ubuntu openvpn server and edgerouter openvpn client

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
empty112
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 18, 2018 1:41 am

ubuntu openvpn server and edgerouter openvpn client

Post by empty112 » Mon Jun 18, 2018 1:52 am

i have set up a ubuntu server with openvpn server running on it with then my edge router acting as a openvpn client connects to it allowing my to vpn into the ubuntu server but then have direct access to my local network behind the edge router.

Below is the server config:

server
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_xxx.crt
key /etc/openvpn/easy-rsa/pki/private/server_xxx.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0

# Set your primary domain name server address for clients
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

# push "route 10.8.0.0/24"
push "route 192.168.20.0 255.255.255.0"
push "route 192.168.10.0 255.255.255.0"

route 192.168.20.0 255.255.255.0 10.8.0.2 1
route 192.168.10.0 255.255.255.0 10.8.0.2 1

# Prevent DNS leaks on Windows
# push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
# push "redirect-gateway def1"

client-to-client
keepalive 10 120
remote-cert-tls client
# tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn

# Client config directory
client-config-dir /etc/openvpn/ccd


With the Edge router having the following settings:

edge
openvpn vtun1 {
hash sha256
mode client
openvpn-option "--tls-auth /config/auth/ta.key 0"
openvpn-option --comp-lzo
openvpn-option "--verb 3"
openvpn-option "--cipher AES-256-CBC"
openvpn-option "--verify-x509-name server_xxx name"
openvpn-option "--remote-cert-tls server"
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option --nobind
openvpn-option "--resolv-retry infinite"
openvpn-option "--key-direction 1"
protocol udp
remote-host xxx
remote-port 1194
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/xxx.crt
key-file /config/auth/xxx.key
}
}


The connection works without any issues, i can VPN to the ubuntu and access the edgerouter network and access the vpn server via the edge router network.

The issue is that once the VPN connects it creates a connection route:

C *> 0.0.0.0/4 is directly connected, vtun1
C 0.0.0.0/4 is directly connected, vtun1

this is causing issues with some traffic trying load through the VPN and causing connection issues.

On the router i have tried to add the following with no changes

--route-nopull
--route-noexec

If there a way for the OpenVPN not to push the connection route or to change it so the connection route is 10.8.0.0/24 instead of 0.0.0.0/4?

Or am i doing something wrong with how i have set it up causing it to create a connection route of 0.0.0.0/4

Any help would be great

Post Reply