[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Anyone seen this little beastie issue - Routes assigned to Improper Interface.


  • Subject: Re: [Openvpn-users] Anyone seen this little beastie issue - Routes assigned to Improper Interface.
  • From: Colin Ryan <colinr@xxxxxxxx>
  • Date: Sun, 21 Oct 2007 07:20:42 -0400

Ok folks just to share the information I think  I've determined a likely 
cause for this:

*User Installed OVPN on Vista.
*User sets the Run as Administrator properties in the Compatibility Tab
* But then Forgets to this first time to also then actually "Run as 
Administrator"
*VPN Starts/Connects
*IP's established
*Then as we all now the route assignment fails (now don't ask my why I'm 
then seeing the route at all) I'll have to double check next time I see 
this)

So the system is ends up setting up the route based upon the systems 
default which would be through the systems own interfaces not through 
the TAP interface so one ends up with:

<target> <netmask> <TAP GW> <Systems Interface IP>

* A reboot seems to clear it up and from now on for some reason the "Run 
as Administrator" seems to stick.

Anyone out there figured out what needs/can be done about building a 
distro that meets whatever criteria needed for  M$ to allow the escalations.

Thx

Colin Ryan wrote:
> 3rd Vista machine now I've seen this occur on
>
> Anyone else see this or am I smoking something
>
> Again in summary the pushed routes are getting directed to the wrong 
> IP/Interface.
>
> e.g.
> Route print is showing:
>
> <remote network> <netmask of remote network> <Tap Gateway IP> <Local 
> Machines IP>
>
> instead of
>
> <remote network> <netmask of remote  network> <Tap Gateway IP> <Tap IP>
>
> Thx
>
>
> Colin Ryan wrote:
>   
>> Hey folks,
>>
>> Any ideas. I've seen this issue a second time now.
>>
>> Colin Ryan wrote:
>>   
>>     
>>> Server is 2.0.9 on Linux.
>>> Client is 2.1rc2.
>>>
>>> Standard configuration that works on XP and On my Test Vista.
>>>
>>> But on some production machines the following occurs:
>>>
>>> * Yes running "Run as Administrator".
>>> * OPVPN connects just fine, get's its IP just fine, set's routes just fine.
>>> * Local Area IP is 192.168.2.7
>>> * VPN Subnets are 10.25.1.x
>>> * Remote network is 172.21.1.0
>>>
>>> BUT.
>>>
>>> The routes are getting assigned to the wrong Interface, i.e. the LAN 
>>> Interface not the TAP interface.
>>>
>>> So the routing Table ends up looking like:
>>>
>>> 172.21.1.0     255.255.255.0      10.25.1.5    192.168.2.7
>>>
>>> where it should be and I can manually change it to be:
>>>
>>> 172.21.1.0 255.255.255.0 10.25.1.5   10.25.1.6
>>>
>>> by deleting the first route and adding it back like
>>>
>>> route add 172.21.1.0 255.255.255.0 10.25.1.5 metric 2 int 16
>>>
>>> where 16 is the Interface Index for the Tap Driver.
>>>
>>> Any idea's I've never seen this before.
>>>
>>> C
>>>
>>>
>>>
>>> -------------------------------------------------------------------------
>>> This SF.net email is sponsored by: Splunk Inc.
>>> Still grepping through log files to find problems?  Stop.
>>> Now Search log events and configuration files using AJAX and a browser.
>>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>>> _______________________________________________
>>> Openvpn-users mailing list
>>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>>   
>>>     
>>>       
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>> _______________________________________________
>> Openvpn-users mailing list
>> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>   
>>     
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users