Openvpn - connection established - no IP assigned - solved

pallago · April 22, 2019, 2:44pm

Dear all,
I have an ubuntu server where openvpn is installed and an OpenWrt Client. I can successfully connect from the client to the server. However, no tun0 interface is created automatically. If I manually add the required tun0 interface in the Webbrowser or /etc/config/network the tun0 interface is visible but no IP address is assigned to it. Furthermore, I see some errors when I try to connect from the client to the server like "vpn_gateway undefined". First I tried with an conf file where I used the same on a raspberry successfully before. I also modified the /etc/config/openvpn file and "translated" the settings from the conf file. Here are the configurations and outputs:

# Server
port 1196
proto udp
dev tun1
mode server
tls-server
ca /etc/openvpn/keys/ca+subca.pem
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
ifconfig 10.2.0.1 10.2.0.2
push "route 192.168.0.0 255.255.255.0 vpn_gateway 5"
push "route 192.168.183.0 255.255.255.0 vpn_gateway 5"
push "route 192.168.1.0 255.255.255.0 vpn_gateway 10"
push "route 192.168.184.0 255.255.255.0 vpn_gateway 10"
push "route 10.0.0.0 255.255.255.0 vpn_gateway 5"
push "route 10.0.100.0 255.255.255.0 vpn_gateway 5"
push "route 10.0.1.0 255.255.255.0 vpn_gateway 10"
push "route 10.0.101.0 255.255.255.0 vpn_gateway 10"
client-config-dir ccd
route 192.168.178.0 255.255.255.0
route 192.168.3.0 255.255.255.0
push "dhcp-option DOMAIN local"
push "dhcp-option DOMAIN box"
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret
cipher AES-256-CBC   # AES
auth SHA512
remote-cert-tls client
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
script-security 2
crl-verify /etc/openvpn-ca/keys/crl.pem
tun-mtu 1432
mssfix 1392

# Client

client
dev tun0
proto udp
remote MYDOMAIN 1196
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/keys/ca+subca.pem
cert /etc/openvpn/keys/client.crt
key /etc/openvpn/keys/client.key
remote-cert-tls server
tls-auth /etc/openvpn/keys/ta.key 1
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3
tun-mtu 1432

Output when running the openvpn client.conf command:

Mon Apr 22 16:15:53 2019 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Apr 22 16:15:53 2019 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.101.0
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.1.0
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.100.0
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.0
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.184.0
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.183.0
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: vpn_gateway undefined
Mon Apr 22 16:15:53 2019 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.0.0
Mon Apr 22 16:15:53 2019 TUN/TAP device tun0 opened
Mon Apr 22 16:15:53 2019 TUN/TAP TX queue length set to 100
Mon Apr 22 16:15:53 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Apr 22 16:15:53 2019 Initialization Sequence Completed

vgaetera · April 22, 2019, 2:58pm

sed -i -e "
/^ifconfig/s/^/#/
\$a server 10.2.0.0 255.255.255.0
\$a topology subnet
" vpnserver.conf

anon50098793 · April 22, 2019, 6:16pm

(edit ignore this)

push "route 192.168.0.0 255.255.255.0 10.2.0.1 5"
push "route 192.168.183.0 255.255.255.0 10.2.0.1 5"

etc.

dev tun

vgaetera · April 22, 2019, 6:19pm

@anon50098793, vpn_gateway is a valid value:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

anon50098793 · April 22, 2019, 6:22pm

i see.....

vpn_gateway -- The remote VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

two fixes

you could try with ip here too....
remote MYDOMAIN 1196

pallago · April 25, 2019, 12:05pm

Thank you very much for your input. I figured out where the problem was: I created a new certificate for the client with a different name than before, let's say client2. But I forgot to rename the /etc/openvpn/ccd/client file to /etc/openvpn/ccd/client2. For that reason some settings were not pushed, also the ip address setting. Now everything works fine with the original configuration above. If you are interested in the content of the ccd/client2 file:

ifconfig-push 10.2.0.2 10.2.0.1
iroute 192.168.178.0 255.255.255.0
iroute 192.168.3.0 255.255.255.0

tmomas · April 25, 2019, 12:54pm

If your problem is solved, please consider marking the topic as [Solved] (Click the pencil behind the topic...).