How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Posted: Sun Jun 20, 2021 2:08 pm
by fdanks
The subject line should say it all, but to reiterate, I want to ignore any default route directive from the server, accepting all other route directives.
I do not have the ability to reconfigure the server. It is part of a different organization and out of my control.
I am using Ubuntu Linus and I can achieve what I want with sudo route delete default tun0, but it has been very frustrating to have to do this manually every time, especially because it is not an always-on VPN and I enable it through the Ubuntu system tray.
I've read the manual, the howtos, and the sample config (only a very sparse one for client-side), and this page:
I looked at the route-related options redirect-gateway, route-nopull, and route-gateway, but got nowhere.
So, to sum it up, I want to configure the client to avoid installing a default route to the VPN gateway that the server is attempting to install, but to accept all other route directives. This is because the remote network has several subnets other than the one in which the VPN endpoint is associated with that I need to be able to access.
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Posted: Sun Jun 20, 2021 2:17 pm
by Pippin
Take a look at --pull-filter in the manual.
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Posted: Sun Jun 20, 2021 2:38 pm
by fdanks
Ok, so I tried all of these in my configuration and it did not work:
Here is the syslog entry where the route is added:
Jun 20 09:31:12 mothra NetworkManager[1238]: <info> [1624199472.2589] vpn-connection[0xXXXXXXXXX,"openvpn test",9:(tun0)]: Data: Static Route: 0.0.0.0/0 Next Hop: 172.24.42.1
The manual is of no help here as there appears to be no explicit guidance on the format of the possible pull-filter patterns and the syslog entry appears to be of no help either. It would be nice if the syslog entry contained the explicit command responsible for a given log entry (if applicable) so that I could use it as guidance for the pull-filter command.
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Posted: Sun Jun 20, 2021 2:47 pm
by 300000
If you list all subnet route to include and server gareway route to avoid i can help you do that .
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Posted: Sun Jun 20, 2021 3:09 pm
by fdanks
This is the routing table after the VPN is established:
But I was looking for a solution that would take into account any server-side changes in the future. The company I am working with is a start-up and their networks are prone to changes and updates that I would like to not have to keep up with.
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Posted: Sun Jun 20, 2021 3:19 pm
by fdanks
I tried the above and it did not work either. I just ended up with duplicate route entries:
This mean all route from server side will go over vpn but the rest will go local gateway so speed will as fast as your local internet . Try this then come back let me know if it work for you.
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Great suggestion, and I tried the above, but to no effect. My routing table still contains the default route to the gateway for some reason.
FYI: I am using the the integrated support for importing .ovpn files in Ubuntu 20.04, using the "Import from file..." option in the VPN Settings Control Panel. When I connect, syslog reports that this is the version of OpenVPN I am using:
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
I also tried the below suggestion, but it fails to load the .ovpn config file with:
`The file "XXX.ovpn" could not be read or does not contain recognized VPN connection information`
I have narrowed that error down to the use of vpn_gateway and net_gateway in the config file. My client just does not seem to want to expand those variables/aliases correctly. The import succeeds if I replace them with an explicit IP address (e.g. 172.24.42.1)
This mean all route from server side will go over vpn but the rest will go local gateway so speed will as fast as your local internet . Try this then come back let me know if it work for you.
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?
Posted: Tue Jun 22, 2021 6:11 pm
by 300000
It this working as you like now or you are trying to sort it ? The client you use something new and not the standard so it doesn't know how to make it work. If this is must be an ip i think this route work for you
Re: How do I configure the OpenVPN client to accept all routes from the server EXCLUSIVE of the default route?