Difference "route" & "push route" commands

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
User avatar
Holmes.Sherlock
OpenVPN User
Posts: 40
Joined: Wed Jul 06, 2011 4:51 am

Difference "route" & "push route" commands

Post by Holmes.Sherlock » Thu Oct 20, 2011 2:08 am

Here is a sample server configuration file

Code: Select all

port 1194 
proto TCP dev 

DH / etc / openvpn / Easy - rsa / 2.0 / keys / dh1024 . PEM 

server 10.0.0.0  255.255.255.0 
client - config - dir CCD push 

"route 10.0.1.0 255.255.255.0" 
push "route 10.0 .2.0 255.255.255.0 " 
push "route 10.0.3.0 

nobody 
Group nogroup 
persist - Key 
persist - tun 
status openvpn - status . log 
verb 3
Can anybody please tell me the difference between

Code: Select all

"route 10.0.1.0 255.255.255.0"
&

Code: Select all

push "route 10.0 .2.0 255.255.255.0"
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Difference "route" & "push route" commands

Post by Mimiko » Thu Oct 20, 2011 5:45 am

Code: Select all

route 10.0.1.0 255.255.255.0
is used to add to local OpenVPN server's routing table only. And it may be used as on OpenVPN server as on client too.

Code: Select all

push "route 10.0 .2.0 255.255.255.0"
is used only in OpenVPN server's config to push the routes to client's. Insteed of using "route" command on all client's config, you can use one "push route" on server config to do the same on all clients.
Top
User avatar
Holmes.Sherlock
OpenVPN User
Posts: 40
Joined: Wed Jul 06, 2011 4:51 am

Re: Difference "route" & "push route" commands

Post by Holmes.Sherlock » Mon Oct 24, 2011 12:58 pm

Mimiko wrote:

Code: Select all

route 10.0.1.0 255.255.255.0
is used to add to local OpenVPN server's routing table only. And it may be used as on OpenVPN server as on client too.
The first parameter is the network & the second one is the netmask. But, what will the GATEWAY & INTERFACE of the added route be ?
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Difference "route" & "push route" commands

Post by Mimiko » Mon Oct 24, 2011 2:25 pm

interface will be always the tun. the gateway is the 3rd parameter. You could see the manual for the --route option.
Top
User avatar
Holmes.Sherlock
OpenVPN User
Posts: 40
Joined: Wed Jul 06, 2011 4:51 am

Re: Difference "route" & "push route" commands

Post by Holmes.Sherlock » Mon Oct 24, 2011 4:48 pm

Mimiko wrote:interface will be always the tun. the gateway is the 3rd parameter. You could see the manual for the --route option.
Regarding the default value of gateway, OpenVPN 2.0 manual says

Code: Select all

--route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.
This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.

netmask default -- 255.255.255.255

gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.

The default can be specified by leaving an option blank or setting it to "default".

The network and gateway parameters can also be specified as a DNS or /etc/hosts file resolvable name, or as one of three special keywords:

vpn_gateway -- The remote VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

net_gateway -- The pre-existing IP default gateway, read from the routing table (not supported on all OSes).

remote_host -- The --remote address if OpenVPN is being run in client mode, and is undefined in server mode.
But I'm a bit confused as the following server.conf works without any error

Code: Select all

port 1197
proto udp
topology subnet
dev tun

ca server/keys/ca.crt
cert server/keys/TeamReboot.crt
key server/keys/TeamReboot.key  # This file should be kept secret 
dh server/keys/dh1024.pem

server 10.11.0.0 255.255.255.0
ifconfig-pool-persist server/logs/ipp.txt
client-config-dir server/ccd
client-to-client

route 10.11.1.0 255.255.255.0
route 10.11.2.0 255.255.255.0

push "route 10.11.1.0 255.255.255.0"
push "route 10.11.2.0 255.255.255.0"

keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun

status server/logs/openvpn-status.log
log         server/logs/openvpn.log
log-append  server/logs/openvpn.log
verb 3
mute 20
But as you can see, I've used neither "--route-gateway" nor "--ifconfig". In this case, how'll it be interpreted?
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Difference "route" & "push route" commands

Post by Mimiko » Tue Oct 25, 2011 5:23 am

The packets for the 10.11.1 and 10.11.2 will end up on the VPN link. So it will never rich any device. "Route" intructs server to send packets for this network to VPN link, while "push route" instructs clients to send the same packets to VPN interface too. Such a configuration is never used for any purpose but testing.
Top
User avatar
Holmes.Sherlock
OpenVPN User
Posts: 40
Joined: Wed Jul 06, 2011 4:51 am

Re: Difference "route" & "push route" commands

Post by Holmes.Sherlock » Tue Oct 25, 2011 8:49 am

Mimiko wrote:The packets for the 10.11.1 and 10.11.2 will end up on the VPN link. So it will never rich any device. "
I've forgot to mention that I also used "iroute" statements in --clinet-config-dir directory to instruct OpenVPN where it should forward packets destined to any private subnet residing behind a connected client.
Top
Post Reply

Return to “Configuration”