OVPN Server-Provided routes with policy-based (strict) routing

[marelit]

Hello everyone,

I have an OVPN server which pushes routes to local subnets via "route 192.168.x.0 255.255.255.0" when a client connects.

Now I've set up my 86U as a client and it accepts the routes (they show up in the routing table). Now I wanted to start policy based routing (strict) again, but then suddenly the routes will be dropped. I've used the feature before and was wondering what was going on, because I remembered them to stick around with policy based routing turned on.

I read through various threads and the changelog and found that with 384.9 there was a change:

No longer accept any server-provided route when OpenVPN client set to Policy (Strict).

So my question is how can I restore the old behavior? Because I need access to the pushed subnets from the whole LAN and not only from the policy routed devices (they on the other hand have all traffic going through the tunnel compared to normal LAN devices).

Thank you in advance!

 

[RMerlin]

So my question is how can I restore the old behavior?

Use Policy Mode instead of Policy Mode (Strict).

 

[marelit]

Use Policy Mode instead of Policy Mode (Strict).

I forgot to mention this, but even without "strict" the routes won't show up in the routing table and I cannot ping the subnets.

 

[marelit]

Or put differently: Is there any option to have the OVPN route initialization independent of the policy-based routing?

 

[RMerlin]

They are independent. OpenVPN does its own stuff, and afterward policy mode runs on top of it, removing the default catch-all rule (redirections to 0.0.0.0), and adding any new rule defined my the user. It won't touch any other server-pushed rule.

You can also fully customize things using an openvpn-event script.

 

[marelit]

Thank you @RMerlin! I now solved it via customizing the openvpn-event script by adding the routes manually there.