I'm having real problems getting selective routing working. I'm only trying to route one machine at the moment over the VPN and the rest out of the WAN. in the gui I have:
http://picpaste.com/pics/Capture-MPco3CXZ.1447088278.PNG
and I see the following in the logs:
Nov 9 16:33:20 kernel: tun: Universal TUN/TAP device driver, 1.6
Nov 9 16:33:20 kernel: tun: (C) 1999-2004 Max Krasnyansky <
maxk@qualcomm.com>
Nov 9 16:33:20 openvpn[549]: OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 2 2015
Nov 9 16:33:20 openvpn[549]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Nov 9 16:33:20 openvpn[550]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 9 16:33:20 openvpn[550]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Nov 9 16:33:21 openvpn[550]: UDPv4 link local: [undef]
Nov 9 16:33:21 openvpn[550]: UDPv4 link remote: [AF_INET]62.212.73.52:1195
Nov 9 16:33:21 openvpn[550]: TLS: Initial packet from [AF_INET]62.212.73.52:1195, sid=76ef40e3 9d16ec7d
Nov 9 16:33:21 openvpn[550]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 9 16:33:21 openvpn[550]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=
me@myhost.mydomain
Nov 9 16:33:21 openvpn[550]: VERIFY OK: nsCertType=SERVER
Nov 9 16:33:21 openvpn[550]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, emailAddress=
me@myhost.mydomain
Nov 9 16:33:22 openvpn[550]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1546'
Nov 9 16:33:22 openvpn[550]: WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Nov 9 16:33:22 openvpn[550]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 9 16:33:22 openvpn[550]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 9 16:33:22 openvpn[550]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 9 16:33:22 openvpn[550]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 9 16:33:22 openvpn[550]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov 9 16:33:22 openvpn[550]: [server] Peer Connection Initiated with [AF_INET]62.212.73.52:1195
Nov 9 16:33:24 openvpn[550]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Nov 9 16:33:24 openvpn[550]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.10.30.1,topology subnet,ping 10,ping-restart 60,redirect-gateway def1,dhcp-option DNS 1.2.3.4,ifconfig 10.10.30.6 255.255.255.0'
Nov 9 16:33:24 openvpn[550]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Nov 9 16:33:24 openvpn[550]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Nov 9 16:33:24 openvpn[550]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 9 16:33:24 openvpn[550]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 9 16:33:24 openvpn[550]: OPTIONS IMPORT: route-related options modified
Nov 9 16:33:24 openvpn[550]: TUN/TAP device tun11 opened
Nov 9 16:33:24 openvpn[550]: TUN/TAP TX queue length set to 100
Nov 9 16:33:24 openvpn[550]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 9 16:33:24 openvpn[550]: /sbin/ifconfig tun11 10.10.30.6 netmask 255.255.255.0 mtu 1500 broadcast 10.10.30.255
Nov 9 16:33:26 openvpn-routing: Configuring policy rules for client 1
Nov 9 16:33:26 openvpn-routing: Creating VPN routing table
Nov 9 16:33:27 openvpn-routing: Added 192.168.1.249 to 0.0.0.0 through VPN to routing policy
Nov 9 16:33:27 openvpn-routing: Tunnel re-established, restoring WAN access to clients
Nov 9 16:33:27 openvpn-routing: Completed routing policy configuration
Nov 9 16:33:27 openvpn[550]: Initialization Sequence Completed
I'm not sure what I am missing as the log has the routing at the end? Any pointers?