i have Mikrotik UDP OpenVPN server (ROS 7.6) basically without problems. I use various clients (X86 or Aarch64). I have installed the latest version of Debian (Dietpi) on RPI CM4 where the only available version of OVPN 2.5. I generated certificates, put the profile - all works flawlessy except route. Mikrotik doesnt have possibility to push route and i have to solve it on client side
remote vpn.on.mikrotik 1195
#route 10.0.1.0 255.255.255.0
#route 192.168.87.0 255.255.255.0
here is after.sh (with #!/bin/sh on first line)
ip route add 192.168.87.0/24 via 0.0.0.0 dev tun0
ip route add 10.0.1.0/24 via 0.0.0.0 dev tun0
with this setup previous version of dietpi/openvpn all working good and no problem at all.
But here is problem that OVPN exited (and stoped working or reconnect) because:
- ip route return error code -2 because kernel doesnt add one route because
- my network, where I install/testing is 10.0.1.0/24
- Script try add route wich exist because i have assigned local IP 10.0.1.x via eth0 and try add route via tun0
so i tried eliminate external script and use route directly in config
..same config without up after.sh ....
route 10.0.1.0 255.255.255.0
route 192.168.87.0 255.255.255.0
now OVPN doesnt exit and stop, but throw errors
Code: Select all
2022-12-07 15:09:02 us=533913 net_route_v4_best_gw query: dst 0.0.0.0 2022-12-07 15:09:02 us=534590 net_route_v4_best_gw result: via 10.0.1.1 dev eth0 2022-12-07 15:09:02 us=534817 ROUTE_GATEWAY 10.0.1.1/255.255.255.0 IFACE=eth0 HWADDR=e4:5f:01:63:d6:f4 2022-12-07 15:09:02 us=538439 TUN/TAP device tun0 opened 2022-12-07 15:09:02 us=538647 do_ifconfig, ipv4=1, ipv6=0 2022-12-07 15:09:02 us=538852 net_iface_mtu_set: mtu 1500 for tun0 2022-12-07 15:09:02 us=539223 net_iface_up: set tun0 up 2022-12-07 15:09:02 us=539660 net_addr_v4_add: 192.168.89.28/24 dev tun0 2022-12-07 15:09:02 us=540346 net_route_v4_add: 10.0.1.0/24 via 192.168.87.205 dev [NULL] table 0 metric -1 2022-12-07 15:09:02 us=540543 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-12-07 15:09:02 us=540752 ERROR: Linux route add command failed 2022-12-07 15:09:02 us=540804 net_route_v4_add: 192.168.87.0/24 via 192.168.87.205 dev [NULL] table 0 metric -1 2022-12-07 15:09:02 us=540965 sitnl_send: rtnl: generic error (-101): Network is unreachable 2022-12-07 15:09:02 us=541041 ERROR: Linux route add command failed
if i dont use after.sh or route, connection is solid and working
Clients are headless on my "customer" site, most time DHCP with address pool which I will not affect (and yes, there can be situation that customer can have my subnet 10.0.1.0 which i want to route to my network, but that's a situation I can't influence and I'm not going to deal with it now)
I know that is not so clever add route wich are actually added, but before, it was working for what i need.
Can you help me correct way to do routing without OVPN crashing ?