 2021 10:54 am

Hello shawntech1,

I don't know anything about your situation, so perhaps this suggestion isn't useful, but generally you would want the VPN to win over already present routes. And if you do end up making a conflict, then try ensuring you don't push any routes that cause that problem. However, there is the route-metric directive which you might want to try.

--route-metric m
Specify a default metric m for use with --route.

You can edit the client configuration profile and add in this line:
route-metric 500

To increase the metric by 500 for routes that are implemented by the OpenVPN client on your client computer.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

shawntech1
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2021 8:02 pm

Re: Metric is forcing to 1 on tap adapter after connection

Post by shawntech1 » Fri Nov 05, 2021 11:13 am

openvpn_inc wrote:
Fri Nov 05, 2021 10:54 am
Hello shawntech1,

I don't know anything about your situation, so perhaps this suggestion isn't useful, but generally you would want the VPN to win over already present routes. And if you do end up making a conflict, then try ensuring you don't push any routes that cause that problem. However, there is the route-metric directive which you might want to try.

--route-metric m
Specify a default metric m for use with --route.

You can edit the client configuration profile and add in this line:
route-metric 500

To increase the metric by 500 for routes that are implemented by the OpenVPN client on your client computer.

Kind regards,
Johan
It's the metric of the interface not the route that I'm changing. I've seen this before and in the past if you set the tap interface to a higher metric it would remain. Now when connecting with the openvpn connect client the interface reverts to 1.

The problem is we are trying to communicate with a mfp printer's scanner on the local network and with vpn connected and it's interface metric at 1 it cannot find it.

If I connect the VPN then manually adjust the interface metric to 25 giving the local lan adapter priority everything works properly, including the remote VPN resources.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by openvpn_inc » Fri Nov 05, 2021 12:25 pm

Hello shawntech1,

According to what I know, the metric doesn't matter, as long as routes don't collide. Basically you can use metric to define which one 'wins' when there are conflicting routes. To me it sounds like if things are breaking it's because there are conflicting routes. Can you show a route print of the issue so I have some more information on what's going on?

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

shawntech1
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2021 8:02 pm

Re: Metric is forcing to 1 on tap adapter after connection

Post by shawntech1 » Fri Nov 05, 2021 3:01 pm

Hello, i've discovered that the application uses the WSD port name to talk to the scanner function in the printer. The printer's IP address is 10.1.10.179 and the WSD portname which resolves via DNS is BRWD80F9925AAA8... it is a Brother MFP device. With VPN connected and TAP adapter which forces itself to interface metric=1 it can no longer resolve the WSD port and communicate with the printer/scanner. Setting the TAP adapter manually after connection to metric=25 and it works properly again as local LAN adapter becomes higher priority.

Here are the route tables, with VPN disconnected first. The VPN subnet is 172.27.240.0/24

No VPN:

===========================================================================
Interface List
13...ac e2 d3 4f 3a bc ......Realtek PCIe GBE Family Controller
18...b0 52 16 13 6b 57 ......Realtek RTL8821CE 802.11ac PCIe Adapter
3...00 ff 12 f4 a9 14 ......TAP-Windows Adapter V9 for OpenVPN Connect
10...f2 52 16 13 6b 57 ......Microsoft Wi-Fi Direct Virtual Adapter
11...b2 52 16 13 6b 57 ......Microsoft Wi-Fi Direct Virtual Adapter #3
4...b0 52 16 13 6b 58 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.2 11
10.1.10.0 255.255.255.0 On-link 10.1.10.2 266
10.1.10.2 255.255.255.255 On-link 10.1.10.2 266
10.1.10.255 255.255.255.255 On-link 10.1.10.2 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.1.10.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.1.10.2 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.1.10.1 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
1 331 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


VPN Connected:

===========================================================================
Interface List
3...00 ff 12 f4 a9 14 ......TAP-Windows Adapter V9 for OpenVPN Connect
13...ac e2 d3 4f 3a bc ......Realtek PCIe GBE Family Controller
18...b0 52 16 13 6b 57 ......Realtek RTL8821CE 802.11ac PCIe Adapter
10...f2 52 16 13 6b 57 ......Microsoft Wi-Fi Direct Virtual Adapter
11...b2 52 16 13 6b 57 ......Microsoft Wi-Fi Direct Virtual Adapter #3
4...b0 52 16 13 6b 58 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.2 11
10.1.10.0 255.255.255.0 On-link 10.1.10.2 266
10.1.10.2 255.255.255.255 On-link 10.1.10.2 266
10.1.10.255 255.255.255.255 On-link 10.1.10.2 266
10.31.55.0 255.255.255.0 172.27.240.1 172.27.241.230 102
64.94.232.106 255.255.255.255 10.1.10.1 10.1.10.2 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.27.224.0 255.255.240.0 172.27.240.1 172.27.241.230 102
172.27.240.0 255.255.240.0 On-link 172.27.241.230 257
172.27.241.230 255.255.255.255 On-link 172.27.241.230 257
172.27.255.255 255.255.255.255 On-link 172.27.241.230 257
208.67.220.220 255.255.255.255 172.27.240.1 172.27.241.230 102
208.67.222.222 255.255.255.255 172.27.240.1 172.27.241.230 102
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.27.241.230 257
224.0.0.0 240.0.0.0 On-link 10.1.10.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.27.241.230 257
255.255.255.255 255.255.255.255 On-link 10.1.10.2 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.1.10.1 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
1 331 2000::/4 On-link
1 331 3000::/4 On-link
1 331 fc00::/7 On-link
3 281 fe80::/64 On-link
3 281 fe80::607d:3c78:9094:1164/128
On-link
1 331 ff00::/8 On-link
3 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by openvpn_inc » Sat Nov 06, 2021 9:03 am

Hello shawntech1,

I use OpenVPN2 and OpenVPN3 on Windows and don't see the same problem as you. I have an HP printer that works the same as what you described. I know that doesn't help you, but, it's just odd that in your situation there would be a problem with netbios.

One thing I noticed is that you have a persistent route for the default gateway in your route print overview. Is there a reason that needs to be there? Can you try removing it and just relying on the network card's default gateway setting instead? Just to see if it makes a difference.

To try and work around the problem you might want to consider going into the TAP adapter settings, turn off everything except TCP/IP v4 (and v6 if you need it), and on top of that, in the TCP/IP settings go through the options and turn off netbios. Then netbios simply cannot be used on the TAP adapter.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

shawntech1
OpenVpn Newbie
Posts: 4
Joined: Thu Nov 04, 2021 8:02 pm

Re: Metric is forcing to 1 on tap adapter after connection

Post by shawntech1 » Mon Nov 08, 2021 3:35 pm

openvpn_inc wrote:
Sat Nov 06, 2021 9:03 am
Hello shawntech1,

I use OpenVPN2 and OpenVPN3 on Windows and don't see the same problem as you. I have an HP printer that works the same as what you described. I know that doesn't help you, but, it's just odd that in your situation there would be a problem with netbios.

One thing I noticed is that you have a persistent route for the default gateway in your route print overview. Is there a reason that needs to be there? Can you try removing it and just relying on the network card's default gateway setting instead? Just to see if it makes a difference.

To try and work around the problem you might want to consider going into the TAP adapter settings, turn off everything except TCP/IP v4 (and v6 if you need it), and on top of that, in the TCP/IP settings go through the options and turn off netbios. Then netbios simply cannot be used on the TAP adapter.

Kind regards,
Johan
Hello, I did try your suggestions and they did not help. It appears to be a netbios issue but as a workaround I ended up putting the device in the system's HOSTS file and it was able to resolve while on VPN without other provisions. I would like to find a better solution than this but for now this is the key. Let me know if you have any other solutions, thank you!

sabuzaki
OpenVpn Newbie
Posts: 5
Joined: Mon Aug 29, 2022 10:45 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by sabuzaki » Mon Oct 03, 2022 2:46 pm

Similar (but different) problem here - require to have an ability to edit Local adapter (TAP) network device metric value (or set it to static higher value).

As above discussed, the metric can be changed using powershell or control panel network settings when OpenVPN connection is on. But when OpenVPN is re-connected, metric value is reset to 1.

No "route metric" involved here, as we have an app/service which starts listening only on the network adapter with lowest metric.

The solution at the moment is to "kill" the OpenVPN before starting a service.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by openvpn_inc » Mon Oct 03, 2022 2:49 pm

Hello sabuzaki,

Can you explain the use case? Why do you require the metric to be lower than normal? Trying to understand if maybe this is something that can or should be solved in another way than messing with the route metric.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

sabuzaki
OpenVpn Newbie
Posts: 5
Joined: Mon Aug 29, 2022 10:45 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by sabuzaki » Mon Oct 03, 2022 3:34 pm

Hi Johan,

Again, this is nothing to do with "route metric". It is in regards of "adapter metric".

1. When OpenVPN creates a session, it uses "Unknown adapter Local Area Connection" in Windows and assigns IP address to it.
2. When entering "ipconfig" that adapter is always on the top of the list, meaning it has lesser (1) metric than any other adapter (unless set metric 0 on any other adapter)
3. The app which is starting, will start to listen for the incoming traffic on the first adapter (lowest metric) which has "connected" state.
4. If the OpenVPN is started, and the app started after, it will be listening for incoming traffic on the <OpenVPN adapter IP address>:<port number> instead of <LAN adapter IP address>:<port> (don't ask why there is no option on the app itself to select adapter;])

As I was writing this, I realized that there is one possible option: to set LAN adapter metric to 0. It seems working and now after starting the app, it is listening on the correct interface (LAN adapter IP address).

But I'm suspecting - Is metric 0 allowed or it doesn't have any special purpose? As when running powershell command "Get-NetIPInterface" for the LAN adapter metric value shown as blank, and when going to control panel > network settings > adapter properties > advanced > metric is set as "Automatic".

So if OpenVPN would have an option to set an adapter metric (not route metric) to some other value than 1, it would be great I guess.

Many thanks,

Ivan

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by openvpn_inc » Mon Oct 03, 2022 3:44 pm

Hello sabuzaki,

> don't ask why there is no option on the app itself to select adapter

That's exactly what I was going to ask haha. Relying on an adapter metric to have an app listen on the right interface seems a bit dodgy.

I don't know of any reason why setting the metric to 0 should be an issue.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

sabuzaki
OpenVpn Newbie
Posts: 5
Joined: Mon Aug 29, 2022 10:45 am

Re: Metric is forcing to 1 on tap adapter after connection

Post by sabuzaki » Tue Oct 04, 2022 7:47 am

Hello Johan,

On the first part I agree. On the second part regarding metric value of 0: using powershell [1] command setting metric as 0 is accepted, but through control panel when trying to set the same, message pops up: "Please enter a metric between 1 and 9999."

[1] set-netipinterface -interface 10 -interfacemetric 0

Regards,
-

Post Reply