Page 1 of 1

Pinning a route to an openvpn endpoint?

Posted: Sun Aug 31, 2014 9:25 pm
by sporkman
I can't quite figure out how to deal with this. I need to point a route back to the far end of an OpenVPN client.

I originally just manually added a route and selected the gateway from the dropdown. However I saw today that rancid sent me a config diff from one of my mikrotik routers that showed the route was pointing to "unknown" rather than the ovpn interface:
- add comment="push aws-connected ovpn client traffic back to aws" distance=1 dst-address=10.100.0.0/24 gateway=<ovpn-awstunnel>
+ add comment="push aws-connected ovpn client traffic back to aws" distance=1 dst-address=10.100.0.0/24 gateway=(unknown)
When I logged-in to fix this, I saw that the ovpn connection must have dropped and reconnected and my old gateway, "ovpn-awstunnel" was gone, but a new one, "ovpn-awstunnel-1" was now present. Manually selecting the gateway from IP->Routes->edit made everything right again, but it appears this interface does not persist.

How do I work around this? The tunnel had been up for months, but I'm sure at some point it will drop and I'd rather not have to manually alter the route.

Re: Pinning a route to an openvpn endpoint?

Posted: Mon Sep 01, 2014 12:10 pm
by bds1904
Create a ovpn server binding for the associated user. That will make it so the name never changes even if there is a short drop.

Re: Pinning a route to an openvpn endpoint?

Posted: Tue Nov 15, 2016 8:58 pm
by sporkman
I'm resurrecting my old thread as the "create server binding for a user" does not seem to work. Each time the VPN connection drops, I have to ssh in to the box from somewhere allowed and then manually re-point the static route to the OpenVPN interface.

I do have the user for this incoming client bound to the OpenVPN server interface:
#
/interface ovpn-server
add name=ovpn-tunnel-aws user=awstunnel
/interface ovpn-server server
set certificate=cert_2 default-profile=openvpn-aws enabled=yes

#
/ppp profile
add local-address=ovpn name=openvpn-aws remote-address=ovpn
/ppp secret
add name=awstunnel password=PASS profile=openvpn-aws service=ovpn
What am I missing here?