iroute - multiple client with identical ccd-entries

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
pirmin
OpenVpn Newbie
Posts: 3
Joined: Mon Jan 27, 2020 10:59 am

iroute - multiple client with identical ccd-entries

Post by pirmin » Mon Jan 27, 2020 1:28 pm

hi all

What happens if I have the following setup and I would like to reach the host 10.0.1.10 from the Server (172.16.0.10)?

Server:
eth0: 172.16.0.10/24
default-gw: 172.16.0.1
tun0: 192.168.179.1/24
ccd-config:
Client-A:
- ifconfig-push 192.168.179.10 255.255.255.0
- iroute 10.0.1.0 255.255.255.0
- iroute 10.0.5.0 255.255.255.0
Client-B:
- ifconfig-push 192.168.179.11 255.255.255.0
- iroute 10.0.1.0 255.255.255.0
- iroute 10.0.6.0 255.255.255.0

Client-A:
eth0: 172.16.10.10/24
default-gw: 172.16.10.1
tun: 192.168.179.10/24
can-reach-networks:
- 10.0.1.0/24
- 10.0.5.0/24

Client-B:
eth0: 172.16.20.10/24
default-gw: 172.16.20.1
tun: 192.168.179.11/24
can-reach-networks:
- 10.0.1.0/24
- 10.0.6.0/24

Both Client-A and Client-B can reach the same network 10.0.1.0/24. What is the behavior of openVPN if I try to reach an host (10.0.1.10), for example ssh, from the Server (172.16.0.10)?

Thanks for your answers.
Last edited by pirmin on Mon Jan 27, 2020 2:29 pm, edited 1 time in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6510
Joined: Fri Jun 03, 2016 1:17 pm

Re: iroute - multiple client with identical ccd-entries

Post by TinCanTech » Mon Jan 27, 2020 1:35 pm

Openvpn will probably use which ever --iroute was added last ..

We don't configure things that way, so maybe you can tell us what happens ?

pirmin
OpenVpn Newbie
Posts: 3
Joined: Mon Jan 27, 2020 10:59 am

Re: iroute - multiple client with identical ccd-entries

Post by pirmin » Mon Jan 27, 2020 1:41 pm

Hi TinCanTech
Thanks for your reply.
TinCanTech wrote:
Mon Jan 27, 2020 1:35 pm
Openvpn will probably use which ever --iroute was added last ..

We don't configure things that way, so maybe you can tell us what happens ?
So in which way do you configure things if you have the above mentioned setup?

Regards.

pirmin
OpenVpn Newbie
Posts: 3
Joined: Mon Jan 27, 2020 10:59 am

Re: iroute - multiple client with identical ccd-entries

Post by pirmin » Mon Jan 27, 2020 3:23 pm

A test showed, that openvpn will use the last added iroute if there are identical iroute's from different clients. This ( I think so) will also mess up with backroutes.

Regards.

Post Reply