Gargoyle Forum

Been looking at how OpenVPN is working in v1.11 and have run across a few things that puzzle me. In the below example the server LAN is 192.168.2.0 and the client LAN is 192.168.5.0 and we want these two to route both ways.

There is an option in the Gargoyle interface to allow access to the LAN behind the client. In my example this LAN is 192.168.5.0. As result of this option the following appears in the server.conf file:
And in the syslog I see the following: I cannot see how this can work because at the time the server is coming up the client has not yet established the connection so there is no 10.8.0.2 network yet.

Even though there is no error shown in the logfile there is also no route added to the route table. So I cannot access the 192.168.5.0 network until I manually add a route to it after everything is up.

I do not remember this being an issue in v1.10. Has something broken?

This looks ominous. Might be a kernel issue.
https://forums.openvpn.net/viewtopic.php?t=25771
Solved in kernel 4.20.13

I don't see this behaviour.
When i define a client with a routed subnet behind it, i get a route defined in the routing table straight away.

It is ok to define a *dead* route. It tells the router how to find the address, but does not guarantee that it will find it.

This being said... I'm betting you have a version of Openvpn installed that isn't 2.4.4 release 2 don't you... So this could be causing a slight issue.

I am using the version of OpenVPN which was included in the build. How do I tell which version it is? Running "OpenVPN --help" displays "Usage message not available".

This is a NETGEAR WNDR3700v2 running 1.11.0 downloaded from the website last week.

I see you are correct that it is possible to add a route before it comes up. Its just weird that the logfile shows this command being executed but nothing appears it the route table and no errors in the logfile.

"openvpn --version"

The 3700v2 should be ok. I thought we were still talking about one of your routers which required a plugin install.

I'm still having a look to see if anything obvious comes up, but so far not able to reproduce.

Been looking at how OpenVPN is working in v1.11 and have run across a few things that puzzle me. In the below example the server LAN is 192.168.2.0 and the client LAN is 192.168.5.0 and we want these two to route both ways.

Have you been using "gargoyle-OpenVPN" previous to 1.11.0?

Just trying to work out if its a setup problem or changes to 1.11.0

https://www.gargoyle-router.com/wiki/do ... reversevpn

i can confirm the same issue with v1.11 ovpn route on server for hosts behind the client

1. I have done multiply setup of point-to-point based on gargoyle 1.10 (and previous) openvpn and the settings for server and clients are same in 1.11.
2. my current setup with 1.11
192.168.2.0 /24 -> 192.168.2.1: gargoyle-ovpn-server <---> 192.168.1.1: gargoyle-ovpn-server <- 192.168.1.0
10.1.0.1 is ip on server side tunnel and 10.1.0.2 is ip on client site
after tunnel is up i can ping from 192.168.1.0 to 192.168.2.0
but there is no ping in reverse direction

traceroute to 192.168.1.13 (192.168.1.13), 64 hops max
1 192.168.2.1 0.946ms 0.922ms 0.907ms
2 92.96.253.2 2.405ms 2.249ms 5.415ms
3 * ^C

but there is route to 192.168.1.0 through 10.1.0.2 in OVPN server.conv.

if manually add route
/sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.1.0.2
then
ping appears
traceroute to 192.168.1.13 (192.168.1.13), 64 hops max
1 192.168.2.1 0.919ms 0.913ms 0.873ms
2 10.1.0.2 9.272ms 7.070ms 8.283ms
3 192.168.1.13 6.851ms 7.447ms 7.714ms

it is really strange, even after start the router i can see in initial stage the required route in route table (from gui) but then the route disappeared and not appears any more.

I was made 2 fresh setup with WDR1900ac and then i ve changed hardware to brand new archer c7 ver.5 and found the same behaviour.

So it looks like some issue with 1.11
Kindly help, it is in production now and i need to add the route manually any time after restart.

openvpn --version
OpenVPN 2.4.4 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

1.11.X (Built 20190405-0155 git@4685bd7f)
Model:TP-LINK Archer C7 v5
(i faced the same issue with 1.11.0)

log is attached.

@ivklim
Can you post config screen shots?

Its really helpful

Thanks

kindly find the link to download, i can not post it directly coz of size
https://we.tl/t-dHIQUDWpf2




the route to 192.168.1.0 has been added manually

as u can see there is another network behind vpn tunnel - 192.168.14.0 and there is no route to it.

please looking for help