OpenVPN cannot ping remote IP routing loop issue after connecting

Sometimes if you have a very basic configuration OpenVPN on the client side for some reason sends all traffic to the OpenVPN server IP through the tun0 which is of course impossible and creates a block or routing loop. 

This is because you need to use your normal ISP/LAN gateway to hit the OpenVPN server if it is remote/offsite as is usually the case.  So if you are connected to the OpenVPN through say a tun0 device and your routing is set to connect to the OpenVPN server via the tun0 device this breaks everything!

Example below:

  I am very familiar with OpenVPN servers but I can't seem to ping the gateway or the DNS server for some reason.

    Mon Jul  9 21:46:56 2018 [access] Peer Connection Initiated with [AF_INET]92.85.42.11:1194
    Mon Jul  9 21:46:58 2018 TUN/TAP device tun0 opened
    Mon Jul  9 21:46:58 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Jul  9 21:46:58 2018 /sbin/ip link set dev tun0 up mtu 1500
    Mon Jul  9 21:46:58 2018 /sbin/ip addr add dev tun0 local 10.45.100.14 peer 10.45.100.13
    Mon Jul  9 21:46:58 2018 Initialization Sequence Completed


    route looks good but I cannot ping the gateway

    10.0.0.0        10.45.100.13   255.0.0.0       UG    0      0        0 tun0
    92.85.42.11   10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
    142.232.221.0   10.45.100.13   255.255.255.0   UG    0      0        0 tun0

    10.45.0.0      10.45.100.13   255.255.0.0     UG    0      0        0 tun0
    10.45.100.1    10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
    10.45.100.13   0.0.0.0         255.255.255.255 UH    0      0        0 tun0

    ping 10.45.100.1
    PING 10.45.100.1 (10.45.100.13) 56(84) bytes of data.
    ^C
    --- 10.45.100.1 ping statistics ---
    11 packets transmitted, 0 received, 100% packet loss, time 9999ms


Notice how the route for the VPN server 92.85.42.11 above is going through tun0.  Of course this breaks everything.  How can you connect to the remote IP server when it is going through a tunnel already running to it.  It is basically like a routing loop.  You connect to the Public IP of the OpenVPN server and then you are telling all traffic to that VPN network must first go over the tunnel but really all you've done here is broken the connection to the VPN server!

tun0 IP: 10.45.58.249

fix routing loop:

ip route del 92.85.42.11
 

Simply just delete the erroneous route to the VPN server IP and this will force traffic to pass properly through the tunnel and allow you to stay connected to the VPN tunnel this way and actually use it.  Alternatively you also could have manually specified that the VPN IP of 92.85.42.11 be specifically routed over a particular interface such as 192.168.1.1 or interface such as eth0 or enp3s0 etc..


Tags:

openvpn, ping, ip, routing, connectingsometimes, configuration, server, tun, creates, isp, lan, gateway, offsite, via, servers, dns, jul, peer, initiated, af_inet, do_ifconfig, tt, ipv, did_ifconfig_ipv, _setup, sbin, dev, mtu, addr, initialization, sequence, completed, ug, bytes, statistics, packets, transmitted, packet, vpn, ve, delete, erroneous, alternatively, manually, specified, routed, interface, eth, enp, etc,

Latest Articles

  • VMWare Pro Workstation Nic Disconnected and No IP Using NAT
  • Linux How To Create A RamDisk
  • mdadm force resync when resync=PENDING solution
  • Proxmox Breaks Storage/LVM Backing If Killing QEMU-IMG
  • Proxmox trying to acquire lock... TASK ERROR: can't lock file '/var/lock/qemu-server/lock-102.conf' - got timeout
  • Debian 9 SSH root password authentication failure password not working problem / solution
  • QEMU / KVM How To Manually Create Basic Virtual Machine VM
  • Linux wlan0 check all wireless clients
  • PHP Issues With Decoding Strange Smart Quotes And Non-Standard ASCII Characters
  • /etc/iproute2/rt_tables default settings file in Linux Centos 6,7 and most other NIX's
  • bind named error solutions named[2169]: error (no valid DS) resolving / error (broken trust chain) resolving / : error (no valid RRSIG) resolving 'com/DS/IN':
  • iptables how to log ALL dropped incoming packets
  • How To Edit Linux Based NM Network Manager Connection Settings Without GUI
  • Linux Disable IPV6 Centos / Debian / Mint Howto
  • Linux use growisofs to burn a larger file on a BD-R / Bluray Disc
  • Linux partprobe/partx cannot access last and 4th partition
  • DRBD Errors Caused By Physical Corruption
  • mdadm: add new device failed for /dev/sdb4 as 3: Invalid argument solution
  • Linux named / bind how to dump, view and clear the cache!
  • Centos 6 / 7 / 8 How To Change Default nameservers in /etc/resolv.conf when using DHCP / dhclient