Home / server / Questions / 994362
Accepted
user2586441
Asked: 2019-12-05 14:08:13 +0800 CST

Windows Server 2012 uses default gateway ignoring more specific routes through openvpn interface

  • 772

Windows 2012 Server has two network interfaces. One with static IPv4 configuration and a TAP adapter which is activated when this server connects to remote OpenVPN server.

Physical NIC, which is used by this server to communicate with Internet, has usual IPv4 settings (address,mask,default gateway, dns).

Once connection with remote OpenVPN server is established, ip address 10.0.10.6/24 is assigned via DHCP on TAP interface and I can communicate with OpenVPN's ip 10.0.10.1.

However, if I try to add route to a network behind OpenVPN server, Windows ignores it - tracert shows that packets to hosts in this network go through default gateway.

This is the routing table with VPN connection established.

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination      Netmask        Gateway       Interface  Metric
0.0.0.0           0.0.0.0          100.100.67.1   100.100.67.45    11
10.0.10.0         255.255.255.0    10.0.10.5      10.0.10.6        20
100.100.67.0      255.255.255.192  On-link        100.100.67.45   266
100.100.67.45     255.255.255.255  On-link        100.100.67.45   266
100.100.67.63     255.255.255.255  On-link        100.100.67.45   266
127.0.0.0         255.0.0.0        On-link        127.0.0.1       306
127.0.0.1         255.255.255.255  On-link        127.0.0.1       306  
127.255.255.255   255.255.255.255  On-link        127.0.0.1       306  
192.168.151.0     255.255.255.0    10.0.10.1      10.0.10.6        21
224.0.0.0         240.0.0.0        On-link        127.0.0.1       306  
224.0.0.0         240.0.0.0        On-link        10.0.10.6       276
224.0.0.0         240.0.0.0        On-link        100.100.67.45   266
255.255.255.255   255.255.255.255  On-link        127.0.0.1       306  
255.255.255.255   255.255.255.255  On-link        10.0.10.6       276
255.255.255.255   255.255.255.255  On-link        100.100.67.45   266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0  100.100.67.1  Default
===========================================================================

(I changed first two octets of ISP network to 100.100)

Communications between this server (10.0.10.6) and OpenVPN server (10.0.10.1) are working fine. As you can see, there is a route to 192.168.151.0/24 network via 10.0.10.1 gateway which is available through local address 10.0.10.6

I add this route like this:

route add 192.168.151.0 mask 255.255.255.0 10.0.10.1

However, tracing host in 192.168.151.0/24 network shows that packets are sent through default route to Internet Provider instead of being routed through gateway 10.0.10.1

C:\Users\user1>tracert -d 192.168.151.1
Tracing route to 192.168.151.1 over a maximum of 30 hops

  1    2 ms    2 ms    5 ms  100.100.67.1
  2   <1 ms   <1 ms    2 ms  213.239.245.229
  3    3 ms    5 ms    2 ms  213.239.224.13
^C
C:\Users\user1>

What am I missing?

windows-server-2012-r2

1 Answers

  1. Best Answer

    As @Zoredache stated in comments, my openvpn server had the topology net30 option, so route through vpn server should be configured through 10.0.10.5 address, not On-link address on TAP interface.

    • 1