# [solved] openvpn overwrites local route

## prelude

I have been trying to get an openvpn running. I have used virtually the same configuration on older hardware (and older versions of software) without trouble.

When the vpn starts the server pushes routes to the clients. When this happens on most of my gentoo machines the local route gets pushed as well. ie, my local lan should be routed to eth1 but a second route is pushed through openvpn to route to tun0 and then everything breaks.

Strangely enough, this problem does not occur on one of my gentoo boxes and on the debian box i also run.

The config are exactly the same, as are the openvpn version.

server config

```
dev tun

proto udp

port 1194

local x.x.x.x

ca ca.crt

cert server.crt

key server.key

dh dh2048.pem

server 172.16.1.0 255.255.255.0

ifconfig-pool-persist ipp.txt

client-config-dir ccd/

route 10.0.0.0 255.255.252.0

route 192.168.0.0 255.255.255.0

route 192.168.1.0 255.255.255.0

route 192.168.2.0 255.255.255.0

route 192.168.3.0 255.255.255.0

route 192.168.4.0 255.255.255.0

route 192.168.5.0 255.255.255.0

push "route 10.0.0.0 255.255.252.0"

push "route 192.168.0.0 255.255.255.0"

push "route 192.168.1.0 255.255.255.0"

push "route 192.168.2.0 255.255.255.0"

push "route 192.168.3.0 255.255.255.0"

push "route 192.168.4.0 255.255.255.0"

push "route 192.168.5.0 255.255.255.0"

client-to-client

keepalive 1 5

persist-tun

persist-key

persist-local-ip

persist-remote-ip

push "persist-key"

push "persist-tun"

```

client 1 (not working)

```
proto udp

port 1194

remote x.x.x.x

dev tun

ca ca.crt

cert client1.crt

key client1.key

```

openvpn version:

```
OpenVPN 2.3.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 24 2015

library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08

Originally developed by James Yonan

Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=no enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir=//usr/lib64/openvpn with_sysroot=no

```

routing table

```
Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

0.0.0.0         x.x.x.x     0.0.0.0         UG        0 0          0 eth0

10.0.0.0        172.16.1.5      255.255.252.0   UG        0 0          0 tun0

10.0.0.0        0.0.0.0         255.255.252.0   U         0 0          0 eth1

83.128.12.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo

172.16.1.0      172.16.1.5      255.255.255.0   UG        0 0          0 tun0

172.16.1.5      0.0.0.0         255.255.255.255 UH        0 0          0 tun0

192.168.0.0     172.16.1.5      255.255.255.0   UG        0 0          0 tun0

192.168.1.0     172.16.1.5      255.255.255.0   UG        0 0          0 tun0

192.168.2.0     172.16.1.5      255.255.255.0   UG        0 0          0 tun0

192.168.3.0     172.16.1.5      255.255.255.0   UG        0 0          0 tun0

192.168.4.0     172.16.1.5      255.255.255.0   UG        0 0          0 tun0

192.168.5.0     172.16.1.5      255.255.255.0   UG        0 0          0 tun0

```

note that the two duplicate 10.0.0.0 entries!

client 2 (working)

```

proto udp

port 1194

remote x.x.x.x

dev tun

ca ca.crt

cert client2.crt

key client2.key

```

openvpn version:

```
OpenVPN 2.3.6 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 31 2014

library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08

Originally developed by James Yonan

Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=no enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir=//usr/lib/openvpn with_sysroot=no

```

routing table:

```
Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

0.0.0.0         x.x.x.x     0.0.0.0         UG        0 0          0 eth0

10.0.0.0        172.16.1.9      255.255.252.0   UG        0 0          0 tun0

88.159.32.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0

127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo

172.16.1.0      172.16.1.9      255.255.255.0   UG        0 0          0 tun0

172.16.1.9      0.0.0.0         255.255.255.255 UH        0 0          0 tun0

192.168.0.0     172.16.1.9      255.255.255.0   UG        0 0          0 tun0

192.168.1.0     172.16.1.9      255.255.255.0   UG        0 0          0 tun0

192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1

192.168.3.0     172.16.1.9      255.255.255.0   UG        0 0          0 tun0

192.168.4.0     172.16.1.9      255.255.255.0   UG        0 0          0 tun0

192.168.5.0     172.16.1.9      255.255.255.0   UG        0 0          0 tun0

```

note that there is only one 192.168.2.0 route, the correct one. The server logs the following "error" for client 2, which I understand is expected behaviour since the route can/should not be pushed:

```

Options error: option 'route' cannot be used in this context (ccd//client2)

```

I am at a complete loss as to what is causing this? Manually deleting the offending route does not seem to solve the problem, stopping openvpn then leaves me with no routes to the local lan.

Thank you for any help  :Smile: 

----------

## prelude

Ok, so I figured it out. Turns out that my client config file in the ccd direcotry was not equal to my common name (CN).

----------

