Site Navigation

Date:      Tue, 16 Jul 2013 20:15:03 +0200
From:      Pol Hallen <freebsdenml@fuckaround.org>
To:        freebsd-questions@freebsd.org
Subject:   openvpn routing
Message-ID:  <51E58DA7.1040709@fuckaround.org>

---

next in thread | raw e-mail | index | archive | help

---

Hi all :-)

This freebsd server in an internal lan server, IP 192.168.1.254.
192.168.1.212 is gateway on internet.

I've an easy config:

Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.212      UGS         0    31807    em0
10.20.10.0/24      10.20.10.2         UGS         0        0   tun0
10.20.10.1         link#5             UHS         0        0    lo0
10.20.10.2         link#5             UH          0        0   tun0
127.0.0.1          link#4             UH          0     3478    lo0
192.168.1.0/24     link#2             U           0    46116    em0
192.168.1.254      link#2             UHS         0        0    lo0

ifconfig

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
[...]
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        inet 10.20.10.1 --> 10.20.10.2 netmask 0xffffffff

Problem is: 10.20.10.2 is a gateway? why?

On clients I've this error:

OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and
no default was specified by either --route-gateway or --ifconfig options
Tue Jul 16 19:28:30 2013 us=860975 OpenVPN ROUTE: failed to parse/resolve
route for host/network: 10.20.10.0
Tue Jul 16 19:28:30 2013 us=861091 OpenVPN ROUTE: OpenVPN needs a gateway
parameter for a --route option and no default was specified by either
--route-gateway or --ifconfig options

openvpn server config:

port XXX
proto udp
dev tun
;dev-node tap0
ca /usr/local/etc/openvpn/XX.crt
cert /usr/local/etc/openvpn/XX.crt
key /usr/local/etc/openvpn/XX.key
dh /usr/local/etc/openvpn/dh2048.pem

server 10.20.10.0 255.255.255.0
push "route 10.20.10.0 255.255.255.0"

ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt 0

;duplicate-cn
keepalive 10 120
;cipher BF-CBC        # Blowfish (default)
;cipher AES-256-CBC   # AES
cipher DES-EDE3-CBC  # Triple-DES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
;status /var/log/openvpn-status.log
;log-append /var/log/openvpn.log
verb 10
mute 20
client-to-client
client-config-dir ccd "route 10.20.10.1 255.255.255.0"

ping-restart 0
tls-auth /usr/local/etc/openvpn/ta.key 0
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so login
#tmp-dir /dev/shm

Almost same config on linux openvpn server runs. It's the server that
create correct route. But on freebsd I've 10.20.10.2 like automatic gw.

Any idea?

thanks!

Pol

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51E58DA7.1040709>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact