OpenVPN route missing
Solution 1
Your client config mentions server-bridge
, so you are running a DHCP server which is bridged on the server-side. The DHCP server should provide the client with an IP address and a subnet. The client should then automatically route all traffic over this subnet through the VPN interface. I therefore think that your route
command is redundant and you can just as well remove it.
Also, you mention your network is 10.0.0.0/8
, but your config says push "route 10.0.0.1 255.255.0.0"
which is /16
.
You probably don't need to set a gateway if you don't route within 10.0.0.0/8
, and if you do you can set it using the DHCP server. Manually setting the IP address using ifconfig
should not be necessary either.
Solution 2
I'd look at 2 things. First, check your OpenVPN logs, that'll give you more information. I'm going from memory but I think it'll be in ~
.
Also, check the Ubuntu firewall settings to be sure that this traffic can get through.
iptables -L
That'll show you the current set of rules.
-- edit
Your log files show that you don't have a gateway defined. According to OpenVPN docs you need to create a config.ovpn
file and specify its location.
openvpn --config client.ovpn
You'll address the gateway issue by specifying the route, which is done by including these lines (updated to your network settings, of course). [Source]
ifconfig 10.0.X.X 255.255.255.0
route-gateway 10.0.0.1
Also, its considered bad form or a faux pas to post your question in two Stack Exchange forums.
Related videos on Youtube
dajuric
Updated on September 18, 2022Comments
-
dajuric over 1 year
I can connect to an OpenVPN server from Windows without any problems.
But when I try to connect from Ubuntu 12.04 (start OpenVPN) I receive the following:
OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
SERVER IP: 161.53.X.X internal network: 10.0.0.0 / 8
What I need to do ?
client configuration:
client dev tap proto udp remote 161.53.X.X 1194 resolv-retry infinite nobind ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo
verb 3 server conf:
local 161.53.X.X port 1194 proto udp dev tap dev-node OpenVPN ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem # DHCP leases addresses to clients server-bridge # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. push "route 10.0.0.1 255.255.0.0" client-to-client duplicate-cn keepalive 10 120 comp-lzo verb 6
log from Ubuntu client:
[Server] Peer Connection Initiated with [AF_INET]161.53.XX.XX:1194
SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.1 255.0.0.0,redirect-gateway def1,route-gateway dhcp,ping 10,ping-restart 120'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
ROUTE default_gateway=161.53.XX.1
OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.1
TUN/TAP device tap0 opened
TUN/TAP TX queue length set to 100
NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Initialization Sequence Completed
-
dajuric almost 11 yearsWhen I run iptables-L everything is accepted (there is no DROP rule).
-
dajuric almost 11 yearsWhy Windows client successfully extracts address from DHCP server and Linux client don't ? Is there something wrong with a gateway (do I need to tell the client what is gateway - look the log above) ?
-
Lenwood almost 11 yearsThis is most likely an configuration issue with your Ubuntu system. I doubt that it has anything to do with your network or the OpenVPN system itself. See my updated solution for more info.
-
dajuric almost 11 yearsYes, those instructions that you wrote say that I want to set my IP address. Right ? But my address need to be leased from DHCP. When a client is connected to a server, internal DHCP leases address for it. That works for Windows, but not for any Ubuntu that I have tried.
-
Lenwood almost 11 yearsThe gateway address will never change. For your network that should be
10.0.0.1
(according to your file above). For the computer's IP address, you have 2 ways to go. First, you could reserve an IP address for your Ubuntu machine (this is what I do for wifi printers on my network). Or second, you could write a script that detects your IP then updates this text file. If I were you I'd go with the first option. Choose an IP toward the end of the available range to ensure that there won't be any conflicts. Ubuntu is fantastic, but it can definitely take more effort to configure. -
dajuric about 10 yearsThank you! I already solved the problem, but still thank you for the answer.
-
Gustavo Rubio over 9 years@dajuric How did you solved it? I'm struggling myself too with OpenSuSE, same issue