Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN default route overriding WAN default route

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 959 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rmccall2k16
      last edited by

      Hello all!

      I've setup a p2p (or site-to-site I guess) openvpn connection via HideMyAss, but everytime I connect, the default route it pushes is used GLOBALLY and I don't want that. How do I stop it from doing this?

      I tried using policy based routing, but I have several VLANs, and if I say allow everything through WANGW, then they can no longer speak to each other, which I don't completely understand.

      My endgame is to route a SINGLE PORT (i.e. 50505) from a SINGLE IP  (i.e. 10.2.10.254) through this tunnel. Any suggestions?

      My log:

      Jun 18 05:58:08 openvpn 17430 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Jun 18 05:58:08 openvpn 17430 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Jun 18 05:58:08 openvpn 17430 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Jun 18 05:58:08 openvpn 17430 [server] Peer Connection Initiated with [AF_INET]45.42.230.2:443
      Jun 18 05:58:11 openvpn 17430 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
      Jun 18 05:58:11 openvpn 17430 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.4.1,dhcp-option DNS 10.200.4.1,ping 10,ping-restart 90,redirect-gateway def1,ifconfig-ipv6 2001:db8:123::2/64 2001:db8:123::1,route-ipv6 2000::/3 2001:db8:123::1,explicit-exit-notify 2,ifconfig 10.200.6.104 255.255.252.0'
      Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: timers and/or timeouts modified
      Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: explicit notify parm(s) modified
      Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: –ifconfig/up options modified
      Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: route options modified
      Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: route-related options modified
      Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      Jun 18 05:58:11 openvpn 17430 ROUTE_GATEWAY 72.202.211.161
      Jun 18 05:58:11 openvpn 17430 ROUTE6: default_gateway=UNDEF
      Jun 18 05:58:11 openvpn 17430 TUN/TAP device ovpnc2 exists previously, keep at program end
      Jun 18 05:58:11 openvpn 17430 TUN/TAP device /dev/tun2 opened
      Jun 18 05:58:11 openvpn 17430 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
      Jun 18 05:58:11 openvpn 17430 /sbin/ifconfig ovpnc2 10.200.6.104 10.200.4.1 mtu 1500 netmask 255.255.252.0 up
      Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 10.200.4.0 10.200.6.104 255.255.252.0
      Jun 18 05:58:11 openvpn 17430 /sbin/ifconfig ovpnc2 inet6 2001:db8:123::2/64
      Jun 18 05:58:11 openvpn 17430 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1542 10.200.6.104 255.255.252.0 init
      Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 45.42.230.2 72.202.211.161 255.255.255.255
      Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 0.0.0.0 10.200.4.1 128.0.0.0
      Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 128.0.0.0 10.200.4.1 128.0.0.0
      Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 10.2.10.254 10.200.4.1 255.255.255.255
      Jun 18 05:58:11 openvpn 17430 add_route_ipv6(2000::/3 -> 2001:db8:123::1 metric -1) dev ovpnc2
      Jun 18 05:58:11 openvpn 17430 /sbin/route add -inet6 2000::/3 -iface ovpnc2
      Jun 18 05:58:11 openvpn 17430 Initialization Sequence Completed

      1 Reply Last reply Reply Quote 0
      • K Offline
        kpa
        last edited by

        Check the "Don't pull routes" option in the client settings and set up routes yourself.

        1 Reply Last reply Reply Quote 0
        • R Offline
          rmccall2k16
          last edited by

          Ok, that's solved but ive followed almost every tutorial I can find and i cannot get traffic through this VPN. I've tried the Alias route, traffic leaves apparently but it looks like it dosent know how to get back. Infact every method I try looks that way. Traffic leaves the pipe and never comes back.

          I created the manual nat rules. I currently have the Alias setup. What am I Missing?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.