1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

384.13: Issue with route automatically generated for OpenVPN client

Discussion in 'Asuswrt-Merlin' started by Bohdan, Aug 25, 2019.

Tags:
  1. Bohdan

    Bohdan New Around Here

    Joined:
    Nov 24, 2014
    Messages:
    4
    I am running an OpenVPN server with client config files for each client (clients are routers of my parents with networks behind them). These configs have IP addresses assigned to each common name.

    On previous versions of the firmware, the real client IP addresses were taken into account when adding gateway entries to routing table, and now the client addresses are wrong which doesn't let me access the network behind the client unless I ssh into my router and remove wrong route and add a correct one like this:

    Code:
    route del -net 10.0.20 0 gw 10.8.0.2 netmask 255.255.255.0 dev tun21
    route add -net 10.0.20.0 gw 10.8.0.102 netmask 255.255.255.0 dev tun21
    Besides, all my clients are added with the same gateway IP: 10.8.0.2 while they have different IPs assigned in openvpn ccd files (10.8.0.101, 10.8.0.102 etc).

    I think this is a bug. If not, please tell me what I could do wrong. I didn't touch the config for a long time and got this issue after Merlin firmware update to 384.12 or 384.13 (don't know exactly).

    Thank you!
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,269
    Location:
    UK
    I don't have a solution to your problem but I'd guess that this was introduced in 384.12.

    Code:
    384.12 (22-June-2019)
      - CHANGED: Reworked handling of up/down events in OpenVPN.
                 Server instance will now also use its own
                 updown script, which will handle firing up
                 openvpn-event (if present).
     
  3. Xentrk

    Xentrk Part of the Furniture

    Joined:
    Jul 21, 2016
    Messages:
    2,405
    Location:
    The Land of Smiles
    What @ColinTaylor says may be correct.

    I recommend you create an /jffs/scripts/openvpn-event script and place the contents in the post link below inside openvpn-event:

    https://www.snbforums.com/threads/f...lts-releases-v39e3.18914/page-238#post-294825

    Then, create the file /jffs/scripts/vpnserver1-up and place the routing commands inside the file. Make sure you had the she-bang (#!/bin/sh) at the top and make it executable (chmod 755 vpnserver1-up). This will run the routing commands during vpn server start-up.
     
    Last edited: Aug 26, 2019
    royarcher likes this.
  4. Bohdan

    Bohdan New Around Here

    Joined:
    Nov 24, 2014
    Messages:
    4
    Thanks for the workaround advised. I've already had a openvpnserver1-client-connect script which was called by a "client-connect /jffs/scripts/openvpnserver1-client-connect" directive in custom config for OpenVPN server so I added those entries there.

    Seems to do the trick for now. Thanks!
     
    Xentrk likes this.