Chnage route metric instead add to existing number

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
IPTRACE
OpenVpn Newbie
Posts: 12
Joined: Sat Dec 31, 2016 12:40 pm

Chnage route metric instead add to existing number

Post by IPTRACE » Sat Dec 31, 2016 12:51 pm

Hello!

I have a problem with changing the metric on my client route.
When I set on the server entry like

Code: Select all

push "route-metric 5"
Windows client adds 5 to self metric instead change it.
The same story is when I set

Code: Select all

route-metric 5
on the client config.
it doesn't matter when metric on the client interface is automatic or manual set. Windows/OpenVPN adds number instead change it.

Server: openvpn-2.3.12_1
Client: openvpn-2.4.0-I601
Client OS: Windows 10
Client interface: TUN

Is this expected function or any bug or Windows feature/bug?
Thank you for your help.
Top
IPTRACE
OpenVpn Newbie
Posts: 12
Joined: Sat Dec 31, 2016 12:40 pm

Re: Chnage route metric instead add to existing number

Post by IPTRACE » Sun Jan 01, 2017 3:46 pm

Regarding my issue, I've found the following post.
http://serverfault.com/questions/238695 ... on-windows

It means the problem is due to Windows.
Windows adds metric value instead change it. The workaround is to change metric manually on Windows TAP interface but it's a problem with a lot of clients without Group Policy etc.
The following command also helps but you have to know interface number.
Set Windows metric to 0, then OpenVPN metric + Windows metric = OpenVPN metric

Code: Select all

netsh interface ipv4 set interface 25 metric=0
It only works via command line with administrative privilages.
From Windows control panel is not possible to set it to 0 because Windows says that possiible range is between 1 and 9999.

is it possible to add the above command as standard command like "route.exe ADD....." after established VPN connection?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11142
Joined: Fri Jun 03, 2016 1:17 pm

Re: Chnage route metric instead add to existing number

Post by TinCanTech » Sat Jan 07, 2017 2:17 pm

As a work around:

See --route-noexec in The Manual v24

You can then run a script (batch file) to execute netsh.exe with the desired parameters.

Code: Select all

> netsh interface ipv4 show route
Re: https://community.openvpn.net/openvpn/ticket/817

I don't think this is an openvpn bug as it is windows that has changed .. surprise surprise
but your suggestion makes sense, if indeed netsh.exe sets the metric correctly ..
And if it currently works that way, I wonder for how long microshaft will leave it like that ?
Top
IPTRACE
OpenVpn Newbie
Posts: 12
Joined: Sat Dec 31, 2016 12:40 pm

Re: Chnage route metric instead add to existing number

Post by IPTRACE » Sun Jan 08, 2017 12:59 pm

Run a script is clear issue but the same solution I can obtain to change metric (from auto to manual) for TAP interface in Windows control panel. It means I have to access to every client and change it. Scrip does the same job but longer way in my opinion.
I was thinking to do that via server configuration setting push "route-metric 5" but without success described above.
Top
Post Reply

Return to “Server Administration”