I have a new gl ar750S router.
I set up the openvpn server on the router. Then exported the client file and massaged it for my system and started the client. It’s looking good except for some reason the tun interface destination is not the vpn server end of the tunnel’s ip. (i.e. 10.8.0.1)
instead the destination is the same as the client end of the tunnel :(.
tun4: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.2
which really should be
tun4: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.2 netmask 255.255.255.0 destination 10.8.0.1
I have several openvpn clients talking to openvpn servers (running opnsense). On that opnsense router I can specify the server’s tunnel ip (usually .1) and in my corresponding client tunnel you see the destination is the other side of the tunnel as it should be.
tun3: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.12.0.2 netmask 255.255.255.255 destination 10.12.0.1
so until I resolve this I can’t ping the server end of the tunnel (10.8.0.1) nor anything on the 750s network (192.168.8.0/24)
Is there a way to see/edit the actual openvpn server file beyond the web interface that has only a limited number of setttings??
if I try to set the ip of the server to 10.8.0.1 it reports an error and resets to 10.8.0.0.
the client ovpn file I am using.
client dev tun4 # disable force all traffic into tunnel pull-filter ignore "redirect-gateway" proto udp # change to public ip when installed remote xxx.xxx.xxx.xxx port 1194 resolv-retry infinite persist-key persist-tun auth SHA256 cipher AES-256-GCM comp-lzo adaptive verb 3 script-security 3 keepalive 10 60 ifconfig 10.8.0.2 10.8.0.1 up ./routes/192.168.8.0 <ca> -----BEGIN CERTIFICATE----- ...
partial log of client
Fri Mar 26 10:41:41 2021 TUN/TAP device tun4 opened Fri Mar 26 10:41:41 2021 TUN/TAP TX queue length set to 100 Fri Mar 26 10:41:41 2021 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Fri Mar 26 10:41:41 2021 /sbin/ip link set dev tun4 up mtu 1500 Fri Mar 26 10:41:41 2021 /sbin/ip addr add dev tun4 10.8.0.2/24 broadcast 10.8.0.255 Fri Mar 26 10:41:41 2021 ./routes/192.168.8.0 tun4 1500 1553 10.8.0.2 255.255.255.0 init Fri Mar 26 10:41:41 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Mar 26 10:41:41 2021 Initialization Sequence Completed
route table looks good except for destination which for 192.168.8.0 network which should be 10.8.0.1 not 10.8.0.2 which is coming from the wrong tunnel interface destination.
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun4
192.168.8.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun4
found some server logs.
Fri Mar 26 16:37:21 2021 daemon.notice openvpn: OpenVpn client/10.0.0.1:1194 PUSH: Received control message: 'PUSH_REQUEST' Fri Mar 26 16:37:21 2021 daemon.notice openvpn: OpenVpn client/10.0.0.1:1194 SENT CONTROL [OpenVpn client]: 'PUSH_REPLY,persist-key,persist-tun,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1) Fri Mar 26 16:39:26 2021 daemon.notice openvpn: OpenVpn client/10.0.0.1:1194 TLS: new session incoming connection from [AF_INET]10.0.0.1:1194 Fri Mar
the push reply seems ok but why is client not getting 10.8.0.1 as route-gateway??. Can I get it to not push that ifconfig command?? Would also like to remove the redirect-gateway command. Bascially how can I have more control over the openvpn server settings.