OpenVPN assign wrong Interface

mhamidawad · January 15, 2022, 11:37am

Hello,
I installed openvpn in openwrt 18 and all is fine, but it assign wrong interface, I tried to delay route by (route-delay 40)
but it didnt fix it

this is route before manual correction:

 0.0.0.0/1 via 10.8.0.5 dev tun0
default via 192.168.1.11 dev eth0.2 proto static src 192.168.1.13 metric 1
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
18.x.x.x via 192.168.1.11 dev br-lan
128.0.0.0/1 via 10.8.0.5 dev tun0
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.1.0/24 dev eth0.2 proto static scope link metric 1

I fix this by :
ip route del 18.x.x.xgw 192.168.1.11
ip route add 18.x.x.x gw 192.168.1.11 dev eth0.2

the ip route after correction :

0.0.0.0/1 via 10.8.0.5 dev tun0
default via 192.168.1.11 dev eth0.2 proto static src 192.168.1.13 metric 1
10.8.0.1 via 10.8.0.5 dev tun0
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6
18.x.x.x via 192.168.1.11 dev eth0.2
128.0.0.0/1 via 10.8.0.5 dev tun0
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.1.0/24 dev eth0.2 proto static scope link metric 1

here is my client config

##############################################
# Sample client-side OpenVPN 2.0 config file #
clien
;dev tap
dev tun
proto udp
remote 18.x.x.x 1194
resolv-retry infinite
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

#ca ca.crt
#cert client.crt
#key client.key
remote-cert-tls server
;tls-auth ta.key 1
;cipher x
cipher AES-128-CBC
auth SHA256
key-direction 1
route-delay 40
comp-lzo
#redirect-gateway def1
#push "redirect-gateway def1"
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
script-security 2
up /etc/openvpn/client.sh
down /etc/openvpn/client.sh
#up /etc/openvpn/adjust.sh
#down /etc/openvpn/adjust.sh`

18.x.x.x is my OpenVPN remote server

how can I fix this
Regards,

mhamidawad · January 15, 2022, 2:03pm

from log

Sat Jan 15 13:59:52 2022 daemon.info dnsmasq[9822]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Sat Jan 15 13:59:52 2022 daemon.info dnsmasq-dhcp[9822]: read /etc/ethers - 0 addresses
Sat Jan 15 14:00:28 2022 daemon.notice openvpn(myAmazoneusa)[9533]: /sbin/route add -net 18.x.x.x netmask 255.255.255.255 gw 192.168.1.11
Sat Jan 15 14:00:28 2022 daemon.notice openvpn(myAmazoneusa)[9533]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Sat Jan 15 14:00:28 2022 daemon.notice openvpn(myAmazoneusa)[9533]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Sat Jan 15 14:00:28 2022 daemon.notice openvpn(myAmazoneusa)[9533]: /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Sat Jan 15 14:00:28 2022 daemon.notice openvpn(myAmazoneusa)[9533]: GID set to nogroup
Sat Jan 15 14:00:28 2022 daemon.notice openvpn(myAmazoneusa)[9533]: UID set to nobody
Sat Jan 15 14:00:28 2022 daemon.warn openvpn(myAmazoneusa)[9533]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 15 14:00:28 2022 daemon.notice openvpn(myAmazoneusa)[9533]: Initialization Sequence Completed

trendy · January 15, 2022, 5:35pm

You have conflict of networks, you cannot have the same subnet in both lan and wan. Change lan to 192.168.2.1/24.

mhamidawad · January 15, 2022, 8:11pm

oh my fault

regards

system · January 25, 2022, 8:12pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.