Opened 3 years ago

Last modified 3 years ago

#1004 new Bug / Defect

VPN routes stay intact when changed local network but can't reconnect to VPN from that new local network

Reported by: teneri Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

VPN routes stay intact when changed local network but can't reconnect to VPN from that new local network.

So the situation is the following:
# You connect from home network to office VPN network from your laptop.
# Then you suspend the laptop, take to the office, resume it from sleep.

*Current result:*
You can't connect to machines in office network. The pushed route is still set up though VPN client can't to office VPN anymore.

Sending HUP signal to openvpn client fixes the problem but probably sending signal after each resume from sleep is not the optimal choice.

*Expected result:*
Routes are not present after resume.


Or how should I change the configuration to suit my needs best (e.g. apply pushed route's metric to be higher?)

Change History (4)

comment:1 in reply to:  description Changed 3 years ago by teneri

Server configuration:

push "route 192.168.1.0 255.255.255.0"

comment:2 Changed 3 years ago by teneri

The workaround is to push metric (along with route). So add this to server configuration:

push "route-metric 700"

comment:3 Changed 3 years ago by Gert Döring

client log?
software version, platform?

comment:4 Changed 3 years ago by teneri

Ubuntu 17.10.

# openvpn --version
OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  3 2017
library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
Note: See TracTickets for help on using tickets.