[Solved] Incorrect gateway when connecting to OpenVPN

raphyduck · Post by **raphyduck** » Mon Jun 26, 2017 5:22 pm

Hello guys,

I have an issue with routing with my OpenVPN connection. The connection establishes itself successfully, however the default gateway pushed is not the correct IP. See below on the server:

Code: Select all

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.255  destination 10.8.0.2
        inet6 fe80::a18d:64a0:d94:e1cb  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 190  bytes 12578 (12.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 80  bytes 8601 (8.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

and on the client:

Code: Select all

16: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.6 peer 10.8.0.5/32 brd 10.8.0.6 scope global tun0
       valid_lft forever preferred_lft forever
    inet 192.168.88.2/24 brd 192.168.88.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::dd00:9a08:245a:f1bc/64 scope link flags 800 
       valid_lft forever preferred_lft forever

Code: Select all

0.0.0.0/1 via 10.8.0.5 dev tun0 
default via 192.168.0.1 dev wlp1s0 proto static metric 600 
10.8.0.1 via 10.8.0.5 dev tun0 
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 
127.0.0.1 via 192.168.0.1 dev wlp1s0 
128.0.0.0/1 via 10.8.0.5 dev tun0 
169.254.0.0/16 dev wlp1s0 scope link metric 1000 
192.168.0.0/24 dev wlp1s0 proto kernel scope link src 192.168.0.115 metric 600

As you can see, the openvpn gateway is set to 10.8.0.5 on the client, which is not the address of the server.

The client config:

Client config

client
#remote localhost 1183
remote <ip> 1183
pull
ca /home/raph/keys/ca.gw.crt
cert /home/raph/keys/miniraph.gw.crt
key /home/raph/keys/miniraph.gw.key
cipher DES-EDE3-CBC
comp-lzo yes
dev tun
proto tcp
#proto udp
tls-auth /home/raph/keys/ta.gw.key 1
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nogroup
#fragment 1200
verb 3
#tun-mtu 1300
#tun-mtu-extra 32
#fragment 1200
#mssfix 1436
#mssfix
#mtu-test
writepid /var/run/openvpn.pid
log openvpn.log

and the server config:

Server config

script-security 3 #system
port 1183
proto tcp
#proto udp
dev tun

ca /home/raph/keys/ca.crt
cert /home/raph/keys/gw.hobbitton.at.crt
key /home/raph/keys/gw.hobbitton.at.key
dh /home/raph/keys/dh4096.pem
tls-auth /home/raph/keys/ta.key 0

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

keepalive 10 120

cipher DES-EDE3-CBC # Triple-DES
comp-lzo

max-clients 10

user nobody
group nogroup

persist-key
persist-tun

#fragment 1200

log openvpn.log
#status openvpn-status.log
verb 5
mute 20

Any help is appreciated, I have to say im not sure where to start

Thanks
Raphyduck

TinCanTech · Post by **TinCanTech** » Mon Jun 26, 2017 9:10 pm

raphyduck wrote:As you can see, the openvpn gateway is set to 10.8.0.5 on the client, which is not the address of the server.

That is the correct address for a P2MP server with --topology net30

See --topology in The Manual v24x

raphyduck · Post by **raphyduck** » Tue Jun 27, 2017 4:24 pm

Thank you for your reply. Ok if this is normal then I guess my question is why isnt there any connectivity when connected. See this traceroute to a google ip:

Code: Select all

traceroute to 172.217.21.195 (172.217.21.195), 30 hops max, 60 byte packets
 1  10.8.0.1 (10.8.0.1)  959.925 ms  997.541 ms  997.544 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

TinCanTech · Post by **TinCanTech** » Tue Jun 27, 2017 4:36 pm

Your traceroute shows your VPN is working ..

Have you enabled IP forwarding on your server ?

raphyduck · Post by **raphyduck** » Wed Jun 28, 2017 11:39 am

Yep

Code: Select all

~$ cat /proc/sys/net/ipv4/ip_forward
1

I also cleared the iptables without more change:

Code: Select all

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

TinCanTech · Post by **TinCanTech** » Wed Jun 28, 2017 12:18 pm

raphyduck wrote:I also cleared the iptables without more change:
Code: Select all
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Then you need to read this again:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

raphyduck · Post by **raphyduck** » Thu Jun 29, 2017 2:53 pm

Thanks a lot, it does seem to work now.

Sorry about the trouble

Raphael

TinCanTech · Post by **TinCanTech** » Thu Jun 29, 2017 3:47 pm

No trouble

HOWTO: For OpenVPN Community Edition FTW

For others reading this thread with similar problems, please see:
HOWTO: Request Help ! {2}

OpenVPN Support Forum

[Solved] Incorrect gateway when connecting to OpenVPN

[Solved] Incorrect gateway when connecting to OpenVPN

Re: Incorrect gateway when connecting to OpenVPN

Re: Incorrect gateway when connecting to OpenVPN

Re: Incorrect gateway when connecting to OpenVPN

Re: Incorrect gateway when connecting to OpenVPN

Re: Incorrect gateway when connecting to OpenVPN

Re: Incorrect gateway when connecting to OpenVPN[SOLVED]

Re: Incorrect gateway when connecting to OpenVPN