OpenVPN cannot ping remote IP routing loop issue after connecting

Sometimes if you have a very basic configuration OpenVPN on the client side for some reason sends all traffic to the OpenVPN server IP through the tun0 which is of course impossible and creates a block or routing loop. 

This is because you need to use your normal ISP/LAN gateway to hit the OpenVPN server if it is remote/offsite as is usually the case.  So if you are connected to the OpenVPN through say a tun0 device and your routing is set to connect to the OpenVPN server via the tun0 device this breaks everything!

Example below:

  I am very familiar with OpenVPN servers but I can't seem to ping the gateway or the DNS server for some reason.

    Mon Jul  9 21:46:56 2018 [access] Peer Connection Initiated with [AF_INET]92.85.42.11:1194
    Mon Jul  9 21:46:58 2018 TUN/TAP device tun0 opened
    Mon Jul  9 21:46:58 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Jul  9 21:46:58 2018 /sbin/ip link set dev tun0 up mtu 1500
    Mon Jul  9 21:46:58 2018 /sbin/ip addr add dev tun0 local 10.45.100.14 peer 10.45.100.13
    Mon Jul  9 21:46:58 2018 Initialization Sequence Completed


    route looks good but I cannot ping the gateway

    10.0.0.0        10.45.100.13   255.0.0.0       UG    0      0        0 tun0
    92.85.42.11   10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
    142.232.221.0   10.45.100.13   255.255.255.0   UG    0      0        0 tun0

    10.45.0.0      10.45.100.13   255.255.0.0     UG    0      0        0 tun0
    10.45.100.1    10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
    10.45.100.13   0.0.0.0         255.255.255.255 UH    0      0        0 tun0

    ping 10.45.100.1
    PING 10.45.100.1 (10.45.100.13) 56(84) bytes of data.
    ^C
    --- 10.45.100.1 ping statistics ---
    11 packets transmitted, 0 received, 100% packet loss, time 9999ms


Notice how the route for the VPN server 92.85.42.11 above is going through tun0.  Of course this breaks everything.  How can you connect to the remote IP server when it is going through a tunnel already running to it.  It is basically like a routing loop.  You connect to the Public IP of the OpenVPN server and then you are telling all traffic to that VPN network must first go over the tunnel but really all you've done here is broken the connection to the VPN server!

tun0 IP: 10.45.58.249

fix routing loop:

ip route del 92.85.42.11
 

Simply just delete the erroneous route to the VPN server IP and this will force traffic to pass properly through the tunnel and allow you to stay connected to the VPN tunnel this way and actually use it.  Alternatively you also could have manually specified that the VPN IP of 92.85.42.11 be specifically routed over a particular interface such as 192.168.1.1 or interface such as eth0 or enp3s0 etc..


Tags:

openvpn, ping, ip, routing, connectingsometimes, configuration, server, tun, creates, isp, lan, gateway, offsite, via, servers, dns, jul, peer, initiated, af_inet, do_ifconfig, tt, ipv, did_ifconfig_ipv, _setup, sbin, dev, mtu, addr, initialization, sequence, completed, ug, bytes, statistics, packets, transmitted, packet, vpn, ve, delete, erroneous, alternatively, manually, specified, routed, interface, eth, enp, etc,

Latest Articles

  • Cisco Router Setup Guide and Tutorial Howto With Commands and Examples
  • Linux Bash Script To List All Connected IPs and their network name
  • Cisco Switches How To Get Of Port Line Status Console Messages
  • Cisco DHCP Snooping Relay Setup Information
  • Cisco Switch Setup Guide Command List
  • Cisco 2960 Switch Reset To Factory Defaults
  • How To Boot Cisco CUCM UCSInstall 8.6, 10, 11 and 12 on KVM/Proxmox
  • VBOX VirtualBox How To Import Raw .img Disk File
  • Windows Server 2012, 2016, 2019 How To Install and Missing Disabled Telnet Client
  • proxmox vm networking breaks when you restart your network on the hostnode
  • Linux ln symlink how to update existing symbolic link
  • Ubuntu 18.04 / Linux Mint 19.1 Cannot Type or Login - solution
  • LUKS Hard Drive Encryption on Linux Mint Ubuntu Debian etc how to mount encrypted hard drive
  • How to use nmap locate other machines/computers/servers on your network using nmap
  • Linux Mint 18.2 Create Config File To Start Application Upon Login
  • Dell Wyse Thin Client BIOS Access Key
  • sudoers file in /etc warning about comments/includes!
  • Centos 7 Reallocate logical volume space to another
  • lvm how to reduce volume size
  • letsencrypt certbot error "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80."