OpenVPN clients only create routes for 2 of 3 subnets pushed

[nickmilleruk]

Hi all,

I have configured an OpenVPN server that pushes 3 routes to clients as follows:

View OriginalServer Config

# Push routes for VPN subnets
push "route 10.10.90.0 255.255.255.0"
push "route 10.10.40.0 255.255.255.0"
push "route 10.10.10.0 255.225.225.0"

When a client connects I see the following logged:

Code: Select all

'PUSH_REPLY,route 10.10.90.0 255.255.255.0,route 10.10.40.0 255.255.255.0,route 10.10.10.0 255.225.225.0,route-gateway 172.21.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.21.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)

So it looks like all 3 of the configured subnets are getting pushed to the client.

However, on the client, I only see two of the routes setup:

Code: Select all

10.10.40/24
- Gateway: link#38
- Iface: utun9
- Flags: UCS
- IP Version: Internet
- Refs: 0
- Use: 0
- MTU: 1500
- Expire: -1

10.10.90/24
- Gateway: link#38
- Iface: utun9
- Flags: UCS
- IP Version: Internet
- Refs: 0
- Use: 0
- MTU: 1500
- Expire: -1

The third route never shows up. This appears to be the same on multiple clients.

For the life of me, I can not figure out why this is happening. There does not appear to be any overlapping subnets. It just doesn't show up!

Any ideas or pointers to help me figure this out would be greatly appreciated. I am at a complete loss at the moment.

Thanks
Nick

[nickmilleruk]

I was able to pull the logs from the client, and you can see the routes being pushed but then the IP assignment skips that one subnet! Please note the client logs appear in reverse to normal logs when exported.

Code: Select all

[Dec 04, 2022, 00:29:43] Connected via NetworkExtensionTUN

[Dec 04, 2022, 00:29:43] NIP: adding (included) IPv4 route 10.10.40.0/24

[Dec 04, 2022, 00:29:43] NIP: adding (included) IPv4 route 10.10.90.0/24

[Dec 04, 2022, 00:29:43] NIP: adding (included) IPv4 route 172.21.0.0/24

[Dec 04, 2022, 00:29:43] NIP: adding IPv4 address to network settings 172.21.0.3/255.255.255.0

[Dec 04, 2022, 00:29:43] NIP: init TUN network settings with endpoint: ***.***.***.***

[Dec 04, 2022, 00:29:43] NIP: preparing TUN network settings

[Dec 04, 2022, 00:29:43] EVENT: ASSIGN_IP

[Dec 04, 2022, 00:29:43] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 0

[Dec 04, 2022, 00:29:43] OPTIONS:
0 [route] [10.10.90.0] [255.255.255.0]
1 [route] [10.10.40.0] [255.255.255.0]
2 [route] [10.10.10.0] [255.225.225.0]
3 [route-gateway] [172.21.0.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [172.21.0.3] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [AES-256-GCM]

[Dec 04, 2022, 00:29:43] Sending PUSH_REQUEST to server...

[Pippin]

Hi,

Code: Select all

10.10.10.0 255.225.220.0

That won't work.

https://www.calculator.net/ip-subnet-calculator.html
.

[nickmilleruk]

My apologies, that was a typo that I fixed in the config before I started the server. Unfortunately, I copied it from my original file when I made the post. The correct subnet mask is in the server config and I have updated it above. The problem was still there after that was fixed, unfortunately.

Code: Select all

push "route 10.10.10.0 255.225.225.0"

As you can see from the client log - it gets pushed properly with the right subnet mask but still doesn't get set up.

Thanks
Nick

[Pippin]

Hi,

Code: Select all

push "route 10.10.10.0 255.225.225.0"

It's invalid, I could have been more clear about that.

See the link I posted before and here:
https://www.subnetting.net/Tutorial.aspx
.

[nickmilleruk]

oh goodness me - I see it now - 225 instead of 255 - blinded by the 2's and the 5's! Seems I often get numbers that repeat mixed up. I can't believe how obvious that is now!

Now it is fixed to have the proper subnet mask, and everything works ok.

Code: Select all

push "route 10.10.10.0 255.255.255.0"

Thank you so much for your help there.

Nick

[Pippin]

Welcome, glad it works now.