openvpn push route via interface

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I configured my openvpn server to use 172.31.48.0/20, where ips from 172.31.48.0 to 172.31.62.255 are statically assigned, and 172.31.63.0/24 are dynamic.



tls-server
mode server
push "topology subnet"
ifconfig 172.31.48.1 255.255.240.0
ifconfig-pool 172.31.63.0 172.31.63.254 255.255.255.0


Where the static hosts have their ip set via ifconfig-push 172.31.48.2 255.255.240.0 in a file that matches their common name, and is in the client-configs directory that the server specified.



Clients that do not have a file with a corresponding common name will get a dynamic ip in the range 172.31.63.0/24, but they will not get a route to 172.31.48.0/20, so I cannot ping from the vpn host (172.31.48.1) to a client with a dynamic ip (such as 172.31.63.1)



On the dynamic client, it only has a route for 172.31.63.0/24, as is specified by ifconfig-pool. I would like to route all 172.31.48.0/20 traffic via the tun device that is created by the vpn client. If I run this command manually everything works:



sudo route add -net 172.31.48.0/20 dev vpn1


Where vpn1 is the vpn device specified in the client ovpn file



dev vpn1
dev-type tun


The route option in openvpn wants an ip and not a device interface, though. Meaning, this will not work:



push "route 172.31.48.0 255.255.240.0 vpn1"


And if I leave off vpn1 then openvpn on the client side will complain that no gateway was specified.



How can I route the 172.31.48.0/20 subnet on clients that get a dynamic ip?




routing openvpn




share|improve this question






















  • My current workaround is to use a bogus ip as the gateway from the client. It gets routed appropriately on the server. push "route 172.31.48.0 255.255.240.0 172.31.63.254"
    – jonr
    Mar 22 at 23:25














up vote
0
down vote

favorite












I configured my openvpn server to use 172.31.48.0/20, where ips from 172.31.48.0 to 172.31.62.255 are statically assigned, and 172.31.63.0/24 are dynamic.



tls-server
mode server
push "topology subnet"
ifconfig 172.31.48.1 255.255.240.0
ifconfig-pool 172.31.63.0 172.31.63.254 255.255.255.0


Where the static hosts have their ip set via ifconfig-push 172.31.48.2 255.255.240.0 in a file that matches their common name, and is in the client-configs directory that the server specified.



Clients that do not have a file with a corresponding common name will get a dynamic ip in the range 172.31.63.0/24, but they will not get a route to 172.31.48.0/20, so I cannot ping from the vpn host (172.31.48.1) to a client with a dynamic ip (such as 172.31.63.1)



On the dynamic client, it only has a route for 172.31.63.0/24, as is specified by ifconfig-pool. I would like to route all 172.31.48.0/20 traffic via the tun device that is created by the vpn client. If I run this command manually everything works:



sudo route add -net 172.31.48.0/20 dev vpn1


Where vpn1 is the vpn device specified in the client ovpn file



dev vpn1
dev-type tun


The route option in openvpn wants an ip and not a device interface, though. Meaning, this will not work:



push "route 172.31.48.0 255.255.240.0 vpn1"


And if I leave off vpn1 then openvpn on the client side will complain that no gateway was specified.



How can I route the 172.31.48.0/20 subnet on clients that get a dynamic ip?




routing openvpn




share|improve this question






















  • My current workaround is to use a bogus ip as the gateway from the client. It gets routed appropriately on the server. push "route 172.31.48.0 255.255.240.0 172.31.63.254"
    – jonr
    Mar 22 at 23:25












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I configured my openvpn server to use 172.31.48.0/20, where ips from 172.31.48.0 to 172.31.62.255 are statically assigned, and 172.31.63.0/24 are dynamic.



tls-server
mode server
push "topology subnet"
ifconfig 172.31.48.1 255.255.240.0
ifconfig-pool 172.31.63.0 172.31.63.254 255.255.255.0


Where the static hosts have their ip set via ifconfig-push 172.31.48.2 255.255.240.0 in a file that matches their common name, and is in the client-configs directory that the server specified.



Clients that do not have a file with a corresponding common name will get a dynamic ip in the range 172.31.63.0/24, but they will not get a route to 172.31.48.0/20, so I cannot ping from the vpn host (172.31.48.1) to a client with a dynamic ip (such as 172.31.63.1)



On the dynamic client, it only has a route for 172.31.63.0/24, as is specified by ifconfig-pool. I would like to route all 172.31.48.0/20 traffic via the tun device that is created by the vpn client. If I run this command manually everything works:



sudo route add -net 172.31.48.0/20 dev vpn1


Where vpn1 is the vpn device specified in the client ovpn file



dev vpn1
dev-type tun


The route option in openvpn wants an ip and not a device interface, though. Meaning, this will not work:



push "route 172.31.48.0 255.255.240.0 vpn1"


And if I leave off vpn1 then openvpn on the client side will complain that no gateway was specified.



How can I route the 172.31.48.0/20 subnet on clients that get a dynamic ip?




routing openvpn




share|improve this question














I configured my openvpn server to use 172.31.48.0/20, where ips from 172.31.48.0 to 172.31.62.255 are statically assigned, and 172.31.63.0/24 are dynamic.



tls-server
mode server
push "topology subnet"
ifconfig 172.31.48.1 255.255.240.0
ifconfig-pool 172.31.63.0 172.31.63.254 255.255.255.0


Where the static hosts have their ip set via ifconfig-push 172.31.48.2 255.255.240.0 in a file that matches their common name, and is in the client-configs directory that the server specified.



Clients that do not have a file with a corresponding common name will get a dynamic ip in the range 172.31.63.0/24, but they will not get a route to 172.31.48.0/20, so I cannot ping from the vpn host (172.31.48.1) to a client with a dynamic ip (such as 172.31.63.1)



On the dynamic client, it only has a route for 172.31.63.0/24, as is specified by ifconfig-pool. I would like to route all 172.31.48.0/20 traffic via the tun device that is created by the vpn client. If I run this command manually everything works:



sudo route add -net 172.31.48.0/20 dev vpn1


Where vpn1 is the vpn device specified in the client ovpn file



dev vpn1
dev-type tun


The route option in openvpn wants an ip and not a device interface, though. Meaning, this will not work:



push "route 172.31.48.0 255.255.240.0 vpn1"


And if I leave off vpn1 then openvpn on the client side will complain that no gateway was specified.



How can I route the 172.31.48.0/20 subnet on clients that get a dynamic ip?





routing openvpn





share|improve this question













share|improve this question




share|improve this question








edited Mar 22 at 22:16

























asked Mar 22 at 21:13









jonr

1011




1011











  • My current workaround is to use a bogus ip as the gateway from the client. It gets routed appropriately on the server. push "route 172.31.48.0 255.255.240.0 172.31.63.254"
    – jonr
    Mar 22 at 23:25
















  • My current workaround is to use a bogus ip as the gateway from the client. It gets routed appropriately on the server. push "route 172.31.48.0 255.255.240.0 172.31.63.254"
    – jonr
    Mar 22 at 23:25















My current workaround is to use a bogus ip as the gateway from the client. It gets routed appropriately on the server. push "route 172.31.48.0 255.255.240.0 172.31.63.254"
– jonr
Mar 22 at 23:25




My current workaround is to use a bogus ip as the gateway from the client. It gets routed appropriately on the server. push "route 172.31.48.0 255.255.240.0 172.31.63.254"
– jonr
Mar 22 at 23:25















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f432935%2fopenvpn-push-route-via-interface%23new-answer', 'question_page');

);

Post as a guest






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f432935%2fopenvpn-push-route-via-interface%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Displaying single band from multi-band raster using QGIS

Image
Clash Royale CLAN TAG #URR8PPP 1 How can I extract a single band from multi-band raster in QGIS? I have an remote sensed image which has 6 bands (including NDVI band), I want to display each band separately, but have no idea how to do. I have seen some questions similar here but none worked for me. The original image (has 6 bands) is: I want to display the band 6 which should be like this: But I tried gdal_translate, and couldn't get the correct result. What I have got is: qgis raster multi-band share | improve this question edited Mar 5 at 0:53 Summer asked Mar 4 at 6:42 Summer Summer 23 6 Is this any help gis.stackexchange.com/questions/220658/… ? if not gis.stackexchange.com/questions/62133/… might help. – Michael Stimson Mar 4 at 6:46 Thanks for answering but when I used gdal_translate, qgis showed that 'Error 4: Kayena.tif: No such file or directory". Would you know how to fix it? –
Read more

How many registers does an x86_64 CPU actually have?

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite I am currently learning reverse engineering and am studying the flags register. I had in my mind that rflags was just another name for one of the 16 general purpose registers, for example rax or rbx . But it looks like rflags is actually an additional register. So that makes 17 registers in total... how many more could there be? I have spent at least an hour on this and found numerous different answers. The best answer so far is this, which says that there are 40 registers in total. 16 General Purpose Registers 2 Status Registers 6 Code Segment Registers 16 SSE Registers 8 FPU/MMX Registers But if I add that up, I get 48. Could anybody provide an official answer on how many registers an x86_64 CPU has (e.g. an Intel i7). Additionally, I have seen references to 'hardware' and 'architectural' registers. What are those registers and how many are there? register x86-64 share | improve this
Read more