Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN client not adding default route

    OpenVPN
    2
    2
    1335
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sharka last edited by

      I have set up an OpenVPN client connection, which when active should be the default route. This works correctly when the connection is TCP but not when it is UDP. I have screenshots and logs. Client1 is the TCP and client2 UDP. Both configurations are identical except protocol and port.

      The connection logs show mostly the same info with only 2 exceptions. The peer-id is always 0 for client 1 and varies for client2. The assigned IP address is in 10.7.0.0 address space for client1 and 10.8.0.0 for client 2. Both client connections generate this routing error: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system. However despite the error client1 adds the correct route info and client2 does not. One other difference is that prior to initiating the connection client 2 generates this error: write UDPv4: No route to host (code=65). This does not prevent the connection from completing, but seems odd.

      Relevant lines from the logs and screenshots follow.

      Client1

      Attempting to establish TCP connection with [AF_INET] X.X.X.X
      TLS: Initial packet from [AF_INET] X.X.X.X
      Peer Connection Initiated with [AF_INET] X.X.X.X
      SENT CONTROL [X.X.X.X]: 'PUSH_REQUEST' (status=1)
      PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.1.2 255.255.255.0,peer-id 0'
      Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
      OPTIONS IMPORT: timers and/or timeouts modified
      OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
      OPTIONS IMPORT: LZO parms modified
      OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
      Socket Buffers: R=[65392->524288] S=[65392->524288]
      OPTIONS IMPORT: --ifconfig/up options modified
      OPTIONS IMPORT: route options modified
      OPTIONS IMPORT: route-related options modified
      OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      OPTIONS IMPORT: peer-id set
      OPTIONS IMPORT: adjusting link_mtu to 1639
      Could not retrieve default gateway from route socket:: No such process (errno=3)
      ROUTE: default_gateway=UNDEF
      TUN/TAP device ovpnc1 exists previously, keep at program end
      TUN/TAP device /dev/tun1 opened
      ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
      do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      /sbin/ifconfig ovpnc1 10.7.1.2 10.7.1.1 mtu 1500 netmask 255.255.255.0 up
      /sbin/route add -net 10.7.1.0 10.7.1.1 255.255.255.0
      /usr/local/sbin/ovpn-linkup ovpnc1 1500 1639 10.7.1.2 255.255.255.0 init
      NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
      Initialization Sequence Completed

      Client2

      UDPv4 link remote: [AF_INET] X.X.X.X
      write UDPv4: No route to host (code=65)
      TLS: Initial packet from [AF_INET] X.X.X.X
      Peer Connection Initiated with [AF_INET] X.X.X.X
      PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.8.30 255.255.255.0,peer-id 43'
      Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
      OPTIONS IMPORT: timers and/or timeouts modified
      OPTIONS IMPORT: explicit notify parm(s) modified
      OPTIONS IMPORT: LZO parms modified
      OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
      Socket Buffers: R=[42080->524288] S=[57344->524288]
      OPTIONS IMPORT: --ifconfig/up options modified
      OPTIONS IMPORT: route options modified
      OPTIONS IMPORT: route-related options modified
      OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      OPTIONS IMPORT: peer-id set
      OPTIONS IMPORT: adjusting link_mtu to 1637
      Could not retrieve default gateway from route socket:: No such process (errno=3)
      ROUTE: default_gateway=UNDEF
      TUN/TAP device ovpnc2 exists previously, keep at program end
      TUN/TAP device /dev/tun2 opened
      ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
      do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      /sbin/ifconfig ovpnc2 10.8.8.30 10.8.8.1 mtu 1500 netmask 255.255.255.0 up
      /sbin/route add -net 10.8.8.0 10.8.8.1 255.255.255.0
      /usr/local/sbin/ovpn-linkup ovpnc2 1500 1637 10.8.8.30 255.255.255.0 init
      NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
      Initialization Sequence Completed

      0_1545424766243_ovpn1.png
      0_1545424781638_ovpn2.png

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        OpenVPN does not set the default gateway like that.

        It leaves the system's default gateway alone and inserts two routes:

        0.0.0.0/1
        128.0.0.0/1

        This covers all traffic and is a longer netmask so it is controlling.

        Undo whatever it is you did to make that default route go to ovpnc1 and let OpenVPN do what it's supposed to do.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy