Why are routes only pushed to clients with static IP's
Posted: Mon Sep 14, 2020 7:16 am
Hello,
I need to setup a OpenVPN network which will probably grow to a serval hundreds of clients in the next few months. Some of the clients are servers and others are devices that need services, hosted on the server(s).
The idea is to use a 10.10.0.0/16 network where all clients are into. The servers should have a static VPN IP in the range 10.10.0.1 - 10.10.0.254 and the other clients should have DHCP VPN IP's in the range 10.10.1.1 - 10.10.255.254. The OpenVPN server (currently 1) has IP 10.10.0.1
To distribute the static "server" IP's, i uncommented client-config-dir in the OpenVPN server.conf , created a config file for each server in ccd with the servers CN name as filename and added route 10.10.0.0 255.255.0.0 to server.conf. Each client file contains something like this:
// For each client that should get an static ip
ifconfig-push 10.10.0.x 10.10.0.1
iroute 10.10.0.0 255.255.0.0
When i try to ping 10.10.0.1 from one of the servers with an static VPN IP, i the ping is successfull.
For the DHCP clients i set some configurations in server.conf
dev tun
proto udp
dev tun
mode server
tls-server
ifconfig 10.10.0.1 255.255.0.0
ifconfig-pool 10.10.1.1 10.10.255.254
route-gateway 10.10.0.1
push "route-gateway 10.10.0.1"
push "route 10.10.0.0 255.255.0.0 10.10.0.1"
The clients connect correctly and get an IP in the expected range (e.g 10.10.1.61) but when i try to ping to 10.10.0.1, the ping times out. When i check the gateways with route -n i see that the wrong gateway is set:
When i add the gateway manually route add 10.10.0.1 tun0 i'm able to ping the VPN server. I still cannot ping the servers (e.g. 10.10.0.20). When i check routel, i notice that the a route to 10.10.0.0/16 is missing.
I need to setup a OpenVPN network which will probably grow to a serval hundreds of clients in the next few months. Some of the clients are servers and others are devices that need services, hosted on the server(s).
The idea is to use a 10.10.0.0/16 network where all clients are into. The servers should have a static VPN IP in the range 10.10.0.1 - 10.10.0.254 and the other clients should have DHCP VPN IP's in the range 10.10.1.1 - 10.10.255.254. The OpenVPN server (currently 1) has IP 10.10.0.1
To distribute the static "server" IP's, i uncommented client-config-dir in the OpenVPN server.conf , created a config file for each server in ccd with the servers CN name as filename and added route 10.10.0.0 255.255.0.0 to server.conf. Each client file contains something like this:
Server Config
// For each client that should get an static ip
ifconfig-push 10.10.0.x 10.10.0.1
iroute 10.10.0.0 255.255.0.0
When i try to ping 10.10.0.1 from one of the servers with an static VPN IP, i the ping is successfull.
For the DHCP clients i set some configurations in server.conf
Server config
dev tun
proto udp
dev tun
mode server
tls-server
ifconfig 10.10.0.1 255.255.0.0
ifconfig-pool 10.10.1.1 10.10.255.254
route-gateway 10.10.0.1
push "route-gateway 10.10.0.1"
push "route 10.10.0.0 255.255.0.0 10.10.0.1"
The clients connect correctly and get an IP in the expected range (e.g 10.10.1.61) but when i try to ping to 10.10.0.1, the ping times out. When i check the gateways with route -n i see that the wrong gateway is set:
Code: Select all
root@somedevice:/home/pi# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.128.60.1 0.0.0.0 UG 202 0 0 eth0
10.10.1.1 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 <-- should be 10.10.0.1 ?
10.128.60.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
Code: Select all
root@somedevice:/home/pi# routel
target gateway source proto scope dev tbl
default 10.128.60.1 10.128.60.33 dhcp eth0
10.10.0.1 link tun0
10.10.1.1 10.10.1.2 kernel link tun0
10.128.60.0/ 24 10.128.60.33 dhcp link eth0
10.10.1.2 local 10.10.1.2 kernel host tun0 local
10.128.60.0 broadcast 10.128.60.33 kernel link eth0 local
10.128.60.33 local 10.128.60.33 kernel host eth0 local
10.128.60.255 broadcast 10.128.60.33 kernel link eth0 local
127.0.0.0 broadcast 127.0.0.1 kernel link lo local
127.0.0.0/ 8 local 127.0.0.1 kernel host lo local
127.0.0.1 local 127.0.0.1 kernel host lo local
127.255.255.255 broadcast 127.0.0.1 kernel link lo local
::1 kernel lo
fe80::/ 64 kernel eth0
fe80::/ 64 kernel tun0
::1 local kernel lo local
fe80::65cf:ce3:fc9f:20fa local kernel eth0 local
fe80::c648:ccba:8f47:86b7 local kernel tun0 local
ff00::/ 8 eth0 local
ff00::/ 8 tun0 local
/code]
When i add this route manually ip route add 10.10.0.0/16 via 10.10.0.1 i can ping the servers (e.g. 10.10.0.20) :-D
---------------------------
I noticed that the routes that i try to push to the clients ([quote]push "route-gateway 10.10.0.1"[/quote] and [quote]push "route 10.10.0.0 255.255.0.0 10.10.0.1"[/quote]) are only pushed to clients with static ip's but not to the one's with an DHCP IP. How can i also push the route(s) and gateway to the DHCP clients as well?