Greetings,
We are using OpenVPN on Amazon EC2. We don't want to make it the default gateway, instead we just want to push routes for all the public networks (https://forums.aws.amazon.com/ann.jspa?annID=1030) to the clients.
We have it mostly working, but the problem arises when we try to route the network which contains the VPN server also over the VPN. When we do this, we create a routing loop that breaks the tunnel.
In this case, the VPN server is on 50.19.4.143. We also have other servers on the same network that we want to route over vpn.
What I think I need to do is to create a route for 50.19.4.143/32 to go to their existing default gateway (e.g. not OpenVPN), but I don't know how do do that using server-side OpenVPN configuration syntax.
Any ideas?!
Thanks,
Erik Osterman
Configuration below:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
crl-verify crl.pem
server 192.168.186.0 255.255.255.0
ifconfig-pool-persist ipp.txt
# Push the local OpenVPN network route
push "route 192.168.186.0 255.255.252.0"
# us-east-1 (virginia)
push "route 216.182.224.0 255.255.240.0"
push "route 72.44.32.0 255.255.224.0"
push "route 67.202.0.0 255.255.192.0"
push "route 75.101.128.0 255.255.128.0"
push "route 174.129.0.0 255.255.0.0"
push "route 204.236.192.0 255.255.192.0"
push "route 184.73.0.0 255.255.0.0"
push "route 184.72.128.0 255.255.128.0"
push "route 184.72.64.0 255.255.192.0"
push "route 50.16.0.0 255.254.0.0"
push "route 50.19.0.0 255.255.0.0"
push "route 107.20.0.0 255.254.0.0"
# us-west-1 (california)
push "route 204.236.128.0 255.255.192.0"
push "route 184.72.0.0 255.255.192.0"
push "route 50.18.0.0 255.255.0.0"
# eu-west-1 (ireland)
push "route 79.125.0.0 255.255.128.0"
push "route 46.51.128.0 255.255.192.0"
push "route 46.51.192.0 255.255.240.0"
push "route 46.137.0.0 255.255.128.0"
push "route 46.137.128.0 255.255.192.0"
# ap-southeast-1 (singapore)
push "route 175.41.128.0 255.255.192.0"
push "route 122.248.192.0 255.255.192.0"
push "route 46.137.224.0 255.255.224.0"
# ap-northeast-1 (tokyo)
push "route 175.41.192.0 255.255.192.0"
push "route 46.51.224.0 255.255.224.0"
# DHCP options
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN int.clickermedia.com"
client-to-client
duplicate-cn
keepalive 30 120
comp-lzo
max-clients 60
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 5
How to Avoid Routing Loop
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: How to Avoid Routing Loop
use
this will set up a /32 route to go via what the client has as the default LAN gateway.
Code: Select all
push "route 50.19.4.143 255.255.255.255 net_gateway"-
osterman
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 02, 2011 7:36 pm
Re: How to Avoid Routing Loop
Thank you! You saved me so much time trying to figure this out. It worked like charm.