OpenVPN clients only create routes for 2 of 3 subnets pushed

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
nickmilleruk
OpenVpn Newbie
Posts: 4
Joined: Sun Dec 04, 2022 12:59 am

OpenVPN clients only create routes for 2 of 3 subnets pushed

Post by nickmilleruk » Sun Dec 04, 2022 1:10 am

Hi all,

I have configured an OpenVPN server that pushes 3 routes to clients as follows:

Server Config
# Push routes for VPN subnets
push "route 10.10.90.0 255.255.255.0"
push "route 10.10.40.0 255.255.255.0"
push "route 10.10.10.0 255.225.225.0"


When a client connects I see the following logged:

Code: Select all

'PUSH_REPLY,route 10.10.90.0 255.255.255.0,route 10.10.40.0 255.255.255.0,route 10.10.10.0 255.225.225.0,route-gateway 172.21.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.21.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
So it looks like all 3 of the configured subnets are getting pushed to the client.

However, on the client, I only see two of the routes setup:

Code: Select all

10.10.40/24
- Gateway: link#38
- Iface: utun9
- Flags: UCS
- IP Version: Internet
- Refs: 0
- Use: 0
- MTU: 1500
- Expire: -1

10.10.90/24
- Gateway: link#38
- Iface: utun9
- Flags: UCS
- IP Version: Internet
- Refs: 0
- Use: 0
- MTU: 1500
- Expire: -1
The third route never shows up. This appears to be the same on multiple clients.

For the life of me, I can not figure out why this is happening. There does not appear to be any overlapping subnets. It just doesn't show up!

Any ideas or pointers to help me figure this out would be greatly appreciated. I am at a complete loss at the moment.

Thanks
Nick
Last edited by nickmilleruk on Sun Dec 04, 2022 2:48 pm, edited 1 time in total.

nickmilleruk
OpenVpn Newbie
Posts: 4
Joined: Sun Dec 04, 2022 12:59 am

Re: OpenVPN clients only create routes for 2 of 3 subnets pushed

Post by nickmilleruk » Sun Dec 04, 2022 1:34 am

I was able to pull the logs from the client, and you can see the routes being pushed but then the IP assignment skips that one subnet! Please note the client logs appear in reverse to normal logs when exported.

Code: Select all

[Dec 04, 2022, 00:29:43] Connected via NetworkExtensionTUN

[Dec 04, 2022, 00:29:43] NIP: adding (included) IPv4 route 10.10.40.0/24

[Dec 04, 2022, 00:29:43] NIP: adding (included) IPv4 route 10.10.90.0/24

[Dec 04, 2022, 00:29:43] NIP: adding (included) IPv4 route 172.21.0.0/24

[Dec 04, 2022, 00:29:43] NIP: adding IPv4 address to network settings 172.21.0.3/255.255.255.0

[Dec 04, 2022, 00:29:43] NIP: init TUN network settings with endpoint: ***.***.***.***

[Dec 04, 2022, 00:29:43] NIP: preparing TUN network settings

[Dec 04, 2022, 00:29:43] EVENT: ASSIGN_IP

[Dec 04, 2022, 00:29:43] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 0

[Dec 04, 2022, 00:29:43] OPTIONS:
0 [route] [10.10.90.0] [255.255.255.0]
1 [route] [10.10.40.0] [255.255.255.0]
2 [route] [10.10.10.0] [255.225.225.0]
3 [route-gateway] [172.21.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [172.21.0.3] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [AES-256-GCM]

[Dec 04, 2022, 00:29:43] Sending PUSH_REQUEST to server...

User avatar
Pippin
Forum Team
Posts: 1189
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OpenVPN clients only create routes for 2 of 3 subnets pushed

Post by Pippin » Sun Dec 04, 2022 3:14 am

Hi,

Code: Select all

10.10.10.0 255.225.220.0
That won't work.

https://www.calculator.net/ip-subnet-calculator.html
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

nickmilleruk
OpenVpn Newbie
Posts: 4
Joined: Sun Dec 04, 2022 12:59 am

Re: OpenVPN clients only create routes for 2 of 3 subnets pushed

Post by nickmilleruk » Sun Dec 04, 2022 2:48 pm

My apologies, that was a typo that I fixed in the config before I started the server. Unfortunately, I copied it from my original file when I made the post. The correct subnet mask is in the server config and I have updated it above. The problem was still there after that was fixed, unfortunately.

Code: Select all

push "route 10.10.10.0 255.225.225.0"
As you can see from the client log - it gets pushed properly with the right subnet mask but still doesn't get set up.

Thanks
Nick

User avatar
Pippin
Forum Team
Posts: 1189
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OpenVPN clients only create routes for 2 of 3 subnets pushed

Post by Pippin » Sun Dec 04, 2022 2:59 pm

Hi,
nickmilleruk wrote:
Sun Dec 04, 2022 2:48 pm

Code: Select all

push "route 10.10.10.0 255.225.225.0"
It's invalid, I could have been more clear about that.

See the link I posted before and here:
https://www.subnetting.net/Tutorial.aspx
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

nickmilleruk
OpenVpn Newbie
Posts: 4
Joined: Sun Dec 04, 2022 12:59 am

Re: OpenVPN clients only create routes for 2 of 3 subnets pushed

Post by nickmilleruk » Sun Dec 04, 2022 11:19 pm

oh goodness me - I see it now - 225 instead of 255 - blinded by the 2's and the 5's! Seems I often get numbers that repeat mixed up. I can't believe how obvious that is now!

Now it is fixed to have the proper subnet mask, and everything works ok.

Code: Select all

push "route 10.10.10.0 255.255.255.0"
Thank you so much for your help there.

Nick

User avatar
Pippin
Forum Team
Posts: 1189
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: OpenVPN clients only create routes for 2 of 3 subnets pushed

Post by Pippin » Mon Dec 05, 2022 7:03 am

Welcome, glad it works now.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Post Reply