IP Routes apply on boot but when when service is restarted

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
oitdmser
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 23, 2023 5:58 pm

IP Routes apply on boot but when when service is restarted

Post by oitdmser » Thu Feb 23, 2023 6:07 pm

I have a server on a local subnet 192.168.40.0/24 that has a local intranet web server for just the local network. The same server uses OpenVPN to create a VPN tunnel that is used by it for all other global IP addresses. The idea is that this server accesses the world via the VPN, but it's web and SSH servers are still accessible by clients on the local networks (192.168.40.0/24 and 10.1.0.0/16)

I added the following to my /etc/openvpn/xxxvpn.conf file

Code: Select all

route 10.1.0.0 255.255.0.0 192.168.40.1
route 192.168.40.0 255.255.255.0 192.168.40.1
and

Code: Select all

AUTOSTART="xxxvpn.conf
to /etc/default/openvpn

enabled the service with

Code: Select all

systemctl enable openvpn@xxxvpn.service
upon reboot the vpn starts successfully and the IP routes are applied. I'm able to access its web server from the LAN and the server sends all global traffic through the VPN via the VPN tunnel. However, if I restart the vpn using

Code: Select all

 sudo systemctl restart openvpn@xxxvpn.service
I'm suddenly unable to access the server from the LAN.

Heres the pertinent section from the openvpn log on a fresh boot:

Code: Select all

Feb 22 10:49:59 pbj ovpn-us8273[845]: TUN/TAP device tun0 opened
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_iface_mtu_set: mtu 1500 for tun0
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_iface_up: set tun0 up
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_addr_v4_add: 10.8.0.9/24 dev tun0
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 212.102.47.110/32 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 10.1.0.0/16 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 192.168.40.0/24 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: Initialization Sequence Completed

and the same section of log after I issue

Code: Select all

systemctl restart openvpn@xxxvpn.service

Code: Select all

Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_addr_v4_add: 10.8.2.11/24 dev tun0
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: x.x.x.x/32 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Feb 22 11:09:17 pbj ovpn-us8273[1454]: ERROR: Linux route add command failed
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 0.0.0.0/1 via 10.8.2.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 128.0.0.0/1 via 10.8.2.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 10.1.0.0/16 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Feb 22 11:09:17 pbj ovpn-us8273[1454]: ERROR: Linux route add command failed
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 192.168.40.0/24 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Feb 22 11:09:17 pbj ovpn-us8273[1454]: ERROR: Linux route add command failed

It's odd that adding routes works on boot but not at service restart. Should I be restarting openvpn differently somehow? Any suggestions on what I'm doing wrong here?

Post Reply