Can only push 24 routes to remote clients



  • Hi All

    Wondering if anyone has had a similar experience.  We are pushing several routes to our VPN clients. It seems once we go past 24 routes, i.e. try to add one more, OpenVPN just stops working.

    My routes list below:

    push "dhcp-option DOMAIN XXXX";
    push "dhcp-option DOMAIN YYYY";
    push "dhcp-option DOMAIN ZZZZ";
    push "dhcp-option DNS 10.1.1.2";
    push "route 10.1.0.0 255.255.0.0";
    push "route 10.2.0.0 255.255.0.0";
    push "route 10.6.0.0 255.255.0.0";
    push "route 192.168.4.0 255.255.255.0";
    push "route 10.100.1.0 255.255.255.0";
    push "route 10.100.0.0 255.255.255.0";
    push "route 129.41.4.153 255.255.255.255";
    push "route 128.135.181.28 255.255.255.255";
    push "route 194.199.164.10 255.255.255.255";
    push "route 140.234.29.20 255.255.255.255";
    push "route 208.215.179.155 255.255.255.255";
    push "route 129.41.4.153 255.255.255.255";
    push "route 193.131.119.37 255.255.255.255";
    push "route 208.215.179.155 255.255.255.255";
    push "route 83.169.87.81 255.255.255.255";
    push "route 140.234.29.33 255.255.255.255";
    push "route 194.199.164.7 255.255.255.255";
    push "route 129.41.23.161 255.255.255.255";
    push "route 128.232.233.5 255.255.255.255";
    push "route 129.41.4.140 255.255.255.255";
    push "route 150.229.72.10 255.255.255.255";
    push "route 133.40.7.53 255.255.255.255";
    push "route 84.18.184.151 255.255.255.255";
    push "route 193.128.223.19 255.255.255.255";
    no-replay;tun-mtu 1400;
    hand-window 120

    I want to add this : push "route 196.14.182.142 255.255.255.255"; but as soon as i do OpenVPN doesn't let remote users in anymore. My VPNClient log shows :

    Fri 06/19/09 02:04 PM: SENT CONTROL [firewall]: 'PUSH_REQUEST' (status=1)

    Which repeats over and over. If I remove the new route it connects fine.

    Is pushing more than 24 routes uncommon? Is this a limitation of OpenVPN? Any ideas/suggestions. Is this a bug?

    Thanks in advance
    Simon



  • If you google for
    "SENT CONTROL [firewall]: 'PUSH_REQUEST' (status=1)"
    you will find some posts on the OpenVPN mailinglist about
    "[Openvpn-users] Maximum length of –push buffer (1024) has been exceeded"

    It seems that this is a problem of OpenVPN.
    Not much you can do with pfSense about this unless it gets resolved in OpenVPN.

    If you google some more you might find a solution to this problem.
    (I didnt search for a solution).



  • Looks like this is addressed now in the latest version of OpenVPN.  Does anyone know when we might see this change in pfSense?  Or what steps are required to manually upgrade OpenVPN meanwhile?

    Here's an excerpt from a recent OpenVPN changelog:

    2009.05.30 – Version 2.1_rc17

    • Increased TLS_CHANNEL_BUF_SIZE to 2048 from 1024 (this will allow for
      more option content to be pushed from server to client).

Log in to reply