Openvpn client config - add route

Hi all,
i want to ask how can i add a route to the config file in openvpn. I have a configured vpn host to lan with OpenVPN. if i connect i can ping the client from the lan, but can not ping the lan from the client.
If i add a route to win xp: route add 192.168.3.0 netmask 255.255.255.0 192.168.4.1,
where 192.168.3.0 is the destination network, and 192.168.4.1 is the ip of the VPN interface.. than it is working. How can i make this work automatically?

thanks
LVL 3
PatricckAsked:
Who is Participating?
 
tty2Connect With a Mentor Commented:
Add line

push "route 192.168.3.0 255.255.255.0"

in server.config on the server side.
0
 
PatricckAuthor Commented:
It is not working from the client to the server LAN not from the server LAN to the client. It needs to be configured on the server side and not on the client side?
0
 
tty2Commented:
Server belongs to lan 192.168.3.0, as I understood? If yes, with this "push" server tells to clients that they may achieve this lan via vpn gateway.
From the server.conf:
# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
PatricckAuthor Commented:
when i put the
--push "route 192.168.3.0 255.255.255.0" command in the VPN parameter line in the zeroshell configuration menu.. still the same issue, it can not push the route to the client.
0
 
PatricckAuthor Commented:
I have this in my logs:

SENT CONTROL [client static iP]: 'PUSH_REQUEST' (status=1)
SENT CONTROL [client static ip]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.4.1,,dhcp-option DNS 192.168.4.1,route remote_host 255.255.255.255 net_gateway 1,route 192.168.3.0 255.255.255.255,route 192.168.4.0 255.255.255.255,route 192.168.3.0 255.255.255.0,ping 5,ping-restart 60,ifconfig 192.168.4.100 255.255.255.0'
OPTIONS IMPORT: timers and/or timeouts modified
0
 
tty2Commented:
Have you restart openvpn server with "/etc/init.d/openvpn.server restart"?
Have you read logs on client side? There must be line like
"route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.4.1"
and messages about possible errors.
If there is no such line - or you need specify parameter "pull" on client side, or server ignores parameter "push" from zeroconf.
You'd better add parameters to openvpn server to /etc/openvpn/server.conf directly...
0
 
tty2Commented:
I have this in my logs:

Is this log from client? Or from server?
0
 
PatricckAuthor Commented:
client log
0
 
tty2Commented:
PUSH ... ,route 192.168.3.0 255.255.255.0,...
Client receives routing rule, OK.
Do you run vpn client as Administrator?
0
 
PatricckAuthor Commented:
I run vpn client as Admin, i dont have "route add" in my clients log file. But on the zeroshell box i can not find the config file its not under the normal /etc/openvpn/ directory..
I have deleted my configs, but now i have this in my clients log file:


TEST ROUTES: 4/4 succeeded len=4 ret=1 a=0 u/d=up
route ADD SERVER STATIC IP MASK 255.255.255.255 158.195.192.1 METRIC 1
ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct.   [if_index=11]
Route addition via IPAPI failed
route ADD 192.168.3.0 MASK 255.255.255.255 192.168.4.1
ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct.   [if_index=33]
Route addition via IPAPI failed
route ADD 192.168.4.0 MASK 255.255.255.255 192.168.4.1
Warning: route gateway is not reachable on any active network adapters: 192.168.4.1
Route addition via IPAPI failed
route ADD 192.168.3.0 MASK 255.255.255.0 192.168.4.1
Warning: route gateway is not reachable on any active network adapters: 192.168.4.1
Route addition via IPAPI failed
Initialization Sequence Completed
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #16 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

0
 
PatricckAuthor Commented:
After creating the connection one more time, this solved the problem.

Thanks very much

Best regards
Patrik
0
All Courses

From novice to tech pro — start learning today.