OpenVPN Connect with static routes?

[actionbuddha]

I have an OpenVPN server, and an Android client that works fine when pushing the redirect-gateway option. A particular wifi network I connect to has two local subnets. I'd like to push a static route to bypass the vpn for these two subnets.

From reading the docs, I think the following should do the trick:

push "route x.x.x.x y.y.y.y net_gateway"
push "redirect-gateway def1 bypass-dhcp"

and indeed both client and server accept the config, and the client shows in its log that it has processed it, but tcpdump on the server shows that all packets for the intended target static are still sent to the vpn.

Are the route and redirect-gateway options mutually exclusive on the android platform?

Cheers,
Paul

[actionbuddha]

Try reversing the order of your routing commands:

Code: Select all

push "redirect-gateway def1 bypass-dhcp
push "route x.x.x.x y.y.y.y net_gateway""

Thanks for such a fast response! Tried that just now, change confirmed from client log, no change in behaviour. Is the route option even supported on android I wonder?

[actionbuddha]

Is the route option even supported on android I wonder?

If your default gateway is being reconfigured by OpenVPN when using redirect gateway def1 then clearly the device supports routing.

However, you may be pushing incorrect routing parameters and so the route addition fails.
Difficult to say without your configs and logs ...

I was working under the assumption that the Android API contained a function to change default gateway as part of its vpn suite without necessarily exposing the full suite of routing tools.

The exact config snippet from my config file is:

push "redirect-gateway def1 bypass-dhcp"
push "route 10.1.6.192 255.255.255.224 net_gateway"

The logfile on the server shows this being pushed:

May 1 14:32:32 server openvpn[6550]: hostname/x.x.x.x:39795 PUSH: Received control message: 'PUSH_REQUEST'
May 1 14:32:32 server openvpn[6550]: hostname/x.x.x.x:39795 send_push_reply(): safe_cap=940
May 1 14:32:32 server openvpn[6550]: hostname/x.x.x.x:39795 SENT CONTROL [hostname.fqdn]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.1.6.192 255.255.255.224 net_gateway,dhcp-option DNS 10.9.0.1,ping 0,ping-restart 120,route 10.9.0.1,topology net30,ifconfig 10.9.0.6 10.9.0.5' (status=1)

The log on the Android phone shows this option being received, I don't know how to get that off the device.

Target ip address of the server I'm trying to reach via this route is 10.1.6.195. I've tried putting a /32 specific route in with the target gateway:

push "route 10.1.6.195 255.255.255.255 10.250.0.1"

just in case it didn't like the net_gateway keyword, same result.

I've been searching for a way to get the routing table from my phone without rooting it, no luck yet. Thanks for your replies so far!

[actionbuddha]

I don't know a way of getting the routing table from an Android device short of rooting it, which I don't really want to do. Not sure where to go from here. I was hoping there was a dev listening who could pipe up on whether static routes are thought to work on Android before I roll sleeves up further...