What's new

384.13: Issue with route automatically generated for OpenVPN client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Bohdan

New Around Here
I am running an OpenVPN server with client config files for each client (clients are routers of my parents with networks behind them). These configs have IP addresses assigned to each common name.

On previous versions of the firmware, the real client IP addresses were taken into account when adding gateway entries to routing table, and now the client addresses are wrong which doesn't let me access the network behind the client unless I ssh into my router and remove wrong route and add a correct one like this:

Code:
route del -net 10.0.20 0 gw 10.8.0.2 netmask 255.255.255.0 dev tun21
route add -net 10.0.20.0 gw 10.8.0.102 netmask 255.255.255.0 dev tun21

Besides, all my clients are added with the same gateway IP: 10.8.0.2 while they have different IPs assigned in openvpn ccd files (10.8.0.101, 10.8.0.102 etc).

I think this is a bug. If not, please tell me what I could do wrong. I didn't touch the config for a long time and got this issue after Merlin firmware update to 384.12 or 384.13 (don't know exactly).

Thank you!
 
I don't have a solution to your problem but I'd guess that this was introduced in 384.12.

Code:
384.12 (22-June-2019)
  - CHANGED: Reworked handling of up/down events in OpenVPN.
             Server instance will now also use its own
             updown script, which will handle firing up
             openvpn-event (if present).
 
I am running an OpenVPN server with client config files for each client (clients are routers of my parents with networks behind them). These configs have IP addresses assigned to each common name.

On previous versions of the firmware, the real client IP addresses were taken into account when adding gateway entries to routing table, and now the client addresses are wrong which doesn't let me access the network behind the client unless I ssh into my router and remove wrong route and add a correct one like this:

Code:
route del -net 10.0.20 0 gw 10.8.0.2 netmask 255.255.255.0 dev tun21
route add -net 10.0.20.0 gw 10.8.0.102 netmask 255.255.255.0 dev tun21

Besides, all my clients are added with the same gateway IP: 10.8.0.2 while they have different IPs assigned in openvpn ccd files (10.8.0.101, 10.8.0.102 etc).

I think this is a bug. If not, please tell me what I could do wrong. I didn't touch the config for a long time and got this issue after Merlin firmware update to 384.12 or 384.13 (don't know exactly).

Thank you!
What @ColinTaylor says may be correct.

I recommend you create an /jffs/scripts/openvpn-event script and place the contents in the post link below inside openvpn-event:

https://www.snbforums.com/threads/f...lts-releases-v39e3.18914/page-238#post-294825

Then, create the file /jffs/scripts/vpnserver1-up and place the routing commands inside the file. Make sure you had the she-bang (#!/bin/sh) at the top and make it executable (chmod 755 vpnserver1-up). This will run the routing commands during vpn server start-up.
 
Last edited:
Thanks for the workaround advised. I've already had a openvpnserver1-client-connect script which was called by a "client-connect /jffs/scripts/openvpnserver1-client-connect" directive in custom config for OpenVPN server so I added those entries there.

Seems to do the trick for now. Thanks!
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top