OpenVPN Support Forum

Hello everybody,

i've setup a bridged openvpn server inside our lan, clients can connect, DNS works, whole lan is reachable.
So far everything is fine (cursed a lot, but learned a lot too).

Now I need to route the clients to the subnet (172.16.0.0) of our subsidiary which is tunneled by a firewall (Sonicwall/192.168.73.254).

My first try was to push this route through the server config:
push "route 172.16.0.0 255.255.255.0 192.168.73.254"
Effect: i assume it f*** up the ethernet bridge or tap, clients could connect, but couldn't even ping the openvpn server anymore.

Second try was to setup the route manually on the client command line (win32):
route add 172.16.0.0 mask 255.255.255.0 192.168.73.254
Effect: works perfectly, lan and subnet are reachable, but not very comfortable.

Third try was setting the route in the client config:
route 172.16.0.0 255.255.255.0 192.168.73.254
Effect: subnet is still not reachable.

What i found out is that with the client config method the route gateway ist not setup correctly. The gateway for this route is then set to openvpn's ip (192.168.73.2) and not the required one.

Any help and especially explanation is very welcome, since i'd prefer not to have to setup scripts for this route to work.

serverconfig
**************
port PORT
proto udp
dev tap0
float
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server-bridge 192.168.73.2 255.255.255.0 192.168.73.110 192.168.73.130
push "dhcp-option DNS 192.168.73.1"
push "dhcp-option WINS 192.168.73.1"
keepalive 10 120
comp-lzo
max-clients 20
client-to-client
user nobody
group nobody
persist-key
persist-tun
duplicate-cn
ifconfig-pool-persist ipp.txt

Client config
**************
tls-client
dev tap
proto udp
remote PUBLIC_IP PORT
pkcs12 USER.p12
pull
nobind
persist-key
persist-tun
ip-win32 dynamic
comp-lzo
verb 3
ns-cert-type server

Since I didn't get any answers, i'll try a short version:

I'm having problems setting up a subnet route via config files.
Apparently the client doesn't configure the right gateway for this route.

Still no ideas?

Please take the time to read the following URL:

http://www.secure-computing.net/wiki/in ... PN/Routing

Let me know if you still have questions.

Thanks for the link, but it doesn't apply to my problem at all.

The subnet (172.16.0.0) I want to reach is connected through a gateway that is not the
OpenVPN-server and it is not behind the clients.

Every try to push this route to the openvpn clients leads to a routing where the
openvpn server is set as gateway for this route.

If the route is configured manually, the gateway is set up correctly and everything is reachable.

There are a couple things that you can try. First, I'd add the route-delay option, and set it to 5 or 10 seconds, so:

route-delay 5

then add:

push "route 172.16.0.0 255.255.255.0 192.168.73.254"