Issue with OpenVPN client and 0.0.0.0/1

Hi,

I’ve got a question about the standard OpenVPN client shipped with the GL distribution. I’m debugging this on a Mango but I don’t think it’s just related to that product.

I have a USB LTE modem that I’m tethering to on eth1 (it’s one of the USB modems that shows up as an Ethernet). I have a connection to OpenVPN Cloud that should provide split-horizon routing - i.e. the push routes from the VPN server should go out over the tunnel and everything else should go via eth1.

The problem I have is trying to get the OpenVPN client on the Mango to honour config settings. Right now, the client is installing the 0.0.0.0/1 route in the kernel route table with a metric of 0. That’s an issue because the OpenVPN cloud has to exit to the Internet - instant blackholing of traffic.

If I manually delete 0.0.0.0/1 from the CLI, everything springs to life. I tried to add “route-nopull” to the config but the client doesn’t appear to honour it. Nor any other type of route filtering instructions.

So, some questions

  1. Does the OpenVPN client support push filtering? If not, is there a list of what it does support? I’ve tried some of my usual config options but I always end up with a full push of routes, including 0.0.0.0/1
  2. If it doesn’t support push filtering, what’s the best way to fix this? I don’t have a lot of control over the server options here.

Cheers!

Scott…

I tried Openvpn cloud before but didn’t make it work. Need to try again.

Well, to be honest, there’s nothing really that special about OpenVPN Cloud. It’s just a standard OpenVPN server with some AWS network logistics and a nice web interface. Standard OpenVPN clients usually work just fine with it.

The issue I have is that I can’t get the OpenVPN client on the Mango to honor filtering in the ovpn config file and I’m trying to work out why. If I let it connect (and it does), it all basically works if I manually delete the 0.0.0.0/1 route that the client erroneously added. Just trying to work out how to dance around that.

Cheers

Scott…

OpenVPN server can config PUSH to client.

the client accept the PUSH, and set the client config.

client alse can filter the server PUSH config, in the client config, can as:

pull-filter ignore redirect-gateway
pull-filter ignore ‘route-ipv6’
pull-filter ignore ‘ifconfig-ipv6’

use the “pull filter” command