OpenVPN unable to reach local network while connected

Question

I'm currently unable to access my local network while I'm connected to the OpenVPN server. This issue is present since I changed the underlining network of the client that connects to the openvpn server

actually the following option as always worked for me at the client config:

route 10.42.0.0 255.255.0.0 net_gateway
route 10.43.0.0 255.255.0.0 net_gateway

Well not anymore it seems. I'm already digging for hours but I was not able to find a solution yet, see my full config options:

auth-user-pass
client
dev tun
hand-window 120
inactive 604800
mute-replay-warnings
nobind
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4
tun-mtu  1500
proto udp
fragment 1300
mssfix
comp-lzo
key-direction 1
cipher AES-256-GCM
auth SHA512
ignore-unknown-option ncp-disable
ncp-disable
remote-cert-tls server


pull-filter ignore ifconfig-ipv6
pull-filter ignore route-ipv6
pull-filter ignore comp-lzo
pull-filter ignore "redirect-gateway def1 ipv6"
pull-filter ignore "dhcp-option DNS"
route 10.42.0.0 255.255.0.0 net_gateway
route 10.43.0.0 255.255.0.0 net_gateway
...

The client is not Ipv6 capeable so I removed that options a while ago. At my oprnvpn log I see the following issue:

2021-01-23 04:33:02 us=409604 do_ifconfig, ipv4=1, ipv6=0
2021-01-23 04:33:02 us=409631 net_iface_mtu_set: mtu 1500 for tun0
2021-01-23 04:33:02 us=409674 net_iface_up: set tun0 up
2021-01-23 04:33:02 us=409751 net_addr_v4_add: 10.0.194.60/24 dev tun0
2021-01-23 04:33:04 us=483688 net_route_v4_add: 178.162.194.30/32 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483917 net_route_v4_add: 0.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483958 net_route_v4_add: 128.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483991 net_route_v4_add: 10.42.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=484023 net_route_v4_add: 10.43.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=484062 sitnl_send: rtnl: generic error (-101): Network is unreachable
2021-01-23 04:33:04 us=484078 ERROR: Linux route add command failed
2021-01-23 04:33:04 us=484109 Initialization Sequence Completed

score 1 · Answer 1 · answered Aug 08 '22 at 14:58

I'm newbie to OpenVPN too....

I got the same problem as you described: OpenVPN overwriting routing in client machine....

2021-01-23 04:33:04 us=483688 net_route_v4_add: 178.162.194.30/32 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483917 net_route_v4_add: 0.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483958 net_route_v4_add: 128.0.0.0/1 via 10.0.194.2 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=483991 net_route_v4_add: 10.42.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1
2021-01-23 04:33:04 us=484023 net_route_v4_add: 10.43.0.0/16 via 10.42.240.0 dev [NULL] table 0 metric -1

After spent a few hours, I just look for routes parameters in the options running the client ==> https://openvpn.net/community-resources/reference-manual-for-openvpn-2-0/ .

I found the parameter route-noexec in the client config file does the trick (at least for me ).

About the specs:

Client machine

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy

$ apt-cache policy openvpn
openvpn:
  Installed: 2.5.5-1ubuntu3
  Candidate: 2.5.5-1ubuntu3
  Version table:
 *** 2.5.5-1ubuntu3 500
        500 http://nl.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
        100 /var/lib/dpkg/status

Relevant config file section on client file:

client
proto udp4
explicit-exit-notify
remote <some_IP> 1194 
dev tun0
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_<some_chars> name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 5 
compress lz4-v2

route-noexec ###added code

Server specifications :

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye



$ apt-cache policy openvpn
openvpn:
  Installed: 2.5.7-stretch0
  Candidate: 2.5.7-stretch0

Hope it helps ;-)

score 0 · Answer 2 · answered Jan 23 '21 at 16:09

After some diging I found a solution. I was running on the lastest version of OpenVPN (2.5.0 at the moment) which seems to have exactly this issue. Simply use OpenVPN 2.4.10 (which is from Dezember 2020) and you are good to go.

OpenVPN unable to reach local network while connected

2 Answers2