New Subnet Route Not working

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
rootdet
OpenVpn Newbie
Posts: 4
Joined: Mon Jan 10, 2022 11:14 pm

New Subnet Route Not working

Post by rootdet » Tue Jan 11, 2022 2:49 pm

Hi All,

We have a route 192.168.0.0/23 that is pushed out successfully. I am trying to add 10.0.0.0/8 which from the vpnserver perspective is reachable via the default gateway. basicly we are moving subnets around and moving into the 10.x subnets. I have reloaded AND restarted the openvpn service and each time i only get the 192.168.0.0/23 route added, it does nothing about the 10.x route.

Some info:
OpenVPN version installed via APT: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
Ubuntu 20.04.3 LTS
Server sits on the 192.168.0.0/23 VLAN segment now. 10.0.0.0/8 are other subnets that they default gateway can fully route to.


Server Config
local 192.168.0.3
port 1194
proto udp
dev tun10

--verify-client-cert require
ca ca.crt
cert issued/server.crt
key private/server.key
dh dh.pem
tls-crypt tc.key
crl-verify crl.pem
duplicate-cn

topology subnet
client-to-client
#push "redirect-gateway def1 bypass-dhcp"
server 10.10.0.0 255.255.255.0
push "dhcp-option DNS 192.168.0.1"
push "dhcp-option DOMAIN local"
push "route 192.168.0.0 255.255.254.0"
push "route 10.0.0.0 255.0.0.0"
route 192.168.0.0 255.255.254.0
route 10.0.0.0 255.0.0.0
ifconfig-pool-persist ipp.txt

keepalive 10 120
reneg-sec 43200
persist-key
persist-tun

auth SHA512
cipher AES-256-GCM

user nobody
group nogroup

status openvpn-status.log
verb 3
explicit-exit-notify 1

plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/server/auth_ldap.conf"




My routing table


routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eno1
10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun10
192.168.0.0 0.0.0.0 255.255.254.0 U 0 0 0 eno1
192.168.0.1 0.0.0.0 255.255.255.255 UH 100 0 0 eno1



Syslog

Syslog

Jan 11 09:47:42 OpenVPN systemd[1]: systemd-timedated.service: Succeeded.
Jan 11 09:47:47 OpenVPN systemd[1]: openvpn.service: Succeeded.
Jan 11 09:47:47 OpenVPN systemd[1]: Stopped OpenVPN service.
Jan 11 09:47:47 OpenVPN systemd[1]: Stopping OpenVPN service...
Jan 11 09:47:47 OpenVPN systemd[1]: Starting OpenVPN service...
Jan 11 09:47:47 OpenVPN systemd[1]: Finished OpenVPN service.
Jan 11 09:47:57 OpenVPN os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda1
Jan 11 09:47:57 OpenVPN 50mounted-tests: debug: /dev/sda1 type not recognised; skipping
Jan 11 09:47:57 OpenVPN os-prober: debug: os detected by /usr/lib/os-probes/50mounted-tests
Jan 11 09:48:05 OpenVPN kernel: [4924607.976439] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.978730] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.984859] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.989439] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.993406] rc rc0: receive overflow


NOTE: i am hammered with that rc rc0: receive overflow message in my logs. Like my syslogs are unusable because that floods every few seconds.

When connecting via client, i only see it talk about the 192.168.0.0/23 subnet.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: New Subnet Route Not working

Post by TinCanTech » Tue Jan 11, 2022 4:39 pm

See --log in the manual.

rootdet
OpenVpn Newbie
Posts: 4
Joined: Mon Jan 10, 2022 11:14 pm

Re: New Subnet Route Not working

Post by rootdet » Tue Jan 11, 2022 5:48 pm

This is started with systemctl, i did try adding that into /etc/defaults/openvpn but it never added it when starting.

I also tried
log-append /var/log/openvpn/openvpn.log

but the logs are pointless with the RC over flow going off thousands of times a second.

rootdet
OpenVpn Newbie
Posts: 4
Joined: Mon Jan 10, 2022 11:14 pm

Re: New Subnet Route Not working

Post by rootdet » Tue Jan 11, 2022 5:54 pm

I did a grep -v and got rid of the junk for now. Here is this piece in the log

Code: Select all

Jan 11 12:26:02 OpenVPN openvpn[698]: user/1.1.1.1:1194 PUSH: Received control message: 'PUSH_REQUEST'
Jan 11 12:26:02 OpenVPN openvpn[698]:  user/1.1.1.1:1194 SENT CONTROL [user]: 'PUSH_REPLY,dhcp-option DNS 192.168.0.1,dhcp-option DOMAIN local,route 192.168.0.0 255.255.254.0,route-gateway 10.10.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.10.0.5 255.255.255.0,peer-id 3,cipher AES-256-GCM' (status=1)
looks like it is not even attempting to push the new 10.0.0.0/8 route

Post Reply