openvpn routing

Pol Hallen freebsdenml at fuckaround.org
Tue Jul 16 18:09:52 UTC 2013 

Hi all :-)

This freebsd server in an internal lan server, IP 192.168.1.254.
192.168.1.212 is gateway on internet.

I've an easy config:

Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.212      UGS         0    31807    em0
10.20.10.0/24      10.20.10.2         UGS         0        0   tun0
10.20.10.1         link#5             UHS         0        0    lo0
10.20.10.2         link#5             UH          0        0   tun0
127.0.0.1          link#4             UH          0     3478    lo0
192.168.1.0/24     link#2             U           0    46116    em0
192.168.1.254      link#2             UHS         0        0    lo0

ifconfig

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
[...]
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        inet 10.20.10.1 --> 10.20.10.2 netmask 0xffffffff

Problem is: 10.20.10.2 is a gateway? why?

On clients I've this error:

OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and
no default was specified by either --route-gateway or --ifconfig options
Tue Jul 16 19:28:30 2013 us=860975 OpenVPN ROUTE: failed to parse/resolve
route for host/network: 10.20.10.0
Tue Jul 16 19:28:30 2013 us=861091 OpenVPN ROUTE: OpenVPN needs a gateway
parameter for a --route option and no default was specified by either
--route-gateway or --ifconfig options

openvpn server config:

port XXX
proto udp
dev tun
;dev-node tap0
ca /usr/local/etc/openvpn/XX.crt
cert /usr/local/etc/openvpn/XX.crt
key /usr/local/etc/openvpn/XX.key
dh /usr/local/etc/openvpn/dh2048.pem

server 10.20.10.0 255.255.255.0
push "route 10.20.10.0 255.255.255.0"

ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt 0

;duplicate-cn
keepalive 10 120
;cipher BF-CBC        # Blowfish (default)
;cipher AES-256-CBC   # AES
cipher DES-EDE3-CBC  # Triple-DES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
;status /var/log/openvpn-status.log
;log-append /var/log/openvpn.log
verb 10
mute 20
client-to-client
client-config-dir ccd "route 10.20.10.1 255.255.255.0"

ping-restart 0
tls-auth /usr/local/etc/openvpn/ta.key 0
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login
#tmp-dir /dev/shm

Almost same config on linux openvpn server runs. It's the server that
create correct route. But on freebsd I've 10.20.10.2 like automatic gw.

Any idea?

thanks!

Pol

More information about the freebsd-questions mailing list