Cannot add multiple routes

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
rainer@schmidles.de
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 13, 2022 7:24 pm

Cannot add multiple routes

Post by rainer@schmidles.de » Wed Apr 13, 2022 7:32 pm

Hello Community,

i have a sophos Firewall, and want to configure a split tunnel for O365 at the client.
Unfortunately i can not add multiple routes at the client side. Only the last route is added to the routing.

Here is a part of my Client Config File:

max-routes 100
route-nopull
route remote_host 255.255.255.255 net_gateway
; Alles außer O365 Server über vpn_gateway


;route 0.0.0.0 128.0.0.0 vpn_gateway
;route 128.0.0.0 128.0.0.0 vpn_gateway
route 104.146.128.0 255.255.128.0 net_gateway
route 13.107.128.0 255.255.252.0 net_gateway
route 13.107.136.0 255.255.252.0 net_gateway
route 13.107.18.10 255.255.255.254 net_gateway
route 13.107.6.152 255.255.255.254 net_gateway
route 13.107.64.0 255.255.192.0 net_gateway
route 131.253.33.215 255.255.255.255 net_gateway
route 132.245.0.0 255.255.0.0 net_gateway
route 150.171.32.0 255.255.252.0 net_gateway
route 150.171.40.0 255.255.252.0 net_gateway
route 204.79.197.215 255.255.255.255 net_gateway
route 23.103.160.0 255.255.240.0 net_gateway
route 40.104.0.0 255.254.0.0 net_gateway
route 40.108.128.0 255.255.128.0 net_gateway
route 40.96.0.0 255.248.0.0 net_gateway
route 52.104.0.0 255.252.0.0 net_gateway
route 52.112.0.0 255.252.0.0 net_gateway
route 52.96.0.0 255.252.0.0 net_gateway
route 52.120.0.0 255.252.0.0 net_gateway

And here is the result:
As i set the 52.96.0.0 routes as last route - this one is added to the routing list.

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.168.3 192.168.168.79 35
0.0.0.0 128.0.0.0 192.168.174.1 192.168.174.6 258
52.120.0.0 255.252.0.0 192.168.168.3 192.168.168.79 291
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
128.0.0.0 128.0.0.0 192.168.174.1 192.168.174.6 258
192.168.168.0 255.255.255.0 Auf Verbindung 192.168.168.79 291
192.168.168.79 255.255.255.255 Auf Verbindung 192.168.168.79 291
192.168.168.255 255.255.255.255 Auf Verbindung 192.168.168.79 291
192.168.174.0 255.255.255.0 Auf Verbindung 192.168.174.6 258
192.168.174.6 255.255.255.255 Auf Verbindung 192.168.174.6 258
192.168.174.255 255.255.255.255 Auf Verbindung 192.168.174.6 258
212.185.58.181 255.255.255.255 192.168.168.3 192.168.168.79 291
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.174.6 258
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.168.79 291
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.174.6 258
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.168.79 291
===========================================================================

Is this a bug? In the Manual i found, that i can add multiple routes!
Can there be a max-route option on the server which is first taken?

Yours sincerely

Rainer

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot add multiple routes

Post by TinCanTech » Wed Apr 13, 2022 11:14 pm

rainer@schmidles.de wrote:
Wed Apr 13, 2022 7:32 pm
want to configure a split tunnel for O365 at the client
M$ do not allow this.

rainer@schmidles.de
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 13, 2022 7:24 pm

Re: Cannot add multiple routes

Post by rainer@schmidles.de » Thu Apr 14, 2022 12:09 pm

Hello TinCanTech,

sorry, i do not understand? Who is M$? Microsoft? Microsoft recommends Split Tunnel for O365.
The question is: how can i implement this with OpenVPN?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot add multiple routes

Post by TinCanTech » Thu Apr 14, 2022 12:12 pm

Microshaft Orrifice will not use your VPN because Microshaft cheat .. so you don't need a split tunnel.


As for adding routes, you can add all the routes you like, doesn't mean they work.

And you obviously have not read your log files for errors.

rainer@schmidles.de
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 13, 2022 7:24 pm

Re: Cannot add multiple routes

Post by rainer@schmidles.de » Thu Apr 14, 2022 12:13 pm

With Open VPN Access Server it is also possible!?

Split-Tunneling with Access Server
OpenVPN Access Server provides a split tunneling option for any situation requiring an increased number of VPN users. For detailed instructions on setting up split-tunneling on your Access Server, see our resource: Understanding how split tunneling works with OpenVPN Access Server

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot add multiple routes

Post by TinCanTech » Thu Apr 14, 2022 12:20 pm

Do what-ever you like and then watch as M$ O365 does something else..

rainer@schmidles.de
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 13, 2022 7:24 pm

Re: Cannot add multiple routes

Post by rainer@schmidles.de » Thu Apr 14, 2022 12:26 pm

Hello TinCanTech,

i always read my logfile ;-)

In my Logfile from Sophos Connect there is only one "Route add" command for the last entry of my route list. The other configured routes are ignored:

Thu Apr 14 14:22:41 2022 tap-windows6 device [Ethernet] opened
Thu Apr 14 14:22:41 2022 TAP-Windows Driver Version 1.0
Thu Apr 14 14:22:41 2022 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.174.0/192.168.174.3/255.255.255.0 [SUCCEEDED]
Thu Apr 14 14:22:41 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.174.3/255.255.255.0 on interface {A75A52DB-C26C-426E-9443-D907424997D6} [DHCP-serv: 192.168.174.254, lease-time: 31536000]
Thu Apr 14 14:22:41 2022 Successful ARP Flush on interface [17] {A75A52DB-C26C-426E-9443-D907424997D6}
Thu Apr 14 14:22:41 2022 MANAGEMENT: >STATE:1649938961,ASSIGN_IP,,192.168.174.3,,,,
Thu Apr 14 14:22:45 2022 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Apr 14 14:22:45 2022 C:\WINDOWS\system32\route.exe ADD 212.185.58.181 MASK 255.255.255.255 192.168.178.1
Thu Apr 14 14:22:45 2022 Route addition via service succeeded
Thu Apr 14 14:22:45 2022 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.174.1
Thu Apr 14 14:22:45 2022 Route addition via service succeeded
Thu Apr 14 14:22:45 2022 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.174.1
Thu Apr 14 14:22:45 2022 Route addition via service succeeded
Thu Apr 14 14:22:45 2022 MANAGEMENT: >STATE:1649938965,ADD_ROUTES,,,,,,
Thu Apr 14 14:22:45 2022 C:\WINDOWS\system32\route.exe ADD 52.120.0.0 MASK 255.252.0.0 192.168.178.1
Thu Apr 14 14:22:45 2022 Route addition via service succeeded
Thu Apr 14 14:22:45 2022 C:\WINDOWS\system32\route.exe ADD 212.185.58.181 MASK 255.255.255.255 192.168.178.1
Thu Apr 14 14:22:45 2022 ROUTE: route addition failed using service: Das Objekt ist bereits vorhanden. [status=5010 if_index=6]
Thu Apr 14 14:22:45 2022 Route addition via service failed
Thu Apr 14 14:22:45 2022 Initialization Sequence Completed
Thu Apr 14 14:22:45 2022 MANAGEMENT: >STATE:1649938965,CONNECTED,SUCCESS,192.168.174.3,212.185.58.181,995,192.168.178.51,65102

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot add multiple routes

Post by TinCanTech » Thu Apr 14, 2022 1:19 pm

rainer@schmidles.de wrote:
Thu Apr 14, 2022 12:26 pm
i always read my logfile ;-)
Then you can see the error ..

rainer@schmidles.de
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 13, 2022 7:24 pm

Re: Cannot add multiple routes

Post by rainer@schmidles.de » Wed Apr 20, 2022 10:22 am

Maybe i am blind ;-)
For me, the next step in the routing list should be for example
route.exe ADD 52.96.0.0 MASK 255.252.0.0 192.168.178.1, and not a
route.exe ADD 212.185.58.181 (VPN Gateway) MASK 255.255.255.255 192.168.178.1 (net_gateway)
(which fails, because it is already in the routing list)

also when openvpn takes the routes from up to down the first route add command from my O365 Range should be 104.146.128.0 MASK 255.255.128.0 ???

The only route add command from the O365 Range is allways the last route entry from my list.

Yours sincerely

Rainer

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot add multiple routes

Post by TinCanTech » Wed Apr 20, 2022 10:38 am

The script you run for routing is not logged in the VPN log file.

rainer@schmidles.de
OpenVpn Newbie
Posts: 6
Joined: Wed Apr 13, 2022 7:24 pm

Re: Cannot add multiple routes

Post by rainer@schmidles.de » Fri Apr 22, 2022 1:22 pm

Hello TinCanTech,

you are right. I have done a few more tests today.
The problem is definitely the App Sophos Connect. If i start openvpn --config [File] the routes were established.
If i import the profile to Sophos Connect only the last route is established. It seems, that Sophos Connect filters the profile :(

Yours sincerely

Rainer

Post Reply