Openvpn client add wrong route

Chiara · August 21, 2017, 1:04pm

This is a site-to-site configuration, I’ve got this running for a year without issue, this morning I’ve upgraded, and seems that a route is automatically added.
With that route not traffic between clients is possible.

Pfesense 2.4.1 as openvpn server
RouterOs 6.40.1 as openvpn client

/ppp> profile print

2   name="ovpn" local-address=10.7.50.2 remote-address=10.7.50.1 
     use-mpls=default use-compression=default use-encryption=default

/interface ovpn-client print

 
Flags: X - disabled, R - running 
 0  R name="ovpn-out1"  max-mtu=1500 
      connect-to=myserver port=1194 mode=ip user="any" password="" 
      profile=ovpn certificate=User_Certificate.crt_0 auth=sha1 
      cipher=blowfish128 add-default-route=no

/ip route print

 
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
1   S  0.0.0.0/0                          192.168.1.1               1
2  ADS  10.7.208.0/24                      255.255.255.255           1
3   S  10.7.208.0/24                      TBovpn-out1               1
4 ADC  255.255.255.255/32 10.7.50.2       TBovpn-out1               0

if I manually remove the 2 ADS 10.7.208.0/24 255.255.255.255 1 route everything works fine.

With previous versions I’ve never noticed this issue.
Is there a way to say to mikrotik to not add this route or automatically remove it?
Thanks, BR

emils · August 21, 2017, 1:29pm

Please re-establish the VPN (by disabling and enabling), generate supout.rif and send it to support@mikrotik.com.

Chiara · August 22, 2017, 11:24am

I’ve submitted the support file, I share the reply for the ones who got this problem:

Hello,

Thank you very much for the report. The server is not providing IP configuration (ifconfig) to the client, so IP address from PPP profile is used. Unfortunately, there is a bug that “network” field is not taken from PPP “remote-address” field. We will try to fix this issue as soon as possible. As a workaround, please configure your server to distribute IP address to the client.

Best regards,
Emils

–
MikroTik.com

techrambler · November 24, 2017, 2:24pm

Thanks for sharing!

I did try some custom options, but this one is the only one I’ve got working → push “ifconfig 1.2.3.4 1.2.3.3”

It seems to work fine for now.

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          11.22.33.44               1
 1 ADS  10.241.55.0/25                     1.2.3.3                   1
 2 ADS  10.241.54.0/24                     1.2.3.3                   1
 3 ADS  10.241.53.0/24                     1.2.3.3                   1
 4 ADC  10.251.53.0/24     10.254.17.1     br-vlan10                 0
 5 ADC  10.251.54.0/24     10.254.18.1     br-vlan4                  0
 6 ADC  10.251.55.0/25     10.254.19.1     br-mgmt                   0
 7 ADC  10.251.55.128/25   10.254.19.129   br-vlan3                  0
 8 ADC  11.22.33.44/30     46.195.49.77    ether1                    0
 9 ADC  1.2.3.3/32         1.2.3.4         OVPN                      0

mafiosa · February 12, 2018, 6:13am

Yes seems that the bug is still not solved.RouterOS is so buggy!

zelan · March 22, 2018, 1:00am

Im having a issue with ovpn as well, when the client connects its getting a /24 address range instead of a /31, it seem to be a issue only on v6.40.3 and above
Screenshot 2018-03-22 13.55.03.png