4. OpenVPN client not adding default route

OpenVPN client not adding default route

  • S

    I have set up an OpenVPN client connection, which when active should be the default route. This works correctly when the connection is TCP but not when it is UDP. I have screenshots and logs. Client1 is the TCP and client2 UDP. Both configurations are identical except protocol and port.

    The connection logs show mostly the same info with only 2 exceptions. The peer-id is always 0 for client 1 and varies for client2. The assigned IP address is in 10.7.0.0 address space for client1 and 10.8.0.0 for client 2. Both client connections generate this routing error: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system. However despite the error client1 adds the correct route info and client2 does not. One other difference is that prior to initiating the connection client 2 generates this error: write UDPv4: No route to host (code=65). This does not prevent the connection from completing, but seems odd.

    Relevant lines from the logs and screenshots follow.

    Client1

    Attempting to establish TCP connection with [AF_INET] X.X.X.X
    TLS: Initial packet from [AF_INET] X.X.X.X
    Peer Connection Initiated with [AF_INET] X.X.X.X
    SENT CONTROL [X.X.X.X]: 'PUSH_REQUEST' (status=1)
    PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.1.2 255.255.255.0,peer-id 0'
    Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
    OPTIONS IMPORT: timers and/or timeouts modified
    OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
    OPTIONS IMPORT: LZO parms modified
    OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
    Socket Buffers: R=[65392->524288] S=[65392->524288]
    OPTIONS IMPORT: --ifconfig/up options modified
    OPTIONS IMPORT: route options modified
    OPTIONS IMPORT: route-related options modified
    OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    OPTIONS IMPORT: peer-id set
    OPTIONS IMPORT: adjusting link_mtu to 1639
    Could not retrieve default gateway from route socket:: No such process (errno=3)
    ROUTE: default_gateway=UNDEF
    TUN/TAP device ovpnc1 exists previously, keep at program end
    TUN/TAP device /dev/tun1 opened
    ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    /sbin/ifconfig ovpnc1 10.7.1.2 10.7.1.1 mtu 1500 netmask 255.255.255.0 up
    /sbin/route add -net 10.7.1.0 10.7.1.1 255.255.255.0
    /usr/local/sbin/ovpn-linkup ovpnc1 1500 1639 10.7.1.2 255.255.255.0 init
    NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
    Initialization Sequence Completed

    Client2

    UDPv4 link remote: [AF_INET] X.X.X.X
    write UDPv4: No route to host (code=65)
    TLS: Initial packet from [AF_INET] X.X.X.X
    Peer Connection Initiated with [AF_INET] X.X.X.X
    PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.8.30 255.255.255.0,peer-id 43'
    Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
    OPTIONS IMPORT: timers and/or timeouts modified
    OPTIONS IMPORT: explicit notify parm(s) modified
    OPTIONS IMPORT: LZO parms modified
    OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
    Socket Buffers: R=[42080->524288] S=[57344->524288]
    OPTIONS IMPORT: --ifconfig/up options modified
    OPTIONS IMPORT: route options modified
    OPTIONS IMPORT: route-related options modified
    OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    OPTIONS IMPORT: peer-id set
    OPTIONS IMPORT: adjusting link_mtu to 1637
    Could not retrieve default gateway from route socket:: No such process (errno=3)
    ROUTE: default_gateway=UNDEF
    TUN/TAP device ovpnc2 exists previously, keep at program end
    TUN/TAP device /dev/tun2 opened
    ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    /sbin/ifconfig ovpnc2 10.8.8.30 10.8.8.1 mtu 1500 netmask 255.255.255.0 up
    /sbin/route add -net 10.8.8.0 10.8.8.1 255.255.255.0
    /usr/local/sbin/ovpn-linkup ovpnc2 1500 1637 10.8.8.30 255.255.255.0 init
    NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
    Initialization Sequence Completed

    0_1545424766243_ovpn1.png
    0_1545424781638_ovpn2.png

    0
  • LAYER 8 Netgate

    OpenVPN does not set the default gateway like that.

    It leaves the system's default gateway alone and inserts two routes:

    0.0.0.0/1
    128.0.0.0/1

    This covers all traffic and is a longer netmask so it is controlling.

    Undo whatever it is you did to make that default route go to ovpnc1 and let OpenVPN do what it's supposed to do.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy