siddhartha
New Around Here
It seems to me that if it's not considered an issue to fix permanently in the firmware, then it can just be an option "Add [server] route to these clients:"
Does this same issue occur running an IPsec server and L2TP client concurrently? I can't test this out myself as own AC68U.
Very nice script. I have been adding the route using vpnserverX-up script. Since I run wireguard as well, I have the same for wg2X-up script. Your approach is much nicer and requires basically no further editing if I were going to turn up another ovpn client. Will try out your script and see how to fit it into wireguard perspective as well.Not likely.
Remember, the OP was using PBR (policy based routing) for his local OpenVPN client. And given the way PBR is implemented, it creates an alternate routing table for those clients bound to the local OpenVPN client. And the alternate routing table is always initialized based on the contents of the main routing table AT THE TIME the OpenVPN client was established. If the OpenVPN server is started *after* the OpenVPN client, its network interface makes it into the main routing (as always), but NOT the alternate routing table. Hence, those clients bound to the local OpenVPN client via PBR are unreachable by clients of the OpenVPN server (and vice versa). They don't have the necessary routes in their alternate routing table to communicate with each other.
It's a timing problem. And my script corrects it by monitoring the start of any OpenVPN server, and copying its network interface into the alternate routing table of any active OpenVPN clients.
So if you're NOT using PBR (whether one developed for OpenVPN or some other VPN client), then you're unlikely to have the same thing happen, since everything is likely using the same and only main routing table.
#add route for tun21 remote dial-in to access hosts routed to other vpn client
ip route del "$ovpn_server1_subnet" dev tun21 table ovpnc1 2>/dev/null
ip route del "$ovpn_server1_subnet" dev tun21 table ovpnc3 2>/dev/null
ip route del "$ovpn_server1_subnet" dev tun21 table 121 2>/dev/null
ip route del "$ovpn_server1_subnet" dev tun21 table 122 2>/dev/null
ip route add "$ovpn_server1_subnet" dev tun21 table ovpnc1
ip route add "$ovpn_server1_subnet" dev tun21 table ovpnc3
ip route add "$ovpn_server1_subnet" dev tun21 table 121
ip route add "$ovpn_server1_subnet" dev tun21 table 122
#!/bin/sh
[ -s /jffs/scripts/x3mRouting/openvpn-event ] && sh /jffs/scripts/x3mRouting/openvpn-event $@
@eibgrad, would you help to look into my openvpn-event script? The script already exists so I have to manually add it in. I am not able to paste it here so I try to put it in pastebin.
original /jffs/scripts/openvpn-event:
Code:#!/bin/sh [ -s /jffs/scripts/x3mRouting/openvpn-event ] && sh /jffs/scripts/x3mRouting/openvpn-event $@
original /jffs/scripts/x3mRouting/openvpn-event
/jffs/scripts/x3mRouting/openvpn-event - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.pastebin.com
I try to add your script into /jffs/scripts/x3mRouting/openvpn-event. I have no idea how the lock portion works so I temporarily omitted this part in my draft. I am also not sure if this is ok as I have duplicate some part for table 12x for wireguardvpn client. Here is my draft:
draft /jffs/scripts/x3mRouting/openvpn-event - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.pastebin.com
SCRIPT_DIR='/jffs/scripts/merlin-ovpn-sync-routes-66726'
SCRIPT="$SCRIPT_DIR/openvpn-event"
mkdir -p $SCRIPT_DIR
mv /jffs/scripts/openvpn-event /jffs/scripts/openvpn-event.bak
curl -kLs pastebin.com/raw/kTThBV46 | tr -d '\r' | sh
mv /jffs/scripts/openvpn-event $SCRIPT_DIR
mv /jffs/scripts/openvpn-event.bak /jffs/scripts/openvpn-event
echo '[ -s '$SCRIPT' ] && sh '$SCRIPT' $@' >> /jffs/scripts/openvpn-event
:
Thank you so much @eibgrad. This is very neat and working very well.It's probably best to follow the pattern established by x3mRouting and just have the openvpn-event script call my script after calling the x3mRouting script.
Bash:SCRIPT_DIR='/jffs/scripts/merlin-ovpn-sync-routes-66726' SCRIPT="$SCRIPT_DIR/openvpn-event" mkdir -p $SCRIPT_DIR mv /jffs/scripts/openvpn-event /jffs/scripts/openvpn-event.bak curl -kLs pastebin.com/raw/kTThBV46 | tr -d '\r' | sh mv /jffs/scripts/openvpn-event $SCRIPT_DIR mv /jffs/scripts/openvpn-event.bak /jffs/scripts/openvpn-event echo '[ -s '$SCRIPT' ] && sh '$SCRIPT' $@' >> /jffs/scripts/openvpn-event :
192.168.50.151 10.99.0.0/24 WAN
192.168.50.0/24 10.99.0.0/24 WAN
curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s kTThBV46
/jffs/scripts/merlin-ovpn-sync-routes.sh
/jffs/scripts/openvpn-event
rm -f /jffs/scripts/merlin-ovpn-sync-routes.sh
rm -f /jffs/scripts/openvpn-event
FYI. According to Merlin, this problem will be fixed in the next release, thus eliminating the need for this fixup.
- FIXED: OpenVPN clients wouldn't get updated routing tables
if an OpenVPN server was stopped/started while an
OpenVPN client was connected
With today's 386.7_2 release, I notice release notes say:-
Code:- FIXED: OpenVPN clients wouldn't get updated routing tables if an OpenVPN server was stopped/started while an OpenVPN client was connected
Has the need for your script now gone away @eibgrad ?
Or is that another issue and I'm way off target?
Of course, until I've had a chance to verify it fixes it completely, I'll hold off on saying it's no longer needed.
Thanks @eibgrad , await your investigations with interest.
As always, thank you for your endeavours for our collective benefit, it's much appreciated.
So starting w/ 386.7_2, you should be able to eliminate my script.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!