OpenVPN client not adding default route

sharka · Dec 21, 2018, 9:18 PM

I have set up an OpenVPN client connection, which when active should be the default route. This works correctly when the connection is TCP but not when it is UDP. I have screenshots and logs. Client1 is the TCP and client2 UDP. Both configurations are identical except protocol and port.

The connection logs show mostly the same info with only 2 exceptions. The peer-id is always 0 for client 1 and varies for client2. The assigned IP address is in 10.7.0.0 address space for client1 and 10.8.0.0 for client 2. Both client connections generate this routing error: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system. However despite the error client1 adds the correct route info and client2 does not. One other difference is that prior to initiating the connection client 2 generates this error: write UDPv4: No route to host (code=65). This does not prevent the connection from completing, but seems odd.

Relevant lines from the logs and screenshots follow.

Client1

Attempting to establish TCP connection with [AF_INET] X.X.X.X
TLS: Initial packet from [AF_INET] X.X.X.X
Peer Connection Initiated with [AF_INET] X.X.X.X
SENT CONTROL [X.X.X.X]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.7.1.2 255.255.255.0,peer-id 0'
Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
OPTIONS IMPORT: LZO parms modified
OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Socket Buffers: R=[65392->524288] S=[65392->524288]
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
OPTIONS IMPORT: peer-id set
OPTIONS IMPORT: adjusting link_mtu to 1639
Could not retrieve default gateway from route socket:: No such process (errno=3)
ROUTE: default_gateway=UNDEF
TUN/TAP device ovpnc1 exists previously, keep at program end
TUN/TAP device /dev/tun1 opened
ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig ovpnc1 10.7.1.2 10.7.1.1 mtu 1500 netmask 255.255.255.0 up
/sbin/route add -net 10.7.1.0 10.7.1.1 255.255.255.0
/usr/local/sbin/ovpn-linkup ovpnc1 1500 1639 10.7.1.2 255.255.255.0 init
NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Initialization Sequence Completed

Client2

UDPv4 link remote: [AF_INET] X.X.X.X
write UDPv4: No route to host (code=65)
TLS: Initial packet from [AF_INET] X.X.X.X
Peer Connection Initiated with [AF_INET] X.X.X.X
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.8.1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.8.30 255.255.255.0,peer-id 43'
Option 'explicit-exit-notify' in [PUSH-OPTIONS]:5 is ignored by previous <connection> blocks
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: explicit notify parm(s) modified
OPTIONS IMPORT: LZO parms modified
OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Socket Buffers: R=[42080->524288] S=[57344->524288]
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
OPTIONS IMPORT: peer-id set
OPTIONS IMPORT: adjusting link_mtu to 1637
Could not retrieve default gateway from route socket:: No such process (errno=3)
ROUTE: default_gateway=UNDEF
TUN/TAP device ovpnc2 exists previously, keep at program end
TUN/TAP device /dev/tun2 opened
ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig ovpnc2 10.8.8.30 10.8.8.1 mtu 1500 netmask 255.255.255.0 up
/sbin/route add -net 10.8.8.0 10.8.8.1 255.255.255.0
/usr/local/sbin/ovpn-linkup ovpnc2 1500 1637 10.8.8.30 255.255.255.0 init
NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Initialization Sequence Completed

Derelict · Dec 22, 2018, 8:52 AM

OpenVPN does not set the default gateway like that.

It leaves the system's default gateway alone and inserts two routes:

0.0.0.0/1
128.0.0.0/1

This covers all traffic and is a longer netmask so it is controlling.

Undo whatever it is you did to make that default route go to ovpnc1 and let OpenVPN do what it's supposed to do.