So I have a work vpn which I use to connect to the corporate network, then inside that network we have another vpn which is used to access some other subnets. VPN2 is openvpn and it goes to a server that is in VPN1, that mostly works fine, except that openwrt automagically adds a route to the VPN2 server over the WAN connection, where it obviously is not available (since that should go over VPN1). And every time I have to fix routing in console with
ip r del 10.10.10.10 (VPN2 server)
ip r add 10.10.10.10 dev vpn-vpn1
Automagic route is
10.10.10.10 via 10.61.72.1 dev eth0.2 (10.61.72 is what provider gives me, i.e. wan)
So I'm wondering what is the proper way to have that configured, i.e. a VPN over VPN. Probably routing and metricking, but I can't figure out ho to set that up.
Any hint will be much appreciated.
Can't you add a static route to 10.10.10.10 in the configuration?
Though it would be nice if it was possible to disable the host route added by tunnel protocols.
The simplest case is to run one VPN on router, and second on PC behind router.
Thanks for replies. I tried setting up a static route, but it doesn't help, since openvpn does things in a weird way
This is part of the log. What it does is it adds a route to OpenVPN server via WAN gw (10.61.72.1, provider gw on wan), while that server is only reachable over another vpn.
Mon Apr 27 18:23:56 2020 /sbin/route add -net 10.10.10.10 netmask 255.255.255.255 gw 10.61.72.1
I end up with two route table entries and the first (wrong one) takes precedence.
# ip r|grep 10.10.10.10
10.10.10.10 via 10.61.72.1 dev eth0.2 (defined by openvpn)
10.10.10.10 dev vpn-corp scope link (defined from static routes)
I tried route-metric option in openvpn config, but that only overrides all other routes, except this one.
What route do you want to add?
I'm adding a static route to vpn server IP address 10.10.10.10 to go through my main corp vpn. However when openvpn does it's connecting sequence it also adds a route to the same address but through WAN (
10.10.10.10 via 10.61.72.1 dev eth0.2 ) and system always uses the latter. Both routes have same metric (undefined, which I assume is 0), but the wrong one is always used (through wan)
Subnetworks should be different, without overlapping.
Ugh, apparently I'm not exactly following but there are no subnets involved, because it's just one single address of the VPN server.
Please, specify all subnetworks, lan, VPN, etc.