OpenVPN default route overriding WAN default route



  • Hello all!

    I've setup a p2p (or site-to-site I guess) openvpn connection via HideMyAss, but everytime I connect, the default route it pushes is used GLOBALLY and I don't want that. How do I stop it from doing this?

    I tried using policy based routing, but I have several VLANs, and if I say allow everything through WANGW, then they can no longer speak to each other, which I don't completely understand.

    My endgame is to route a SINGLE PORT (i.e. 50505) from a SINGLE IP  (i.e. 10.2.10.254) through this tunnel. Any suggestions?

    My log:

    Jun 18 05:58:08 openvpn 17430 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Jun 18 05:58:08 openvpn 17430 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Jun 18 05:58:08 openvpn 17430 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Jun 18 05:58:08 openvpn 17430 [server] Peer Connection Initiated with [AF_INET]45.42.230.2:443
    Jun 18 05:58:11 openvpn 17430 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Jun 18 05:58:11 openvpn 17430 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.200.4.1,dhcp-option DNS 10.200.4.1,ping 10,ping-restart 90,redirect-gateway def1,ifconfig-ipv6 2001:db8:123::2/64 2001:db8:123::1,route-ipv6 2000::/3 2001:db8:123::1,explicit-exit-notify 2,ifconfig 10.200.6.104 255.255.252.0'
    Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: timers and/or timeouts modified
    Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: explicit notify parm(s) modified
    Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: –ifconfig/up options modified
    Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: route options modified
    Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: route-related options modified
    Jun 18 05:58:11 openvpn 17430 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Jun 18 05:58:11 openvpn 17430 ROUTE_GATEWAY 72.202.211.161
    Jun 18 05:58:11 openvpn 17430 ROUTE6: default_gateway=UNDEF
    Jun 18 05:58:11 openvpn 17430 TUN/TAP device ovpnc2 exists previously, keep at program end
    Jun 18 05:58:11 openvpn 17430 TUN/TAP device /dev/tun2 opened
    Jun 18 05:58:11 openvpn 17430 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
    Jun 18 05:58:11 openvpn 17430 /sbin/ifconfig ovpnc2 10.200.6.104 10.200.4.1 mtu 1500 netmask 255.255.252.0 up
    Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 10.200.4.0 10.200.6.104 255.255.252.0
    Jun 18 05:58:11 openvpn 17430 /sbin/ifconfig ovpnc2 inet6 2001:db8:123::2/64
    Jun 18 05:58:11 openvpn 17430 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1542 10.200.6.104 255.255.252.0 init
    Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 45.42.230.2 72.202.211.161 255.255.255.255
    Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 0.0.0.0 10.200.4.1 128.0.0.0
    Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 128.0.0.0 10.200.4.1 128.0.0.0
    Jun 18 05:58:11 openvpn 17430 /sbin/route add -net 10.2.10.254 10.200.4.1 255.255.255.255
    Jun 18 05:58:11 openvpn 17430 add_route_ipv6(2000::/3 -> 2001:db8:123::1 metric -1) dev ovpnc2
    Jun 18 05:58:11 openvpn 17430 /sbin/route add -inet6 2000::/3 -iface ovpnc2
    Jun 18 05:58:11 openvpn 17430 Initialization Sequence Completed



  • Check the "Don't pull routes" option in the client settings and set up routes yourself.



  • Ok, that's solved but ive followed almost every tutorial I can find and i cannot get traffic through this VPN. I've tried the Alias route, traffic leaves apparently but it looks like it dosent know how to get back. Infact every method I try looks that way. Traffic leaves the pipe and never comes back.

    I created the manual nat rules. I currently have the Alias setup. What am I Missing?