Pushing Routes

ichilton · Post by **ichilton** » Tue Jan 11, 2011 4:41 pm

Hi,

I am pushing a whole load of routes for all of my servers from the OpenVPN server to the clients as I want to manage them centrally.

The problem is, I hit a limit as it said the buffer (1024) had been exceeded so what I need to do is cut down the number of routes.

I am however having to have 3 routes for each range, because we are using all 8 ip's in a range, for example:

Code: Select all

push "route 123.123.123.200 255.255.255.248"
push "route 123.123.123.200 255.255.255.255"
push "route 123.123.123.207 255.255.255.255"

The route for 123.123.123.200/255.255.255.248 doesn't seem to include the upper and lower addresses, .200 and .207 as they are usually used for network and broadcast so to use them, I seem to have to include them separately.

For the range that includes the VPN server, i need to have 4 routes:

Code: Select all

push "route 123.123.123.177 255.255.255.255 net_gateway"
push "route 123.123.123.176 255.255.255.248"
push "route 123.123.123.176 255.255.255.255"
push "route 123.123.123.183 255.255.255.255"

Is it possible these can be done using less routes?

Also, is it possible the push buffer can be increased without re-compiling? - i'm using the Debian packages and would like to continue to do so.

Thanks,

Ian

Post by **gladiatr72** » Tue Jan 11, 2011 4:50 pm

I guess I'm not staying up on what openvpn is being used for Out In the World. Can you describe what your actual goal is? I'm horribly fuzzy on why you would need to be pushing over 1000 routes. Before I injure myself thinking about it, do you think you could go into a little more depth regarding what you're trying to accomplish?

I mean, in a nutshell, you're trying to use a route definition to route a network where one doesn't exist. I would think adding host routes to cover the network and broadcast addresses of an existing network route would cause things to go horribly wrong, but then, it has never occurred to me to try.

Anyway, yes. Please...

Thanks

-Stephen

ichilton · Post by **ichilton** » Tue Jan 11, 2011 4:56 pm

Hi,

Sorry, the 1024 was in the error message and I assume is the buffer size, not number of routes.

I'm only pushing 28 routes (but only for 14 actual network ranges, as per my question).

Thanks,

Ian

Post by **krzee** » Wed Jan 12, 2011 5:54 am

what version of openvpn are you running? i believe this limit was lifted awhile ago by allowing multiple push messages
also, read up on how subnetting works... you can route based on larger subnets than a single ip at a time...
when there is a route for a network, and a more specific route for a network inside that (or even a single ip) the most specific route is used.

ichilton · Post by **ichilton** » Wed Jan 12, 2011 8:45 am

Hi,

I'm using 2.1~rc11-1 in Debian 5.0 (lenny).

I am using subnetting but it's problematic - that was part of my question - see above.

Thanks,

Ian

Post by **krzee** » Wed Jan 12, 2011 9:07 am

oh i see now
just update to the new version of openvpn, the issue should fix itself =]
http://www.openvpn.net/download

xnpu · Post by **xnpu** » Wed Jan 12, 2011 7:04 pm

Install latest version. Use max-routes directive to enlarge the buffer if needed.

ichilton · Post by **ichilton** » Wed Jan 12, 2011 8:14 pm

Hi,

Great, thanks!

Looks like there are Debian packages available - i'll just have to remember to update manually.

Ian

OpenVPN Support Forum

Pushing Routes

Pushing Routes

Re: Pushing Routes

Re: Pushing Routes

Re: Pushing Routes

Re: Pushing Routes

Re: Pushing Routes

Re: Pushing Routes

Re: Pushing Routes