How to Avoid Routing Loop
Posted: Thu Jun 02, 2011 7:53 pm
Greetings,
We are using OpenVPN on Amazon EC2. We don't want to make it the default gateway, instead we just want to push routes for all the public networks (https://forums.aws.amazon.com/ann.jspa?annID=1030) to the clients.
We have it mostly working, but the problem arises when we try to route the network which contains the VPN server also over the VPN. When we do this, we create a routing loop that breaks the tunnel.
In this case, the VPN server is on 50.19.4.143. We also have other servers on the same network that we want to route over vpn.
What I think I need to do is to create a route for 50.19.4.143/32 to go to their existing default gateway (e.g. not OpenVPN), but I don't know how do do that using server-side OpenVPN configuration syntax.
Any ideas?!
Thanks,
Erik Osterman
Configuration below:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
crl-verify crl.pem
server 192.168.186.0 255.255.255.0
ifconfig-pool-persist ipp.txt
# Push the local OpenVPN network route
push "route 192.168.186.0 255.255.252.0"
# us-east-1 (virginia)
push "route 216.182.224.0 255.255.240.0"
push "route 72.44.32.0 255.255.224.0"
push "route 67.202.0.0 255.255.192.0"
push "route 75.101.128.0 255.255.128.0"
push "route 174.129.0.0 255.255.0.0"
push "route 204.236.192.0 255.255.192.0"
push "route 184.73.0.0 255.255.0.0"
push "route 184.72.128.0 255.255.128.0"
push "route 184.72.64.0 255.255.192.0"
push "route 50.16.0.0 255.254.0.0"
push "route 50.19.0.0 255.255.0.0"
push "route 107.20.0.0 255.254.0.0"
# us-west-1 (california)
push "route 204.236.128.0 255.255.192.0"
push "route 184.72.0.0 255.255.192.0"
push "route 50.18.0.0 255.255.0.0"
# eu-west-1 (ireland)
push "route 79.125.0.0 255.255.128.0"
push "route 46.51.128.0 255.255.192.0"
push "route 46.51.192.0 255.255.240.0"
push "route 46.137.0.0 255.255.128.0"
push "route 46.137.128.0 255.255.192.0"
# ap-southeast-1 (singapore)
push "route 175.41.128.0 255.255.192.0"
push "route 122.248.192.0 255.255.192.0"
push "route 46.137.224.0 255.255.224.0"
# ap-northeast-1 (tokyo)
push "route 175.41.192.0 255.255.192.0"
push "route 46.51.224.0 255.255.224.0"
# DHCP options
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN int.clickermedia.com"
client-to-client
duplicate-cn
keepalive 30 120
comp-lzo
max-clients 60
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 5
We are using OpenVPN on Amazon EC2. We don't want to make it the default gateway, instead we just want to push routes for all the public networks (https://forums.aws.amazon.com/ann.jspa?annID=1030) to the clients.
We have it mostly working, but the problem arises when we try to route the network which contains the VPN server also over the VPN. When we do this, we create a routing loop that breaks the tunnel.
In this case, the VPN server is on 50.19.4.143. We also have other servers on the same network that we want to route over vpn.
What I think I need to do is to create a route for 50.19.4.143/32 to go to their existing default gateway (e.g. not OpenVPN), but I don't know how do do that using server-side OpenVPN configuration syntax.
Any ideas?!
Thanks,
Erik Osterman
Configuration below:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
crl-verify crl.pem
server 192.168.186.0 255.255.255.0
ifconfig-pool-persist ipp.txt
# Push the local OpenVPN network route
push "route 192.168.186.0 255.255.252.0"
# us-east-1 (virginia)
push "route 216.182.224.0 255.255.240.0"
push "route 72.44.32.0 255.255.224.0"
push "route 67.202.0.0 255.255.192.0"
push "route 75.101.128.0 255.255.128.0"
push "route 174.129.0.0 255.255.0.0"
push "route 204.236.192.0 255.255.192.0"
push "route 184.73.0.0 255.255.0.0"
push "route 184.72.128.0 255.255.128.0"
push "route 184.72.64.0 255.255.192.0"
push "route 50.16.0.0 255.254.0.0"
push "route 50.19.0.0 255.255.0.0"
push "route 107.20.0.0 255.254.0.0"
# us-west-1 (california)
push "route 204.236.128.0 255.255.192.0"
push "route 184.72.0.0 255.255.192.0"
push "route 50.18.0.0 255.255.0.0"
# eu-west-1 (ireland)
push "route 79.125.0.0 255.255.128.0"
push "route 46.51.128.0 255.255.192.0"
push "route 46.51.192.0 255.255.240.0"
push "route 46.137.0.0 255.255.128.0"
push "route 46.137.128.0 255.255.192.0"
# ap-southeast-1 (singapore)
push "route 175.41.128.0 255.255.192.0"
push "route 122.248.192.0 255.255.192.0"
push "route 46.137.224.0 255.255.224.0"
# ap-northeast-1 (tokyo)
push "route 175.41.192.0 255.255.192.0"
push "route 46.51.224.0 255.255.224.0"
# DHCP options
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN int.clickermedia.com"
client-to-client
duplicate-cn
keepalive 30 120
comp-lzo
max-clients 60
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 5