OpenVPN config routes

Umberto · Post by **Umberto** » Thu Apr 13, 2023 2:06 pm

Hello everyone!
how to allow the user to write his own routes in the ovpn client config?
Now we have:
SecureNAT
...
string DhcpGatewayAddress 0.0.0.0
string DhcpPushRoutes 192.168.1.0/255.255.255.0/192.168.30.1
...
We need: inet via user gw, office lan via vpn, user defined IPs (in ovpn config) via vpn
Is it possible?

solo · Post by **solo** » Fri Apr 14, 2023 12:08 am

Hi, yes, the user could run a client script with static routes or could connect to a separate VPN hub with modified DhcpPushRoutes.

Umberto · Post by **Umberto** » Fri Apr 14, 2023 9:37 am

Hi, thanks for the answer! I do modify DhcpPushRoutes (and it works) but the same user`s routes on client`s side doesnt work as if it was firewall on softether server (connection timeout or smtng like that). What`s wrong with my server?)

solo · Post by **solo** » Fri Apr 14, 2023 12:26 pm

Then let the user connect to a second special-user@VPN2 hub with extra DhcpPushRoutes, whereas everybody else connects to the default VPN hub as usual.

Umberto · Post by **Umberto** » Fri Apr 14, 2023 2:19 pm

Users say this way to call me every day) We need to make routes at home PCs (by URL)

Umberto · Post by **Umberto** » Fri Apr 14, 2023 2:22 pm

One more question: How to route 0.0.0.0 mask 0.0.0.0 traffic to home GW when DhcpGatewayAddress is defined (like string DhcpGatewayAddress 192.168.30.1)? I tried a lot and couldn`t understand it, only special hosts and nets.

solo · Post by **solo** » Fri Apr 14, 2023 10:52 pm

Override 0.0.0.0/0.0.0.0 with eg:

Code: Select all

Network Destination        Netmask          Gateway      Interface  
            0.0.0.0        128.0.0.0    10.244.18.1      10.244.18.125    
          128.0.0.0        128.0.0.0    10.244.18.1      10.244.18.125

Umberto · Post by **Umberto** » Mon Apr 17, 2023 8:00 am

Hi!

The part of my ovpn file:

route 0.0.0.0 128.0.0.0 net_gateway
route 128.0.0.0 128.0.0.0 net_gateway

part of user connection log:

2023-04-17 10:42:24 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.2.14
2023-04-17 10:42:24 Route addition via service succeeded
2023-04-17 10:42:24 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.2.14
2023-04-17 10:42:24 Route addition via service succeeded
2023-04-17 10:42:24 MANAGEMENT: >STATE:1681717344,ADD_ROUTES,,,,,,
2023-04-17 10:42:24 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.88.1 METRIC 291
2023-04-17 10:42:24 Route addition via service succeeded
2023-04-17 10:42:24 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.88.1 METRIC 291
2023-04-17 10:42:24 Route addition via service succeeded
2023-04-17 10:42:24 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.2.14 METRIC 291
2023-04-17 10:42:24 Route addition via service succeeded

new ip: 10.8.2.13
home gw: 192.168.88.1
"route print":

0.0.0.0 0.0.0.0 192.168.88.1 192.168.88.254 35
0.0.0.0 128.0.0.0 10.8.2.14 10.8.2.13 291
0.0.0.0 128.0.0.0 192.168.88.1 192.168.88.254 326
10.8.2.12 255.255.255.252 On-link 10.8.2.13 291
10.8.2.13 255.255.255.255 On-link 10.8.2.13 291
10.8.2.15 255.255.255.255 On-link 10.8.2.13 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 10.8.2.14 10.8.2.13 291
128.0.0.0 128.0.0.0 192.168.88.1 192.168.88.254 326
192.168.88.0 255.255.255.0 On-link 192.168.88.254 291
192.168.88.254 255.255.255.255 On-link 192.168.88.254 291
192.168.88.255 255.255.255.255 On-link 192.168.88.254 291
195.94.254.200 255.255.255.255 192.168.88.1 192.168.88.254 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.88.254 291
224.0.0.0 240.0.0.0 On-link 10.8.2.13 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.88.254 291
255.255.255.255 255.255.255.255 On-link 10.8.2.13 291

BUT first hop in "tracert google.com" is "10.8.2.1"
What wrong am I doing???)))

solo · Post by **solo** » Mon Apr 17, 2023 10:06 am

0.0.0.0 128.0.0.0 10.8.2.14 10.8.2.13 291
0.0.0.0 128.0.0.0 192.168.88.1 192.168.88.254 326
128.0.0.0 128.0.0.0 10.8.2.14 10.8.2.13 291
128.0.0.0 128.0.0.0 192.168.88.1 192.168.88.254 326

Don't use it twice (or do prioritize metric).

Umberto · Post by **Umberto** » Mon Apr 17, 2023 12:24 pm

Solo, thank you very mach, you are the best))))
Yes, that moment I have duplicated 0.0.0.0 network to push from server and in ovpn client conf.

The metter was in metrics.
Now I have the defined DhcpGatewayAddress, no push routes and part of client ovpn conf:

route 0.0.0.0 128.0.0.0 net_gateway 100
route 128.0.0.0 128.0.0.0 net_gateway 100
route 192.168.1.0 255.255.255.0 vpn_gateway 101
route whatismyip.com 255.255.255.255 vpn_gateway 101

Now thinking how to push "net_gateway" from server...

Umberto · Post by **Umberto** » Mon Apr 17, 2023 5:25 pm

How to push

route 0.0.0.0 128.0.0.0 net_gateway 2
route 128.0.0.0 128.0.0.0 net_gateway 2

from softether server?)

solo · Post by **solo** » Tue Apr 18, 2023 1:08 am

Consider a different approach. In ovpn client config add:

Code: Select all

route-nopull
route 192.168.1.0 255.255.255.0
#route...
#route...

Umberto · Post by **Umberto** » Tue Apr 18, 2023 11:09 am

works but no dns from server

Umberto · Post by **Umberto** » Mon Apr 24, 2023 9:03 am

Hi!
The solution was to leave default gateway in SecureNAT configuration with pushing static route for office network with

Code: Select all

pull-filter ignore redirect-gateway

in OVPN user file.
Also now user can write

Code: Select all

route myip.com

But they write a little more then I expected)))

OpenVPN config routes

OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes

Re: OpenVPN config routes