OpenWRT routing issues (double default route)

[inte]

Hello,

I'm not particularly new to OpenVPN but it used to work fine for me ever since.
However, I'm now running into trouble.
I've setup a OpenVPN server on an OpenWRT router with this config:

Code: Select all

mode server 
tls-server 


### network options 
port 1194 
proto udp 
dev tun 


### Certificate and key files 
ca /etc/easy-rsa/keys/ca.crt 
cert /etc/easy-rsa/keys/server.crt 
key /etc/easy-rsa/keys/server.key 
dh /etc/easy-rsa/keys/dh1024.pem 


server 10.0.0.0 255.255.255.0 
push "redirect-gateway def1" 
push "dhcp-option DNS 192.168.1.23" # Change this to your router's LAN IP Address 
client-to-client 

	
### (optional) compression (Can be slow) 
comp-lzo 
persist-key 
persist-tun 
verb 3 
keepalive 10 120 
log-append /var/log/openvpn/openvpn.log

On the client side, I made a basic configuration like this:

Code: Select all

 
client
dev tun
proto udp
remote XXXX.dyndns.tv 1194
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 5
float

I'm usually using this configuration with gnome networkmanager, and all works fine, but...
When I try to establish the tunnel from the command line, I somehow get double entries in the routing table.
This is the routing table when using networkmanager:

Code: Select all

Ziel            Router          Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.5        0.0.0.0         UG    0      0        0 tun0
10.0.0.0        10.0.0.5        255.255.255.0   UG    0      0        0 tun0
10.0.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
31.18.XX.XX     193.174.XX.XX   255.255.255.255 UGH   0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
193.174.XX.XX    0.0.0.0         255.255.255.0   U     1      0        0 eth0

(I'm not sure what in particular are the two bottom routes are about, but they don't really bother me, though)

And this is the table when starting from the command line (openvpn --config test.ovpn)

Code: Select all

Ziel            Router          Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.5        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         193.174.XX.XX   0.0.0.0         UG    0      0        0 eth0
10.0.0.0        10.0.0.5        255.255.255.0   UG    0      0        0 tun0
10.0.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
31.18.XX.XX     193.174.XX.XX   255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.0.0.5        128.0.0.0       UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0
193.174.XX.XX    0.0.0.0         255.255.255.0   U     1      0        0 eth0

I'm using Ubuntu 12.04 LTS as client.
The reason I was playing around with the prompt is that I actually wanted to exclude my local network from the VPN tunnel.
I therefore put these lines in the client configuration file:

Code: Select all

route 193.174.XX.XX 255.255.255.0 net_gateway

However, networkmanager seems to ignore these lines when I import the configuration file, and, as written above, I cannot try this configuration from the console since then the vpn does not work at all.
Thank you in advance!

[Mimiko]

You routing table is fine. What you are trying to do is not necesarly, as if not specified specifically, you lan will not go thru tunnel.

[inte]

Figured it out in the meantime.
I'm in a quite big local network, with several routers.
I have now added each of the subnets wich is only reached through a router as additional routes for the eth0 interface (if I would set these in the VPN-Config in Network manager, they would be set for dev tun0 but not dev eth0 which of course doesn't work).
That works fine, at least regarding the routing.
I'm now trying to figure out how to configure the resolv.conf to select the local dns for local domains but the remote/vpn-dns for remote domains (since I don't want all my queries to go to the local dns, even though the local dns works as dns relay.
Unfortunately, simply adding the local dns as dns2 in resolv.conf doesn't work, since if the remote dns can't resolve a local domain it would reply "not found", and resolv wouldn't try the second dns in that case (it only does on timeout). On the other hand, if I would put the local dns first, it would ALWAYS be queried, which is something that I surely don't want.
I could of course add the most frequent local domains to /etc/hosts, but that would rather be a ugly workaround.
Any suggestions?
Thank you in advance!

[Mimiko]

Use an intermediary dns server, like dnsmasq, and configure it properly.