Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: OpenVPN routing problem

  1. #1
    Join Date
    Jan 2020
    Location
    Zagreb, HR
    Posts
    6

    Default OpenVPN routing problem

    Hi

    I have problem connecting from OpenSuse(public wifi) to my OpenVPN Server(Home).
    I am struggling with this for weeks. I can connect from my phone(4G) so I know server side is good.

    Thanks in advance for help.

    My net before OpenVpn
    Code:
    ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    2: p6p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
        link/ether 98:e7:43:04:53:da brd ff:ff:ff:ff:ff:ff
    3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether ac:d5:64:57:36:2d brd ff:ff:ff:ff:ff:ff
        inet 10.1.215.115/16 brd 10.1.255.255 scope global dynamic noprefixroute wlp2s0
           valid_lft 82121sec preferred_lft 82121sec
        inet6 fe80::ef35:860b:4b4:b330/64 scope link noprefixroute 
           valid_lft forever preferred_lft forever
    Code:
    ip route show
    default via 10.1.0.1 dev wlp2s0 proto dhcp metric 600 
    10.1.0.0/16 dev wlp2s0 proto kernel scope link src 10.1.215.115 metric 600
    Trying to connect to OpenVpn I get "/bin/ip route add 0.0.0.0/1 via 192.168.1.1
    Error: Nexthop has invalid gateway."

    Code:
     # openvpn client.ovpn 
    Sat Apr  4 20:56:22 2020 us=382609 ROUTE_GATEWAY 10.1.0.1/255.255.0.0 IFACE=wlp2s0 HWADDR=ac:d5:64:57:36:2d
    Sat Apr  4 20:56:22 2020 us=383248 TUN/TAP device tap0 opened
    Sat Apr  4 20:56:22 2020 us=383373 TUN/TAP TX queue length set to 100
    Sat Apr  4 20:56:22 2020 us=383480 /bin/ip route add 0.0.0.0/1 via 192.168.1.1
    Error: Nexthop has invalid gateway.
    Sat Apr  4 20:56:22 2020 us=393040 ERROR: Linux route add command failed: external program exited with error status: 2
    Sat Apr  4 20:56:22 2020 us=393142 /bin/ip route add 128.0.0.0/1 via 192.168.1.1
    Error: Nexthop has invalid gateway.
    Sat Apr  4 20:56:22 2020 us=396435 ERROR: Linux route add command failed: external program exited with error status: 2
    Sat Apr  4 20:56:22 2020 us=396610 Initialization Sequence Completed
    ^CSat Apr  4 20:56:32 2020 us=41464 event_wait : Interrupted system call (code=4)
    Sat Apr  4 20:56:32 2020 us=41959 TCP/UDP: Closing socket
    Sat Apr  4 20:56:32 2020 us=42118 /bin/ip route del 0.0.0.0/1
    RTNETLINK answers: No such process
    Sat Apr  4 20:56:32 2020 us=44742 ERROR: Linux route delete command failed: external program exited with error status: 2
    Code:
     ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    2: p6p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
        link/ether 98:e7:43:04:53:da brd ff:ff:ff:ff:ff:ff
    3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether ac:d5:64:57:36:2d brd ff:ff:ff:ff:ff:ff
        inet 10.1.215.115/16 brd 10.1.255.255 scope global dynamic noprefixroute wlp2s0
           valid_lft 81438sec preferred_lft 81438sec
        inet6 fe80::ef35:860b:4b4:b330/64 scope link noprefixroute 
           valid_lft forever preferred_lft forever
    13: tap0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 100
        link/ether b6:4c:ad:87:4f:30 brd ff:ff:ff:ff:ff:ff
    Code:
    ip route show
    default via 10.1.0.1 dev wlp2s0 proto dhcp metric 600 
    10.1.0.0/16 dev wlp2s0 proto kernel scope link src 10.1.215.115 metric 600

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,263
    Blog Entries
    1

    Default Re: OpenVPN routing problem

    Is your openSUSE client connecting via NetworkManager?
    openSUSE Leap 15.1; KDE Plasma 5

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,263
    Blog Entries
    1

    Default Re: OpenVPN routing problem

    I notice from inspecting the log snippet you shared that the tap0 interface is not brought up and no address assigned. I'd expect to see something like the following evident....
    Code:
    /sbin/ip link set dev tap0 up mtu 1500
    /sbin/ip addr add dev tap0 10.8.0.4/24 broadcast 10.8.0.255
    BTW, from the reference to 192.168.1.1 in your output, I assume that you're using 192.168.1.0/24 tunnelling addresses?
    openSUSE Leap 15.1; KDE Plasma 5

  4. #4
    Join Date
    Jan 2020
    Location
    Zagreb, HR
    Posts
    6

    Default Re: OpenVPN routing problem

    Hi deano_ferrari,

    thank you very much for help.

    Yes I am using NetworkManager as network client. (but I am open to suggestions)
    And I expect to get IP from that range 192.168.1.0/24.
    gw should be my router 192.168.1.1

    There is no tap0 interface until I start openvpn connection.
    Code:
    # ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    2: p6p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
        link/ether 98:e7:43:04:53:da brd ff:ff:ff:ff:ff:ff
    3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether ac:d5:64:57:36:2d brd ff:ff:ff:ff:ff:ff
        inet 10.1.215.115/16 brd 10.1.255.255 scope global dynamic noprefixroute wlp2s0
           valid_lft 85137sec preferred_lft 85137sec
        inet6 fe80::ef35:860b:4b4:b330/64 scope link noprefixroute 
           valid_lft forever preferred_lft forever
    Than I start openvpn connection. I have tried what you suggested, bringing UP tap0 and adding route.
    tap0 is UP route is there but I cant ping 192.168.1.1. In shell where I have started openvpn connection there is nothing new(routing/connecting) after adding route.
    Code:
    # ip route show
    default via 10.1.0.1 dev wlp2s0 proto dhcp metric 600 
    10.1.0.0/16 dev wlp2s0 proto kernel scope link src 10.1.215.115 metric 600 
    10.8.0.0/24 dev tap0 proto kernel scope link src 10.8.0.4
    
    #ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    2: p6p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
        link/ether 98:e7:43:04:53:da brd ff:ff:ff:ff:ff:ff
    3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether ac:d5:64:57:36:2d brd ff:ff:ff:ff:ff:ff
        inet 10.1.215.115/16 brd 10.1.255.255 scope global dynamic noprefixroute wlp2s0
           valid_lft 85246sec preferred_lft 85246sec
        inet6 fe80::ef35:860b:4b4:b330/64 scope link noprefixroute 
           valid_lft forever preferred_lft forever
    8: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
        link/ether b6:4c:ad:87:4f:30 brd ff:ff:ff:ff:ff:ff
        inet 10.8.0.4/24 brd 10.8.0.255 scope global tap0
           valid_lft forever preferred_lft forever
    
    #ping 192.168.1.1
    PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
    ^C
    --- 192.168.1.1 ping statistics ---
    7 packets transmitted, 0 received, 100% packet loss, time 6113ms

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,263
    Blog Entries
    1

    Default Re: OpenVPN routing problem

    Quote Originally Posted by Kumulus View Post
    Hi deano_ferrari,

    thank you very much for help.

    Yes I am using NetworkManager as network client. (but I am open to suggestions)
    And I expect to get IP from that range 192.168.1.0/24.
    gw should be my router 192.168.1.1
    Ok, thanks for confirming. The 10.8.0.0/24 is the default openVPN range, so my example was based on that.

    There is no tap0 interface until I start openvpn connection.
    Yes, that is to be expected.

    Ordinarily, this should all be taken care of automatically of course, but reading online there seem to be a few who are impacted similarly and resulting in the gateway error you were getting.

    Since you're using 192.168.1.0/24, you could try assigning tap0 with 192.168.1.4 (for example) or whatever your server config should have pushed...
    Code:
    /sbin/ip link set dev tap0 up mtu 1500
    /sbin/ip addr add dev tap0 192.168.1.4/24 broadcast 192.168.1.255
    openSUSE Leap 15.1; KDE Plasma 5

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,263
    Blog Entries
    1

    Default Re: OpenVPN routing problem

    BTW, some users have found that adding a route delay helps if using DHCP for the tunnel addressing. It is explained here

    Reference:
    https://openvpn.net/community-resour...r-openvpn-2-4/
    –route-delay [n] [w]
    Delay n seconds (default=0) after connection establishment, before adding routes. If n is 0, routes will be added immediately upon connection establishment. If –route-delay is omitted, routes will be added immediately after TUN/TAP device open and –up script execution, before any –user or –group privilege downgrade (or –chroot execution.)This option is designed to be useful in scenarios where DHCP is used to set tap adapter addresses. The delay will give the DHCP handshake time to complete before routes are added.
    So, you could try adding a 4 second delay to your client config and see if that makes a difference with providing time to get the tap0 address and subsequent routing in place...
    Code:
    route-delay 4
    Last edited by deano_ferrari; 05-Apr-2020 at 13:43.
    openSUSE Leap 15.1; KDE Plasma 5

  7. #7
    Join Date
    Jan 2020
    Location
    Zagreb, HR
    Posts
    6

    Default Re: OpenVPN routing problem

    It`s working !

    Man you are genius !
    You don`t have a clue for how long I was fighting with this before I opened a thread.
    Thank you so much.
    Code:
    ip route show
    default via 10.1.0.1 dev wlp2s0 proto dhcp metric 600 
    10.1.0.0/16 dev wlp2s0 proto kernel scope link src 10.1.215.115 metric 600 
    89.164.111.100 via 10.1.0.1 dev wlp2s0 
    192.168.1.0/24 dev tap0 proto kernel scope link src 192.168.1.4
    Code:
    ip addr show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    2: p6p1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
        link/ether 98:e7:43:04:53:da brd ff:ff:ff:ff:ff:ff
    3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether ac:d5:64:57:36:2d brd ff:ff:ff:ff:ff:ff
        inet 10.1.215.115/16 brd 10.1.255.255 scope global dynamic noprefixroute wlp2s0
           valid_lft 81256sec preferred_lft 81256sec
        inet6 fe80::ef35:860b:4b4:b330/64 scope link noprefixroute 
           valid_lft forever preferred_lft forever
    4: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
        link/ether b6:4c:ad:87:4f:30 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.4/24 brd 192.168.1.255 scope global tap0
           valid_lft forever preferred_lft forever
    Code:
    ping 192.168.1.1
    PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
    64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=14.7 ms
    64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=4.74 ms
    64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=5.29 ms
    64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=5.52 ms
    64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=8.16 ms
    64 bytes from 192.168.1.1: icmp_seq=6 ttl=64 time=5.40 ms
    ^C
    --- 192.168.1.1 ping statistics ---
    6 packets transmitted, 6 received, 0% packet loss, time 5008ms
    rtt min/avg/max/mdev = 4.738/7.301/14.696/3.483 ms
    I will now try with delay setup in server.. and be right back.

  8. #8
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    21,263
    Blog Entries
    1

    Default Re: OpenVPN routing problem

    Quote Originally Posted by Kumulus View Post
    It`s working !

    Man you are genius !
    You don`t have a clue for how long I was fighting with this before I opened a thread.
    Thank you so much.
    Glad to have been of assistance. The manual commands are only a workaround, but at least it provides a means to have a working VPN tunnel for now. Hopefully the route delay will do the trick to having it work automatically.
    openSUSE Leap 15.1; KDE Plasma 5

  9. #9
    Join Date
    Jan 2020
    Location
    Zagreb, HR
    Posts
    6

    Default Re: OpenVPN routing problem

    Unfortunately its not working when I add "route-delay 4" (or 10 )to client config.
    What can I do now to make it permanent.

    I just dont understand why I can add route manually but not thru client config.
    Is he pushing right routes ?
    Code:
     ERROR: Nexthop has invalid gateway. ERROR: Linux route add command failed: external program exited with error status: 2
    Code:
    TUN/TAP device tap0 opened
    Mon Apr  6 22:13:20 2020 us=902000 TUN/TAP TX queue length set to 100
    Mon Apr  6 22:13:24 2020 us=370196 /bin/ip route add 89.164.xxx.yyy/32 via 10.1.0.1
    Mon Apr  6 22:13:24 2020 us=371619 /bin/ip route add 0.0.0.0/1 via 192.168.1.1
    Error: Nexthop has invalid gateway.
    Mon Apr  6 22:13:24 2020 us=372822 ERROR: Linux route add command failed: external program exited with error status: 2
    Mon Apr  6 22:13:24 2020 us=372861 /bin/ip route add 128.0.0.0/1 via 192.168.1.1
    Error: Nexthop has invalid gateway.

  10. #10
    Join Date
    Jan 2020
    Location
    Zagreb, HR
    Posts
    6

    Default Re: OpenVPN routing problem

    This is my client config
    Code:
    dev tap
    persist-tun
    persist-key
    cipher AES-256-CBC
    ncp-disable
    auth SHA512
    tls-client
    client
    resolv-retry infinite
    remote my-name.org 1194 udp
    route-gateway 192.168.1.1
    remote server 1194
    lport 0
    verify-x509-name "OpenVpn Server" name
    remote-cert-tls server
    #fragment 0
    #float
    comp-lzo adaptive
    tun-mtu 1500
    auth-nocache
    route-delay 10
    verb 4
    When I remove route-gateway 192.168.1.1 from config I get
    Code:
    NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •