Failure to add VPN routes automatically

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
chathuranga
OpenVpn Newbie
Posts: 3
Joined: Sun Jun 23, 2019 12:22 pm

Failure to add VPN routes automatically

Post by chathuranga » Sun Jun 23, 2019 12:52 pm

I have an OpenVPN test setup installed on a VPS. I have to make a particular client available to the server so I have assigned a static IP using a client config.

If you are interested this is the approach I have used. (https://www.itsfullofstars.de/2018/09/openvpn-assign-static-ip-to-client/)

Additionally in order to set the routes properly I am using a push statement in server.conf

Code: Select all

push "route 10.8.0.0 255.255.0.0 10.8.0.1 0"
When I test this setup with an Ubuntu OVPN client everything works fine. The client is getting the right static IP and the routes are getting updated properly. I can ping to 10.8.0.1 which is the VPN gateway.

However if I try to connect with Raspberry OVPN client, the routes are not getting added. Instead I see the following error on the console.

Code: Select all

Sun Jun 23 12:25:56 2019 us=392175 /sbin/ip route add 10.8.0.0/16 metric 0 via 10.8.0.1
RTNETLINK answers: Network is unreachable
Sun Jun 23 12:25:56 2019 us=402420 ERROR: Linux route add command failed: external program exited with error status: 2
The routes are not getting setup therefore I cannot ping the VPN gateway.

Rasbian and Ubuntu both shares a debian kernal therefore I don't think this is related with the platform. How should I troubleshoot this issue?

As an additional hint : you can see the same error on Ubuntu if you try to execute "/sbin/ip route add 10.8.0.0/16 metric 0 via 10.8.0.1" on a new console. That means this operation needs to be done by OVPN process it-self

chathuranga
OpenVpn Newbie
Posts: 3
Joined: Sun Jun 23, 2019 12:22 pm

Re: Failure to add VPN routes automatically

Post by chathuranga » Sun Jun 23, 2019 2:19 pm

Code: Select all

ip route add 10.8.0.0/16 dev tun0
Adding an explicit route to tun device worked. Now I can ping 10.8.0.1

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Failure to add VPN routes automatically

Post by TinCanTech » Sun Jun 23, 2019 3:56 pm

chathuranga wrote:
Sun Jun 23, 2019 12:52 pm
How should I troubleshoot this issue?
How about reaiding the official documentation instead of some random webpage ..
chathuranga wrote:
Sun Jun 23, 2019 12:52 pm

Code: Select all

push "route 10.8.0.0 255.255.0.0 10.8.0.1 0"
is completely wrong and actually shows you did not read the article you linked to properly.

This:

Code: Select all

push "route 10.8.0.0 255.255.0.0"
is correct and you probably don't even need that.. but as you have not posted your configs or logs that is just a wild guess ..

Please see:
viewtopic.php?f=30&t=22603

chathuranga
OpenVpn Newbie
Posts: 3
Joined: Sun Jun 23, 2019 12:22 pm

Re: Failure to add VPN routes automatically

Post by chathuranga » Mon Jun 24, 2019 1:18 pm

Hi,

Thanks, Sorry I don't agree. I am not a networking expert but I did plenty of research. The version I used (The one you believe incorrect) does it's job and adds the route properly in Ubuntu. It solves the routing problem completely with a metric 0 route.

Route

Code: Select all

10.8.0.0        10.8.0.1        255.255.0.0     UG    0      0        0 tun0
Log

Code: Select all

Mon Jun 24 18:26:35 2019 us=527997 /sbin/ip route add 10.8.0.0/16 metric 0 via 10.8.0.1
Therefore I don't think it is useful to go into config. The server send the right "push" but raspberry's sbin/ip binary fails to process it due to a different reason. If a config is wrong then why does it work on Ubuntu?

Check the following log from Raspberry.

Code: Select all

Mon Jun 24 13:03:44 2019 us=57817 TUN/TAP device tun0 opened
Mon Jun 24 13:03:44 2019 us=58290 TUN/TAP TX queue length set to 100
Mon Jun 24 13:03:44 2019 us=58511 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jun 24 13:03:44 2019 us=58703 /sbin/ip link set dev tun0 up mtu 1500
Mon Jun 24 13:03:44 2019 us=66840 /sbin/ip addr add dev tun0 10.8.0.94/32 broadcast 10.8.0.94
Mon Jun 24 13:03:44 2019 us=74193 /sbin/ip route add 10.8.0.0/16 metric 0 via 10.8.0.1
RTNETLINK answers: Network is unreachable
Mon Jun 24 13:03:44 2019 us=82771 ERROR: Linux route add command failed: external program exited with error status: 2
Obviously it tries to execute the same command as Ubuntu but fails. (Probably Raspberry takes a longer time to initialize TUN0 interface).

And I used the suggested configuration and it yields the same results on both platforms. It executes the same command but with no metric setting since it is not specified.

Code: Select all

Mon Jun 24 18:44:26 2019 us=7200 /sbin/ip route add 10.8.0.0/16 via 10.8.0.1

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Failure to add VPN routes automatically

Post by TinCanTech » Mon Jun 24, 2019 1:30 pm

chathuranga wrote:
Mon Jun 24, 2019 1:18 pm
I don't think it is useful to go into config
OK then ..

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Failure to add VPN routes automatically

Post by TinCanTech » Wed Jun 26, 2019 1:38 am

Wild stab in the dark here .. try --topology subnet

Sponsored by: nobody

likedi
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 09, 2022 5:27 pm

Re: Failure to add VPN routes automatically

Post by likedi » Sun Jan 09, 2022 5:32 pm

TinCanTech wrote:
Sun Jun 23, 2019 3:56 pm
This:

Code: Select all

push "route 10.8.0.0 255.255.0.0"
is correct and you probably don't even need that.. but as you have not posted your configs or logs that is just a wild guess ..
Hi,
you just saved my ass. OVPN GUI client on Win did not mind and worked, and OVPN Connect client for both Win and Mac did not.

This exactly was my issue, my route in client ovpn file was

Code: Select all

route network mask gw
and correct is

Code: Select all

route network mask
Probably did copy the settings from some other ovpn file I got. Weird the GUI client did not care...

So big thx !

Post Reply