ubuntu openvpn server and edgerouter openvpn client

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 18, 2018 1:41 am

ubuntu openvpn server and edgerouter openvpn client

Post by empty112 » Mon Jun 18, 2018 1:52 am

i have set up a ubuntu server with openvpn server running on it with then my edge router acting as a openvpn client connects to it allowing my to vpn into the ubuntu server but then have direct access to my local network behind the edge router.

Below is the server config:

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_xxx.crt
key /etc/openvpn/easy-rsa/pki/private/server_xxx.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet

# Set your primary domain name server address for clients
push "dhcp-option DNS"
push "dhcp-option DNS"

# push "route"
push "route"
push "route"

route 1
route 1

# Prevent DNS leaks on Windows
# push "block-outside-dns"
# Override the Client default gateway by using and
# rather than This has the benefit of
# overriding but not wiping out the original default gateway.
# push "redirect-gateway def1"

keepalive 10 120
remote-cert-tls client
# tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.

# Client config directory
client-config-dir /etc/openvpn/ccd

With the Edge router having the following settings:

openvpn vtun1 {
hash sha256
mode client
openvpn-option "--tls-auth /config/auth/ta.key 0"
openvpn-option --comp-lzo
openvpn-option "--verb 3"
openvpn-option "--cipher AES-256-CBC"
openvpn-option "--verify-x509-name server_xxx name"
openvpn-option "--remote-cert-tls server"
openvpn-option --persist-tun
openvpn-option --persist-key
openvpn-option --nobind
openvpn-option "--resolv-retry infinite"
openvpn-option "--key-direction 1"
protocol udp
remote-host xxx
remote-port 1194
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/xxx.crt
key-file /config/auth/xxx.key

The connection works without any issues, i can VPN to the ubuntu and access the edgerouter network and access the vpn server via the edge router network.

The issue is that once the VPN connects it creates a connection route:

C *> is directly connected, vtun1
C is directly connected, vtun1

this is causing issues with some traffic trying load through the VPN and causing connection issues.

On the router i have tried to add the following with no changes


If there a way for the OpenVPN not to push the connection route or to change it so the connection route is instead of

Or am i doing something wrong with how i have set it up causing it to create a connection route of

Any help would be great

Post Reply