[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] No gateway/default route set on openvpn client.

  • Subject: [Openvpn-users] No gateway/default route set on openvpn client.
  • From: Elmar Athmer <linux@xxxxxxxxxxxxxxxx>
  • Date: Tue, 24 Jul 2007 11:47:36 +0200


I'm trying to secure my WLAN (WEP) with openvpn, but openvpn doesn't set
the default route. If I add the default route manually the internet
access from WLAN clients works as desired.
The (OpenVPN) Server is an OpenBSD-Box, with 3 NICs.
fxp0 ( for normal access from the OpenBSD Box to LAN.
ath0 ( WLAN access point, openvpn server listens on this
tun0 and dc0 are bridg0 (bridges for openvpn clients accessing the LAN).
Maybe I should mention: tun devices on openbsd can also work like
tap-devices on other OSs.

What works: The client (atm moment Debian sid, later Windows XP and
FreeBSD clients follow) connects to the AP gets an IP from
the DHCP Server on the OpenBSD Box (e.g., connects to
openvpn server, tap0 is set up with IP So I still have to
do a "route add default gw".
So I tried to put the OpenBSD in server mode (mode server, tls-server,
ifconfig-pool-persist and server-bridge commented out) to get an IP from
the DHCP Server. But then I must manually execute "dhclient tap0", and
because the tap device always changes the MAC-address, I can't assign a
fixed IP adress, so I can't mount nfs-devices. And I would like to deny
unknown clients on the dhcp server, and restrict internet access-mac
based (I'll have to think about howto do this excactly when OpenVPN
works as desired).
I thought about scripts to connect via openvpn, but I would like to have
all the config in OpenVPN, since the clients will be different OSs (and
I would have to find out first how to set a default route, and writing
scripts etc. on Windows :-P).

When connecting, I get these messages:
PUSH_REPLY,route-gateway,ping 10,ping-restart 120,ifconfig
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
TUN/TAP device tap0 opened
/sbin/ifconfig tap0 netmask mtu 1500

On serverside:
PUSH: Received control message: 'PUSH_REQUEST'
client1/ SENT CONTROL [client1]:
'PUSH_REPLY,route-gateway,ping 10,ping-restart 120,ifconfig' (status=1)

So, long description (hope it's exact enough), here's my config:

port 1194
proto udp
dev tun0
dev-type tap
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
user _openvpn
group _openvpn
status openvpn-status.log
verb 3

dev tap
proto udp
remote 1194
resolv-retry infinite
user nobody
group nogroup
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
verb 3

So I hope anybody can help me (or I'm just doing a very stupid mistake)

Thanks in advance


Openvpn-users mailing list