iroute does not work for openvpn networks

There is a quite common openvpn scenario:

NETWORK_A — GW_A — INTERNET — GW_B — NETWORK_B
GW_A is openvpn server, GW_B is client.

Everything is setup correctly including iroute.
Networking routes still cannot be used.

port 1394
proto tcp
# TUN device nem
dev t-server
dev-type tun
ca keys/server/ca.crt
cert keys/server/server.crt
key keys/server/server.key
dh keys/server/dh2048.pem
server 10.101.0.0 255.255.255.0
ifconfig-pool-persist ipp-client.txt
keepalive 10 120
tls-auth keys/server/ta.key 0
comp-lzo
#client-to-client
persist-key
persist-tun
status /var/log/openvpn/server-status.log
log  /var/log/openvpn/server.log
verb 3
client-config-dir ccd-server

# TCP tuning
txqueuelen 500
rcvbuf 1024000
sndbuf 1024000

# NETWORK_B
route 10.0.0.0 255.255.254.0
# NETWORK_A
push "route 10.215.37.0 255.255.255.0"
client
# TUN device name
dev t-ovpn-server
dev-type tun
proto tcp
remote ovpn-server.foo.com 1394
resolv-retry infinite
nobind
persist-key
persist-tun
ca ovpn-server/ca.crt
cert ovpn-server/client.crt
key ovpn-server/client.key
ns-cert-type server
tls-auth ovpn-server/ta.key 1
comp-lzo
verb 4
mute 20
log /var/log/openvpn/ovpn-server.log

# TCP tuning
txqueuelen 500
rcvbuf 1024000
sndbuf 1024000

On the server in the file ccd-server/client:

iroute "10.0.0.0 255.255.255.0"

In the log file there is something like this:
Sat Nov 10 22:59:55 2012 office/111.222.333.444:55221 MULTI: internal route 10.0.0.0 -> client/555.666.777.8888:55221

Solution:

Don’t use quotes after iroute:
iroute 10.0.0.0 255.255.255.0

avatar

About tompos

Hungary, Budapest
This entry was posted in BSD, IT, Linux. Bookmark the permalink.

Leave a Reply