Question regarding OpenVPN Server configuration

[Deetlemore]

I have an OpenVPN server configured and running on an AX86U Pro with firmware 3004.388.4, and I'm connecting to it using the OpenVPN for Android app. I have Advertise DNS to clients enabled, and when I connect the app log notes that both redirect-gateway and redirect-private are specified. I want all DNS traffic routed through the tunnel, so I believe redirect-gateway is what I want. How would I go about removing redirect-private, or is that even an issue? I looked through a few threads mentioning this log message but I'm still a novice with networking, so I'm a bit lost.

Everything seems to be routing through the VPN server as intended, I can access my PC remotely, IPV6 works, etc., so I may just be overthinking this.

 

[Deetlemore]

Something else that came to mind today, is there a way to access the configuration file for the server/router itself, say through SSH? I can at least confirm that there's no mention of either redirect in the client config file, so I'm assuming it's on the router side.

 

[ColinTaylor]

Show us the complete connection log from the client. I cannot find anywhere in the router's source code where the redirect-private option is used.

Try disabling IPv6 Server mode and see if that stops the message.

Something else that came to mind today, is there a way to access the configuration file for the server/router itself, say through SSH? I can at least confirm that there's no mention of either redirect in the client config file, so I'm assuming it's on the router side.

cat /etc/openvpn/server1/config.ovpn

 

[Deetlemore]

Disabling IPV6 gets rid of the redirect message. I guess I shouldn't be suprised given how funky everything seems to interact with IPV6.

I attached the client log since it was too big to fit in a post

I took a screenshot of the server's config as well:

 

[ColinTaylor]

This is just a guess because I have no way of testing IPv6, but I think the "redirect-private" part of the message is a red herring.

I think that the relevant part is "or the same option multiple times". Which is referring to the fact that the server is pushing the "def1" flag twice. In other words, it's just a warning and can be ignored.

 

[Deetlemore]

Being that I'm not seeing any DNS leaks, and things are routing as intended, you're probably right. I shouldn't have fixated on the redirect-private part. Thanks for taking the time to help!