Hello, I am trying to setup an openvpn link between 2 Assus routers:
- OpenVPN Server: RT-AC66U B1, firmware 3.0.0.4.386_40558
- OpenVPN Client: RT-AC66U, firmware 3.0.0.4.382_52287
Asus VPN Server is configured like following:
Send LAN to clients: yes
Direct clients to redirect Internet traffic: no
Manage client specific options: yes
Alow client <> client: yes
Alow only specified clients: no
Custom configuration:
push "route x.y.z.w 255.255.255.255"
On the Asus VPN client I get:
Jan 3 10:50:42 vpnclient5[13591]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.2.1,route x.y.z.w 255.255.255.255,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.10 10.8.0.9,peer-id 0,cipher AES-256-GCM'
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: route options modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: peer-id set
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: adjusting link_mtu to 1627
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: data channel crypto options modified
Jan 3 10:50:42 vpnclient5[13591]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jan 3 10:50:42 vpnclient5[13591]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jan 3 10:50:42 vpnclient5[13591]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jan 3 10:50:42 vpnclient5[13591]: TUN/TAP device tun15 opened
Jan 3 10:50:42 vpnclient5[13591]: TUN/TAP TX queue length set to 100
Jan 3 10:50:42 vpnclient5[13591]: /sbin/ifconfig tun15 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
Jan 3 10:50:42 vpnclient5[13591]: /etc/openvpn/ovpn-up tun15 1500 1555 10.8.0.10 10.8.0.9 init
Jan 3 10:50:42 vpnclient5[13591]: Initialization Sequence Completed
Routing table on Asus VPN client:
admin@RT-AC66U:/tmp/home/root# ip route
192.168.1.254 dev eth0 proto kernel scope link
10.8.0.9 dev tun15 proto kernel scope link src 10.8.0.10
192.168.4.0/24 dev br0 proto kernel scope link src 192.168.4.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.117
127.0.0.0/8 dev lo scope link
default via 192.168.1.254 dev eth0
admin@RT-AC66U:/tmp/home/root#
Route to x.y.z.w/32 is missing.
However, on an Android client is working just fine.
Also, on Windows 10 client is working just fine:
C:\Users\Kaze>route print
===========================================================================
Interface List
17...00 ff 6e 4c ff 47 ......TAP-Windows Adapter V9 for OpenVPN Connect
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.4.1 192.168.4.51 50
10.8.0.0 255.255.255.0 10.8.0.5 10.8.0.6 257
10.8.0.4 255.255.255.252 On-link 10.8.0.6 257
10.8.0.6 255.255.255.255 On-link 10.8.0.6 257
10.8.0.7 255.255.255.255 On-link 10.8.0.6 257
x.y.z.w 255.255.255.255 10.8.0.5 10.8.0.6 257
Additional question:
How do I pass default route on a per user basis?
Thank you!
- OpenVPN Server: RT-AC66U B1, firmware 3.0.0.4.386_40558
- OpenVPN Client: RT-AC66U, firmware 3.0.0.4.382_52287
Asus VPN Server is configured like following:
Send LAN to clients: yes
Direct clients to redirect Internet traffic: no
Manage client specific options: yes
Alow client <> client: yes
Alow only specified clients: no
Custom configuration:
push "route x.y.z.w 255.255.255.255"
On the Asus VPN client I get:
Jan 3 10:50:42 vpnclient5[13591]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.2.1,route x.y.z.w 255.255.255.255,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.10 10.8.0.9,peer-id 0,cipher AES-256-GCM'
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: route options modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: peer-id set
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: adjusting link_mtu to 1627
Jan 3 10:50:42 vpnclient5[13591]: OPTIONS IMPORT: data channel crypto options modified
Jan 3 10:50:42 vpnclient5[13591]: Data Channel: using negotiated cipher 'AES-256-GCM'
Jan 3 10:50:42 vpnclient5[13591]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jan 3 10:50:42 vpnclient5[13591]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jan 3 10:50:42 vpnclient5[13591]: TUN/TAP device tun15 opened
Jan 3 10:50:42 vpnclient5[13591]: TUN/TAP TX queue length set to 100
Jan 3 10:50:42 vpnclient5[13591]: /sbin/ifconfig tun15 10.8.0.10 pointopoint 10.8.0.9 mtu 1500
Jan 3 10:50:42 vpnclient5[13591]: /etc/openvpn/ovpn-up tun15 1500 1555 10.8.0.10 10.8.0.9 init
Jan 3 10:50:42 vpnclient5[13591]: Initialization Sequence Completed
Routing table on Asus VPN client:
admin@RT-AC66U:/tmp/home/root# ip route
192.168.1.254 dev eth0 proto kernel scope link
10.8.0.9 dev tun15 proto kernel scope link src 10.8.0.10
192.168.4.0/24 dev br0 proto kernel scope link src 192.168.4.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.117
127.0.0.0/8 dev lo scope link
default via 192.168.1.254 dev eth0
admin@RT-AC66U:/tmp/home/root#
Route to x.y.z.w/32 is missing.
However, on an Android client is working just fine.
Also, on Windows 10 client is working just fine:
C:\Users\Kaze>route print
===========================================================================
Interface List
17...00 ff 6e 4c ff 47 ......TAP-Windows Adapter V9 for OpenVPN Connect
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.4.1 192.168.4.51 50
10.8.0.0 255.255.255.0 10.8.0.5 10.8.0.6 257
10.8.0.4 255.255.255.252 On-link 10.8.0.6 257
10.8.0.6 255.255.255.255 On-link 10.8.0.6 257
10.8.0.7 255.255.255.255 On-link 10.8.0.6 257
x.y.z.w 255.255.255.255 10.8.0.5 10.8.0.6 257
Additional question:
How do I pass default route on a per user basis?
Thank you!