OpenVPN dosen't put back def.gateway

Samples of working configurations.
slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 24, 2015 2:59 pm

As the subj. says I have a problem. Everything works fine and I can connect and use the VPN but when i disconnect, I dont get my default gateway back untill I manually enters it in the TCP/IP.

My setup is in 10.0.0.0/24 with static ip

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: OpenVPN dosen't put back def.gateway

Post by maikcat » Tue Mar 24, 2015 6:07 pm

post your server config or your client log.

Michael.

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Sat Mar 28, 2015 6:26 pm

Sorry - for some reason i didnt see the reply. Thanks btw :)

this is my config:

client
dev tun
proto tcp
remote <ip> <port>
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert slupper.crt
key slupper.key
ns-cert-type server
#dhcp-option DNS 8.8.8.8
route-delay 2
route-method exe
comp-lzo
verb 3

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: OpenVPN dosen't put back def.gateway

Post by maikcat » Sun Mar 29, 2015 1:30 pm

i requested...
post your server config or your client log.
and you posted
this is my config:

client
your client config... :roll:

can you please post server config and client logs?

Michael.

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Sun Mar 29, 2015 1:50 pm

Again - sorry. I need to spend more time reading what you write i guess.

Its not my OpenVPN server, so i dont have the config, so i guess the client log will have to do :)

Sun Mar 29 15:47:48 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 4 2015
Sun Mar 29 15:47:48 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Enter Management Password:
Sun Mar 29 15:47:48 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Mar 29 15:47:48 2015 Need hold release from management interface, waiting...
Sun Mar 29 15:47:48 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Mar 29 15:47:48 2015 MANAGEMENT: CMD 'state on'
Sun Mar 29 15:47:48 2015 MANAGEMENT: CMD 'log all on'
Sun Mar 29 15:47:48 2015 MANAGEMENT: CMD 'hold off'
Sun Mar 29 15:47:48 2015 MANAGEMENT: CMD 'hold release'
Sun Mar 29 15:47:49 2015 Socket Buffers: R=[8192->8192] S=[64512->64512]
Sun Mar 29 15:47:49 2015 Attempting to establish TCP connection with [AF_INET]5.79.77.54:1194 [nonblock]
Sun Mar 29 15:47:49 2015 MANAGEMENT: >STATE:1427636869,TCP_CONNECT,,,
Sun Mar 29 15:47:50 2015 TCP connection established with [AF_INET]5.79.77.54:1194
Sun Mar 29 15:47:50 2015 TCPv4_CLIENT link local: [undef]
Sun Mar 29 15:47:50 2015 TCPv4_CLIENT link remote: [AF_INET]5.79.77.54:1194
Sun Mar 29 15:47:50 2015 MANAGEMENT: >STATE:1427636870,WAIT,,,
Sun Mar 29 15:47:50 2015 MANAGEMENT: >STATE:1427636870,AUTH,,,
Sun Mar 29 15:47:50 2015 TLS: Initial packet from [AF_INET]5.79.77.54:1194, sid=6ba3364c 143946d9
Sun Mar 29 15:47:50 2015 VERIFY OK: depth=1, C=EU, ST=EU, L=SeedHost, O=website, OU=seedhost.eu, CN=seedhost.eu, name=seedhost.eu, emailAddress=support@seedhost.eu
Sun Mar 29 15:47:50 2015 VERIFY OK: nsCertType=SERVER
Sun Mar 29 15:47:50 2015 VERIFY OK: depth=0, C=EU, ST=EU, L=SeedHost, O=website, OU=seedhost.eu, CN=seedhost.eu, name=seedhost.eu, emailAddress=support@seedhost.eu
Sun Mar 29 15:47:51 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 29 15:47:51 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 29 15:47:51 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 29 15:47:51 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 29 15:47:51 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 29 15:47:51 2015 [seedhost.eu] Peer Connection Initiated with [AF_INET]5.79.77.54:1194
Sun Mar 29 15:47:53 2015 MANAGEMENT: >STATE:1427636873,GET_CONFIG,,,
Sun Mar 29 15:47:54 2015 SENT CONTROL [seedhost.eu]: 'PUSH_REQUEST' (status=1)
Sun Mar 29 15:47:54 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.114 10.8.0.113'
Sun Mar 29 15:47:54 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar 29 15:47:54 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar 29 15:47:54 2015 OPTIONS IMPORT: route options modified
Sun Mar 29 15:47:54 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Mar 29 15:47:54 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 29 15:47:54 2015 MANAGEMENT: >STATE:1427636874,ASSIGN_IP,,10.8.0.114,
Sun Mar 29 15:47:54 2015 open_tun, tt->ipv6=0
Sun Mar 29 15:47:54 2015 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{CA16050B-7261-4AC0-B24D-1364C5DAD40B}.tap
Sun Mar 29 15:47:54 2015 TAP-Windows Driver Version 9.9
Sun Mar 29 15:47:54 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.114/255.255.255.252 on interface {CA16050B-7261-4AC0-B24D-1364C5DAD40B} [DHCP-serv: 10.8.0.113, lease-time: 31536000]
Sun Mar 29 15:47:54 2015 Successful ARP Flush on interface [16] {CA16050B-7261-4AC0-B24D-1364C5DAD40B}
Sun Mar 29 15:47:56 2015 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Mar 29 15:47:56 2015 C:\Windows\system32\route.exe ADD 5.79.77.54 MASK 255.255.255.255 10.0.0.1
Sun Mar 29 15:47:56 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:47:56 2015 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 10.0.0.1
Sun Mar 29 15:47:56 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:47:57 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.113
Sun Mar 29 15:47:57 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:47:58 2015 MANAGEMENT: >STATE:1427636878,ADD_ROUTES,,,
Sun Mar 29 15:47:58 2015 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.113
Sun Mar 29 15:47:58 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:47:58 2015 Initialization Sequence Completed
Sun Mar 29 15:47:58 2015 MANAGEMENT: >STATE:1427636878,CONNECTED,SUCCESS,10.8.0.114,5.79.77.54
Sun Mar 29 15:48:07 2015 C:\Windows\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.113
Sun Mar 29 15:48:07 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:48:08 2015 C:\Windows\system32\route.exe DELETE 5.79.77.54 MASK 255.255.255.255 10.0.0.1
Sun Mar 29 15:48:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:48:08 2015 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 10.8.0.113
Sun Mar 29 15:48:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:48:08 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.0.0.1
Sun Mar 29 15:48:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:48:08 2015 Closing TUN/TAP interface
Sun Mar 29 15:48:08 2015 SIGTERM[hard,] received, process exiting
Sun Mar 29 15:48:08 2015 MANAGEMENT: >STATE:1427636888,EXITING,SIGTERM,,
^^ this is a connect and a disconnect

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN dosen't put back def.gateway

Post by Traffic » Sun Mar 29, 2015 4:41 pm

Title: Re: OpenVPN dosen't put back def.gateway
slupper wrote:My setup is in 10.0.0.0/24 with static ip
I presume your default gateway is 10.0.0.1
slupper wrote:Sun Mar 29 15:48:08 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.0.0.1
Sun Mar 29 15:48:08 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Mar 29 15:48:08 2015 Closing TUN/TAP interface
Sun Mar 29 15:48:08 2015 SIGTERM[hard,] received, process exiting
Sun Mar 29 15:48:08 2015 MANAGEMENT: >STATE:1427636888,EXITING,SIGTERM,,
Default gateway restored ..

What is the problem ??

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Sun Mar 29, 2015 5:54 pm

it might be sending the command, but it doesen't work. When i go to my TCP/IP its not there. Could it be that i need to run it as administrator or something?

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN dosen't put back def.gateway

Post by Traffic » Sun Mar 29, 2015 6:22 pm

slupper wrote:Could it be that i need to run it as administrator or something?
You must run openvpn as administrator ..

I recommend you use the OpenVPN Windows Service to start and stop OpenVPN ..

Set --verb 4 in your client config .. maybe there will be some error message.

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Sun Mar 29, 2015 7:21 pm

Thanks for the help so far. The reason i posted in the first place was that it did exactly the same thing on a laptop i have.

Im gonna go ahead and try the additions and get back here if i run into trouble

Again - thanks for the help

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: OpenVPN dosen't put back def.gateway

Post by maikcat » Mon Mar 30, 2015 5:22 am

When i go to my TCP/IP its not there
because i didnt get this one,
what is the output of netstat -nr AFTER you disconnect from vpn?

Michael.

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 31, 2015 5:37 pm

Hehe :)

The output is this (and in advance i apologise for the danish):

C:\Users\Mikkel>netstat -nr
===========================================================================
Liste over grænseflader
16...00 ac ac 80 88 5a ......VPN Client Adapter - VPN
15...00 ff ca 16 05 0b ......TAP-Windows Adapter V9 #2
11...00 22 15 fd 3d 53 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Contr
13...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
14...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Rutetabel
===========================================================================
Aktive ruter:
Netværksdestination Netmaske Gateway Grænseflade Metrikværdi
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.5 11
10.0.0.0 255.255.255.0 On-link 10.0.0.5 266
10.0.0.5 255.255.255.255 On-link 10.0.0.5 266
10.0.0.255 255.255.255.255 On-link 10.0.0.5 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.118.0 255.255.255.0 On-link 192.168.118.1 276
192.168.118.1 255.255.255.255 On-link 192.168.118.1 276
192.168.118.255 255.255.255.255 On-link 192.168.118.1 276
192.168.184.0 255.255.255.0 On-link 192.168.184.1 276
192.168.184.1 255.255.255.255 On-link 192.168.184.1 276
192.168.184.255 255.255.255.255 On-link 192.168.184.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.5 266
224.0.0.0 240.0.0.0 On-link 192.168.184.1 276
224.0.0.0 240.0.0.0 On-link 192.168.118.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.5 266
255.255.255.255 255.255.255.255 On-link 192.168.184.1 276
255.255.255.255 255.255.255.255 On-link 192.168.118.1 276
===========================================================================
Vedvarende ruter:
Ingen

IPv6 Rutetabel
===========================================================================
Aktive ruter:
Hvis Metrik Netværk Destination Gateway
1 306 ::1/128 On-link
13 276 fe80::/64 On-link
14 276 fe80::/64 On-link
14 276 fe80::1935:d7a1:96fd:cb9f/128
On-link
13 276 fe80::b059:f1c:26d6:a56f/128
On-link
1 306 ff00::/8 On-link
13 276 ff00::/8 On-link
14 276 ff00::/8 On-link
===========================================================================
Vedvarende ruter:
Hvis Metrik Netværk Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================

So to me it looks fine here. It has the correct def. gateway.

It turns out that i DOES actually work - its only when i restart the PC that it its not working and THEN i have to add the default gateway to tcp/ip. I mean - I could work around it by just adding the route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.0.0.1 to a bat file and make it run that file during startup i suppose. Its just weird, and its just weird that not many other people experience this, since I have managed to make it fail on 2 PC's

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN dosen't put back def.gateway

Post by Traffic » Tue Mar 31, 2015 7:59 pm

slupper wrote:its just weird that not many other people experience this
Most people would have a default gateway .. all the time.

If you use DHCP then check your DHCP server .. probably on your LAN router.
If you have static local IP then assign the default gateway in network properties.

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 31, 2015 9:13 pm

Yep I'm on static ip. And that's what i keep having to do - add it manually.

Im not sure, but I think maybe i have gotte a bit further. If I do the route command without any switches, I will get the normal help, and here it says that if you dont use the -p switch, it will not keep the route after restart.

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 31, 2015 9:15 pm

-p Når den anvendes med kommandoen ADD, bibeholdes en rute
efter genstart af systemet. Som standard bevares ruter ikke,
når systemet genstartes.

Roughly translated: When applied with the ADD command, the route is kept after system restart. As standard routes are not kept when the system is restarted.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN dosen't put back def.gateway

Post by Traffic » Tue Mar 31, 2015 10:02 pm

slupper wrote:Yep I'm on static ip. And that's what i keep having to do - add it manually
Why not setup your windows correctly ?

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 31, 2015 10:08 pm

Can you elaborate on what you define "correctly" as?

I have set it up with a static ip, a netmask and the correct gateway. OpenVPN removes that gateway as it supposed to, but does not add it back correctly by not adding the -p switch

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN dosen't put back def.gateway

Post by Traffic » Tue Mar 31, 2015 10:15 pm

slupper wrote:its only when i restart the PC that it its not working and THEN i have to add the default gateway to tcp/ip
Configure windows with a default gateway :geek:
Last edited by Traffic on Tue Mar 31, 2015 10:19 pm, edited 1 time in total.

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 31, 2015 10:19 pm

Its already configured with the correct def. gateway. I though I'd already written that a few times.


if you want specifics:
Computer: 10.0.0.5 mask 255.255.255.0 default gateway 10.0.0.1
Router: 10.0.0.1 255.255.255.0

Totally vanilla, plain simple config

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 31, 2015 10:23 pm

... then i start openvpn and connect. If i then go to my TCP/IP settings, the default gateway has been removed (i assume as intended).

Then disconnect OpenVPN and it adds a route 0.0.0.0 0.0.0.0 10.0.0.1 which is correct.

After i restart windows that route has been flushen, and im left with no default gateway untill i add i manually.

I assume thats not working as intended.

- as i wrote earlier, it seems to me that OpenVPN need to close with:
route.exe ADD -p 0.0.0.0 MASK 0.0.0.0 10.0.0.1 and not route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.0.0. as its doing now

slupper
OpenVPN User
Posts: 13
Joined: Tue Mar 24, 2015 2:53 pm

Re: OpenVPN dosen't put back def.gateway

Post by slupper » Tue Mar 31, 2015 10:57 pm

I just did some testing.

route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.0.0.1 will add the default route temporary while route.exe ADD -p 0.0.0.0 MASK 0.0.0.0 10.0.0.1 will add it permanently, so i assume it must be a bug in openVPN

Post Reply