OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Push Route doesn't work, but route add does

https://forums.openvpn.net/viewtopic.php?t=7317

Page 1 of 1

Push Route doesn't work, but route add does

Posted: Wed Nov 24, 2010 10:19 pm
by BillyBuerger
We have two subnets at our office right now and OpenVPN setup to connect to one of them. I tried pushing the route to the second subnet and it shows up on my client. But I can't ping any PCs on it. If I delete the route on the client and do a route add for the subnet, it works. The only difference I see is that open VPN adds the route with a gateway (the OpenVPN server IP) while route add has On-Link for the gateway. Note that the server is running Windows XP and this particular client is running vista. I know I've seen the same thing in Win7 but don't remember if I've ever tried on XP.

After OpenVPN connection

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.16.1     192.168.16.2     30
       10.60.16.0    255.255.240.0    192.168.15.22   192.168.15.217     30
     192.168.15.0    255.255.255.0         On-link    192.168.15.217    286
    92.168.15.217  255.255.255.255         On-link    192.168.15.217    286
    92.168.15.255  255.255.255.255         On-link    192.168.15.217    286
Manual execute route add

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.16.1     192.168.16.2     30
       10.60.16.0    255.255.240.0         On-link    192.168.15.217     60
     192.168.15.0    255.255.255.0         On-link    192.168.15.217    286
    92.168.15.217  255.255.255.255         On-link    192.168.15.217    286
    92.168.15.255  255.255.255.255         On-link    192.168.15.217    286
Maybe there are better ways to set this up. I've thought about going the tunnel route instead of bridged. But it's been working for years and I don't really want to mess with it any more than I have to. I just want to be able to add the route in a way that works correctly. And since I can manually add the route on the client, it seems there should be a way to have it do that for me. Below are my server and client configs. Thanks.

Server Config...

Code: Select all

mode server
port 1195
proto udp
dev tap
duplicate-cn
ca "****"
cert "****"
key "****"
dh "****"
server-bridge 192.168.15.22 255.255.255.0 192.168.15.210 192.168.15.224
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify "****"
push "route 10.60.16.0 255.255.240.0"
Client config

Code: Select all

client 
dev tap 
proto udp 
remote **** 1195 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
ca **** 
cert **** 
key **** 
ns-cert-type server 
cipher BF-CBC 
comp-lzo 
verb 1

Re: Push Route doesn't work, but route add does

Posted: Fri Jan 28, 2011 5:48 pm
by arnotixe
As http://superuser.com/questions/59996/wh ... nt-command says, "On-Link" means the address can be resolved on the local link, without any gateways.

Can you ping 192.168.15.22 from the client in question, before adding routes manually?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/