Ping a Specific Port

Question

Devator

Asked: 2013-09-11 17:03:23 +0800 CST2013-09-11 17:03:23 +0800 CST 2013-09-11 17:03:23 +0800 CST

OpenVPN routing issue (cache in routing tables)

772

I'm adding the route IP_ADDRESS NETMASK net_gatewayto the OpenVPN config file (locally), so it's not being pushed by the server and it works perfectly fine.

However, when I remove the routing line from the configuration file and reconnect to the OpenVPN server, it stays in the routing tables (according to route PRINT (in cmd.exe) on Windows 7). Which means OpenVPN doesn't remove the previously generated route.

I'd like to know how to prevent this. I have added a sample configuration file below (which is not too special).

client
dev tap
proto tcp-client
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
comp-lzo
verb 3
auth-user-pass
route 192.168.1.100 255.255.255.255 net_gateway

3 Answers

Voted

inetplumber · Answer 1 · 2013-09-11T19:04:43+08:00

inetplumber

2013-09-11T19:04:43+08:002013-09-11T19:04:43+08:00

The Windows 7 client machine is most likely caching the IP entry in it's ARP table or routing table. This Microsoft article outlines some default ARP behavior on Windows 7 http://support.microsoft.com/kb/949589, including what the default time an entry is retained for. To test this hypothesis, I would connect using OpenVPN, disconnect, then flush the ARP table, and/or flush the routing table as well and see if the route still persists. If it's immediately gone, see how long it takes Windows 7 to remove the route without the manual flush. If that is the case, then you'll have to find a way to modify the default lifetime of a route/arp entry either via OpenVPN or a Windows 7 parameter or flush the table on the client post OpenVPN disconnect.

1

Zoredache · Answer 2 · 2013-09-11T21:40:10+08:00

Zoredache

2013-09-11T21:40:10+08:002013-09-11T21:40:10+08:00

Define re-connect? How are you reconnecting?

You are using persist-tun in your configuration, which means the tunnel device stays up during a standard reload. Since the interface never goes down, routes associated with it never go away.

1

Michal Sokolowski · Answer 3 · 2015-05-19T15:12:36+08:00

Michal Sokolowski

2015-05-19T15:12:36+08:002015-05-19T15:12:36+08:00

You can set up DHCP server and push routes using it: https://superuser.com/questions/874671/how-can-i-inform-mac-os-and-ios-clients-of-vpn-routes
Remove persist-tun and pushing IP to client in VPN server configuration file.

I have this setup in a company I take care about, works perfectly. Basic idea of this solution is that Windows will deconfigure VPN interface after disconnect and configure it again after successful connect. No need for administrator rights, no hidden agenda, it's just work. Compatibility? Everything besides MacOS.

1

OpenVPN routing issue (cache in routing tables)

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?