We have a route 192.168.0.0/23 that is pushed out successfully. I am trying to add 10.0.0.0/8 which from the vpnserver perspective is reachable via the default gateway. basicly we are moving subnets around and moving into the 10.x subnets. I have reloaded AND restarted the openvpn service and each time i only get the 192.168.0.0/23 route added, it does nothing about the 10.x route.
Some info:
OpenVPN version installed via APT: OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
Ubuntu 20.04.3 LTS
Server sits on the 192.168.0.0/23 VLAN segment now. 10.0.0.0/8 are other subnets that they default gateway can fully route to.
Server Config
local 192.168.0.3
port 1194
proto udp
dev tun10
--verify-client-cert require
ca ca.crt
cert issued/server.crt
key private/server.key
dh dh.pem
tls-crypt tc.key
crl-verify crl.pem
duplicate-cn
topology subnet
client-to-client
#push "redirect-gateway def1 bypass-dhcp"
server 10.10.0.0 255.255.255.0
push "dhcp-option DNS 192.168.0.1"
push "dhcp-option DOMAIN local"
push "route 192.168.0.0 255.255.254.0"
push "route 10.0.0.0 255.0.0.0"
route 192.168.0.0 255.255.254.0
route 10.0.0.0 255.0.0.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
reneg-sec 43200
persist-key
persist-tun
auth SHA512
cipher AES-256-GCM
user nobody
group nogroup
status openvpn-status.log
verb 3
explicit-exit-notify 1
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/server/auth_ldap.conf"
port 1194
proto udp
dev tun10
--verify-client-cert require
ca ca.crt
cert issued/server.crt
key private/server.key
dh dh.pem
tls-crypt tc.key
crl-verify crl.pem
duplicate-cn
topology subnet
client-to-client
#push "redirect-gateway def1 bypass-dhcp"
server 10.10.0.0 255.255.255.0
push "dhcp-option DNS 192.168.0.1"
push "dhcp-option DOMAIN local"
push "route 192.168.0.0 255.255.254.0"
push "route 10.0.0.0 255.0.0.0"
route 192.168.0.0 255.255.254.0
route 10.0.0.0 255.0.0.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
reneg-sec 43200
persist-key
persist-tun
auth SHA512
cipher AES-256-GCM
user nobody
group nogroup
status openvpn-status.log
verb 3
explicit-exit-notify 1
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/server/auth_ldap.conf"
My routing table
routing table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eno1
10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun10
192.168.0.0 0.0.0.0 255.255.254.0 U 0 0 0 eno1
192.168.0.1 0.0.0.0 255.255.255.255 UH 100 0 0 eno1
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 eno1
10.10.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun10
192.168.0.0 0.0.0.0 255.255.254.0 U 0 0 0 eno1
192.168.0.1 0.0.0.0 255.255.255.255 UH 100 0 0 eno1
Syslog
Syslog
Jan 11 09:47:42 OpenVPN systemd[1]: systemd-timedated.service: Succeeded.
Jan 11 09:47:47 OpenVPN systemd[1]: openvpn.service: Succeeded.
Jan 11 09:47:47 OpenVPN systemd[1]: Stopped OpenVPN service.
Jan 11 09:47:47 OpenVPN systemd[1]: Stopping OpenVPN service...
Jan 11 09:47:47 OpenVPN systemd[1]: Starting OpenVPN service...
Jan 11 09:47:47 OpenVPN systemd[1]: Finished OpenVPN service.
Jan 11 09:47:57 OpenVPN os-prober: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda1
Jan 11 09:47:57 OpenVPN 50mounted-tests: debug: /dev/sda1 type not recognised; skipping
Jan 11 09:47:57 OpenVPN os-prober: debug: os detected by /usr/lib/os-probes/50mounted-tests
Jan 11 09:48:05 OpenVPN kernel: [4924607.976439] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.978730] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.984859] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.989439] rc rc0: receive overflow
Jan 11 09:48:05 OpenVPN kernel: [4924607.993406] rc rc0: receive overflow
NOTE: i am hammered with that rc rc0: receive overflow message in my logs. Like my syslogs are unusable because that floods every few seconds.
When connecting via client, i only see it talk about the 192.168.0.0/23 subnet.