Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client not adding default route

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sharka
      last edited by

      I have set up an OpenVPN client connection, which when active should be the default route. This works correctly when the connection is TCP but not when it is UDP. I have screenshots and logs. Client1 is the TCP and client2 UDP. Both configurations are identical except protocol and port.

      The connection logs show mostly the same info with only 2 exceptions. The peer-id is always 0 for client 1 and varies for client2. The assigned IP address is in 10.7.0.0 address space for client1 and 10.8.0.0 for client 2. Both client connections generate this routing error: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system. However despite the error client1 adds the correct route info and client2 does not. One other difference is that prior to initiating the connection client 2 generates this error: write UDPv4: No route to host (code=65). This does not prevent the connection from completing, but seems odd.

      Relevant lines from the logs and screenshots follow.

      Client1

      Attempting to establish TCP connection with [AF_INET] X.X.X.X
      TLS: Initial packet from [AF_INET] X.X.X.X
      Peer Connection Initiated with [AF_INET] X.X.X.X
      SENT CONTROL [X.X.X.X]: 'PUSH_REQUEST' (status=1)
      PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.1.2 255.255.255.0,peer-id 0'
      Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
      OPTIONS IMPORT: timers and/or timeouts modified
      OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
      OPTIONS IMPORT: LZO parms modified
      OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
      Socket Buffers: R=[65392->524288] S=[65392->524288]
      OPTIONS IMPORT: --ifconfig/up options modified
      OPTIONS IMPORT: route options modified
      OPTIONS IMPORT: route-related options modified
      OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      OPTIONS IMPORT: peer-id set
      OPTIONS IMPORT: adjusting link_mtu to 1639
      Could not retrieve default gateway from route socket:: No such process (errno=3)
      ROUTE: default_gateway=UNDEF
      TUN/TAP device ovpnc1 exists previously, keep at program end
      TUN/TAP device /dev/tun1 opened
      ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
      do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      /sbin/ifconfig ovpnc1 10.7.1.2 10.7.1.1 mtu 1500 netmask 255.255.255.0 up
      /sbin/route add -net 10.7.1.0 10.7.1.1 255.255.255.0
      /usr/local/sbin/ovpn-linkup ovpnc1 1500 1639 10.7.1.2 255.255.255.0 init
      NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
      Initialization Sequence Completed

      Client2

      UDPv4 link remote: [AF_INET] X.X.X.X
      write UDPv4: No route to host (code=65)
      TLS: Initial packet from [AF_INET] X.X.X.X
      Peer Connection Initiated with [AF_INET] X.X.X.X
      PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.8.30 255.255.255.0,peer-id 43'
      Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
      OPTIONS IMPORT: timers and/or timeouts modified
      OPTIONS IMPORT: explicit notify parm(s) modified
      OPTIONS IMPORT: LZO parms modified
      OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
      Socket Buffers: R=[42080->524288] S=[57344->524288]
      OPTIONS IMPORT: --ifconfig/up options modified
      OPTIONS IMPORT: route options modified
      OPTIONS IMPORT: route-related options modified
      OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      OPTIONS IMPORT: peer-id set
      OPTIONS IMPORT: adjusting link_mtu to 1637
      Could not retrieve default gateway from route socket:: No such process (errno=3)
      ROUTE: default_gateway=UNDEF
      TUN/TAP device ovpnc2 exists previously, keep at program end
      TUN/TAP device /dev/tun2 opened
      ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
      do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      /sbin/ifconfig ovpnc2 10.8.8.30 10.8.8.1 mtu 1500 netmask 255.255.255.0 up
      /sbin/route add -net 10.8.8.0 10.8.8.1 255.255.255.0
      /usr/local/sbin/ovpn-linkup ovpnc2 1500 1637 10.8.8.30 255.255.255.0 init
      NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
      Initialization Sequence Completed

      0_1545424766243_ovpn1.png
      0_1545424781638_ovpn2.png

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        OpenVPN does not set the default gateway like that.

        It leaves the system's default gateway alone and inserts two routes:

        0.0.0.0/1
        128.0.0.0/1

        This covers all traffic and is a longer netmask so it is controlling.

        Undo whatever it is you did to make that default route go to ovpnc1 and let OpenVPN do what it's supposed to do.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.