IP Routes apply on boot but when when service is restarted
Posted: Thu Feb 23, 2023 6:07 pm
I have a server on a local subnet 192.168.40.0/24 that has a local intranet web server for just the local network. The same server uses OpenVPN to create a VPN tunnel that is used by it for all other global IP addresses. The idea is that this server accesses the world via the VPN, but it's web and SSH servers are still accessible by clients on the local networks (192.168.40.0/24 and 10.1.0.0/16)
I added the following to my /etc/openvpn/xxxvpn.conf file
and to /etc/default/openvpn
enabled the service with
upon reboot the vpn starts successfully and the IP routes are applied. I'm able to access its web server from the LAN and the server sends all global traffic through the VPN via the VPN tunnel. However, if I restart the vpn using I'm suddenly unable to access the server from the LAN.
Heres the pertinent section from the openvpn log on a fresh boot:
and the same section of log after I issue
It's odd that adding routes works on boot but not at service restart. Should I be restarting openvpn differently somehow? Any suggestions on what I'm doing wrong here?
I added the following to my /etc/openvpn/xxxvpn.conf file
Code: Select all
route 10.1.0.0 255.255.0.0 192.168.40.1
route 192.168.40.0 255.255.255.0 192.168.40.1Code: Select all
AUTOSTART="xxxvpn.confenabled the service with
Code: Select all
systemctl enable openvpn@xxxvpn.serviceCode: Select all
sudo systemctl restart openvpn@xxxvpn.serviceHeres the pertinent section from the openvpn log on a fresh boot:
Code: Select all
Feb 22 10:49:59 pbj ovpn-us8273[845]: TUN/TAP device tun0 opened
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_iface_mtu_set: mtu 1500 for tun0
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_iface_up: set tun0 up
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_addr_v4_add: 10.8.0.9/24 dev tun0
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 212.102.47.110/32 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 10.1.0.0/16 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: net_route_v4_add: 192.168.40.0/24 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 10:49:59 pbj ovpn-us8273[845]: Initialization Sequence Completed
Code: Select all
systemctl restart openvpn@xxxvpn.serviceCode: Select all
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_addr_v4_add: 10.8.2.11/24 dev tun0
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: x.x.x.x/32 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Feb 22 11:09:17 pbj ovpn-us8273[1454]: ERROR: Linux route add command failed
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 0.0.0.0/1 via 10.8.2.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 128.0.0.0/1 via 10.8.2.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 10.1.0.0/16 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Feb 22 11:09:17 pbj ovpn-us8273[1454]: ERROR: Linux route add command failed
Feb 22 11:09:17 pbj ovpn-us8273[1454]: net_route_v4_add: 192.168.40.0/24 via 192.168.40.1 dev [NULL] table 0 metric -1
Feb 22 11:09:17 pbj ovpn-us8273[1454]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Feb 22 11:09:17 pbj ovpn-us8273[1454]: ERROR: Linux route add command failedIt's odd that adding routes works on boot but not at service restart. Should I be restarting openvpn differently somehow? Any suggestions on what I'm doing wrong here?