i have Mikrotik UDP OpenVPN server (ROS 7.6) basically without problems. I use various clients (X86 or Aarch64). I have installed the latest version of Debian (Dietpi) on RPI CM4 where the only available version of OVPN 2.5. I generated certificates, put the profile - all works flawlessy except route. Mikrotik doesnt have possibility to push route and i have to solve it on client side
client config
client
dev tun
proto udp
remote vpn.on.mikrotik 1195
float
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
askpass client.pass
verb 5
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache
script-security 2
up after.sh
#route 10.0.1.0 255.255.255.0
#route 192.168.87.0 255.255.255.0
log-append openvpn.log
here is after.sh (with #!/bin/sh on first line)
after.sh
#!/bin/sh
ip route add 192.168.87.0/24 via 0.0.0.0 dev tun0
ip route add 10.0.1.0/24 via 0.0.0.0 dev tun0
with this setup previous version of dietpi/openvpn all working good and no problem at all.
But here is problem that OVPN exited (and stoped working or reconnect) because:
- ip route return error code -2 because kernel doesnt add one route because
- my network, where I install/testing is 10.0.1.0/24
- Script try add route wich exist because i have assigned local IP 10.0.1.x via eth0 and try add route via tun0
so i tried eliminate external script and use route directly in config
client config
..same config without up after.sh ....
route 10.0.1.0 255.255.255.0
route 192.168.87.0 255.255.255.0
....
now OVPN doesnt exit and stop, but throw errors
Code: Select all
2022-12-07 15:09:02 us=533913 net_route_v4_best_gw query: dst 0.0.0.0
2022-12-07 15:09:02 us=534590 net_route_v4_best_gw result: via 10.0.1.1 dev eth0
2022-12-07 15:09:02 us=534817 ROUTE_GATEWAY 10.0.1.1/255.255.255.0 IFACE=eth0 HWADDR=e4:5f:01:63:d6:f4
2022-12-07 15:09:02 us=538439 TUN/TAP device tun0 opened
2022-12-07 15:09:02 us=538647 do_ifconfig, ipv4=1, ipv6=0
2022-12-07 15:09:02 us=538852 net_iface_mtu_set: mtu 1500 for tun0
2022-12-07 15:09:02 us=539223 net_iface_up: set tun0 up
2022-12-07 15:09:02 us=539660 net_addr_v4_add: 192.168.89.28/24 dev tun0
2022-12-07 15:09:02 us=540346 net_route_v4_add: 10.0.1.0/24 via 192.168.87.205 dev [NULL] table 0 metric -1
2022-12-07 15:09:02 us=540543 sitnl_send: rtnl: generic error (-101): Network is unreachable
2022-12-07 15:09:02 us=540752 ERROR: Linux route add command failed
2022-12-07 15:09:02 us=540804 net_route_v4_add: 192.168.87.0/24 via 192.168.87.205 dev [NULL] table 0 metric -1
2022-12-07 15:09:02 us=540965 sitnl_send: rtnl: generic error (-101): Network is unreachable
2022-12-07 15:09:02 us=541041 ERROR: Linux route add command failed
if i dont use after.sh or route, connection is solid and working
Clients are headless on my "customer" site, most time DHCP with address pool which I will not affect (and yes, there can be situation that customer can have my subnet 10.0.1.0 which i want to route to my network, but that's a situation I can't influence and I'm not going to deal with it now)
I know that is not so clever add route wich are actually added, but before, it was working for what i need.
Can you help me correct way to do routing without OVPN crashing ?
Thank you