OpenVPN – How to Prevent OpenVPN from Clobbering Local Route

openvpnroutingUbuntuubuntu-10.10vpn

I have a local network on 192.168.1.0 with netmask 255.255.255.0. When I connect to a VPN though OpenVPN (as a client), it pushes a route for 192.168.1.0 that clobbers the existing one, making my local network inaccessible. I don't to access anything on 192.168.1.0 on the remote machine; I'd like to just ignore it, while accepting the other routes that are pushed. My client is Ubuntu 10.10.

How can I skip the one offending route?

Best Answer

Use the

--route-up --route-noexec

option in openvpn and completely ignore the routes being pushed to you, instead adding static routes to the specific hosts you want to access through the tunnel.

openvpn --route-noexec --route-up /tmp/myscript --config ./client.ovpn

where /tmp/myscript is

route add -host 192.168.1.69 gw ${route_net_gateway}

Something similar to that, I haven't actually tested this but it should work. You probably want to remove the routes when you disconnected as well.

Related Solutions

OpenVPN bridge: remote clients don’t see local

The most likely you forgot to enable forwarding. Add net.ipv4.ip_forward=1 to /etc/sysctl.conf, then sysctl -p or restart. Also try to add following to OpenVPN config:

server-bridge 172.20.200.2 255.255.255.0 172.20.200.100 172.20.200.200
push "route 172.20.200.0 255.255.255.0"

Note that adding interface to bridge, sets promisc flag appropriately. Bridge interface need not to be in promisc mode.

I got the same setup running, but on OpenSUSE, TAP interfaces are created during startup and OpenVPN just opens them - no start/stop script in OpenVPN.

Openvpn – How to Setup OpenVPN as Internet-Gateway and Connection between multiple Private networks on Virtualized Server

1Have you enabled IP forwarding?

sudo vi /etc/sysctl.conf #uncomment net.ipv4.ip_forward and set = 1

net.ipv4.ip_forward = 1

sudo sysctl -p

If you are using TUN then there is a tunnel IP address that your client has. The default pool is 10.8.1.0/24. Unless your router knows about the tunnel IPs and has routes for them, you need to masquerade (NAT) the IP addresses of the tunnels so that the OpenVPN Server will rewrite the source address to be itself. It seems like you may have this covered by your mention of routing 10.8.0.0/24.

sudo apt-get install iptables-persistent
sudo iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE
sudo sh -c 'iptables-save > /etc/iptables/rules.v4'

Best Answer

Related Solutions

OpenVPN bridge: remote clients don’t see local

Openvpn – How to Setup OpenVPN as Internet-Gateway and Connection between multiple Private networks on Virtualized Server

Related Topic