mad_ady
Regular Contributor
I'm using openvpn on RMerlin's ASUS firmware (v 384.5) as a client (client1) with a ovpn config which pushes a route:
The client connects correctly to the openvpn server, however, the route is not installed into the router's routing table (connection output with IP changed):
Based on the output, it doesn't even try to install the route.
If I install it manually, it works:
Any ideas where I should start looking into why the route isn't added on connection?
Thanks
Code:
push "route 192.168.100.0 255.255.255.0"
The client connects correctly to the openvpn server, however, the route is not installed into the router's routing table (connection output with IP changed):
Code:
Nov 22 15:01:44 ovpn-client1[3272]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 12 2018
Nov 22 15:01:44 ovpn-client1[3272]: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.08
Nov 22 15:01:44 ovpn-client1[3273]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 22 15:01:44 ovpn-client1[3273]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 22 15:01:44 ovpn-client1[3273]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 22 15:01:45 ovpn-client1[3273]: TCP/UDP: Preserving recently used remote address: [AF_INET]5.12.133.169:1194
Nov 22 15:01:45 ovpn-client1[3273]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 22 15:01:45 ovpn-client1[3273]: UDP link local: (not bound)
Nov 22 15:01:45 ovpn-client1[3273]: UDP link remote: [AF_INET]1.2.3.4:1194
Nov 22 15:01:45 ovpn-client1[3273]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Nov 22 15:01:45 ovpn-client1[3273]: TLS: Initial packet from [AF_INET]1.2.3.4:1194, sid=761b1e37 6800fc5c
Nov 22 15:01:45 ovpn-client1[3273]: VERIFY OK: depth=1, CN=Easy-RSA CA
Nov 22 15:01:45 ovpn-client1[3273]: VERIFY KU OK
Nov 22 15:01:45 ovpn-client1[3273]: Validating certificate extended key usage
Nov 22 15:01:45 ovpn-client1[3273]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 22 15:01:45 ovpn-client1[3273]: VERIFY EKU OK
Nov 22 15:01:45 ovpn-client1[3273]: VERIFY OK: depth=0, CN=server
Nov 22 15:01:45 ovpn-client1[3273]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov 22 15:01:45 ovpn-client1[3273]: [server] Peer Connection Initiated with [AF_INET]5.12.133.169:1194
Nov 22 15:01:46 ovpn-client1[3273]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Nov 22 15:01:46 ovpn-client1[3273]: PUSH: Received control message: 'PUSH_REPLY,route 172.20.20.1,topology net30,ping 10,ping-restart 120,ifconfig 172.20.20.14 172.20.20.13,peer-id 0,cipher AES-256-GCM'
Nov 22 15:01:46 ovpn-client1[3273]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 22 15:01:46 ovpn-client1[3273]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 22 15:01:46 ovpn-client1[3273]: OPTIONS IMPORT: route options modified
Nov 22 15:01:46 ovpn-client1[3273]: OPTIONS IMPORT: peer-id set
Nov 22 15:01:46 ovpn-client1[3273]: OPTIONS IMPORT: adjusting link_mtu to 1624
Nov 22 15:01:46 ovpn-client1[3273]: OPTIONS IMPORT: data channel crypto options modified
Nov 22 15:01:46 ovpn-client1[3273]: Data Channel: using negotiated cipher 'AES-256-GCM'
Nov 22 15:01:46 ovpn-client1[3273]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 22 15:01:46 ovpn-client1[3273]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 22 15:01:46 ovpn-client1[3273]: TUN/TAP device tun11 opened
Nov 22 15:01:46 ovpn-client1[3273]: TUN/TAP TX queue length set to 100
Nov 22 15:01:46 ovpn-client1[3273]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Nov 22 15:01:46 ovpn-client1[3273]: /usr/sbin/ip link set dev tun11 up mtu 1500
Nov 22 15:01:46 ovpn-client1[3273]: /usr/sbin/ip addr add dev tun11 local 172.20.20.14 peer 172.20.20.13
Nov 22 15:01:48 ovpn-client1[3273]: /usr/sbin/ip route add 172.20.20.1/32 via 172.20.20.13
Nov 22 15:01:49 ovpn-client1[3273]: GID set to nobody
Nov 22 15:01:49 ovpn-client1[3273]: UID set to nobody
Nov 22 15:01:49 ovpn-client1[3273]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 22 15:01:49 ovpn-client1[3273]: Initialization Sequence Completed
Based on the output, it doesn't even try to install the route.
If I install it manually, it works:
Code:
route add -net 192.168.100.0/24 dev tun11
Any ideas where I should start looking into why the route isn't added on connection?
Thanks