Re: OpenVPN and rdomains

On Saturday, April 28, 2018 8:09:32 PM CDT zach@znedw.com wrote:
> Hi all,
>
> I'm trying to configure a TUN interface in a separate rdomain, so that my
> default route is not via the VPN, and only a specific subnet will use
> the TUN connection on the way out.
>
> The OpenVPN connection is established ok via my default gateway on em1 (this
> is my internet connection), however, once I add the TUN interface to
> another rdomain, I'm unable to manually push the routes from the VPN server
> in with route -TX add x.x.x.x x.x.x.x.
>
> I'm unable to ping anything on the internet via route -TX exec.
> With PF allowing all connections I am still unable to access the
> internet on rdomain 2. I've uploaded config files at the link below. Any
> assistance would be greatly appreciated.
>
> https://gist.github.com/zachnedwich/208bcaac3bcdb15e2f5ab5737db8c2d2
>
> Thank-you,
> Zach Nedwich

What does the routing table for rdomain 2 look like (route -T2 -n show)? Does
it have a default route? To set routes pushed from the server in that rdomain,
you might need to use up/down scripts on the client (commented lines at the
bottom of your pia.ovpn).

I'm using a very similar config:

$ cat /etc/hostname.tun0
up
rdomain 1
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/config.ovpn

$ ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> rdomain 1 mtu 1500
index 13 priority 0 llprio 3
groups: tun
status: active
inet 10.8.8.9 --> 10.8.8.1 netmask 0xffffff00

$ route -T1 -n show
Routing tables

Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 10.8.8.1 UGS 25293 27087073 - 8 tun0
10.8.8.1 10.8.8.9 UHh 1 1 - 8 tun0
10.8.8.9 10.8.8.9 UHl 0 47965 - 1 tun0
127.0.0.1 127.0.0.1 UHl 0 6462016 32768 1 lo1