Reply

DHCP Gateway not assigned at remote end of OpenVPN brige. (Wired connection)

ithorne
Star

DHCP Gateway not assigned at remote end of OpenVPN brige. (Wired connection)

I've kept on persevering with is but I really do need help.

Reminder:

 

All connections are wired. For now WiFi is off

 

I want to BRIDGE to my home router.

  • Home (Primary) Server is a Netgear R7000 running the stock Netgear firmware (latest version 1.09) – it has an OpenVPN server on it which I am connecting to as a Bridge / TAP
  • IP address is 192.168.0.2/24 (watch the IP address it’s the wrong way round for most setups!) DHCP scope 192.168.0.3 to .99
  • This connects direct to my cable modem which is a dumb modem– not configured as a router.

 

Remote/Secondary router: TP-LINK running DD-WRT Firmware: DD-WRT v24-sp2 (03/25/13) std running DD-WRT OpenVPN Client

IP address 192.168.0.1 - connects via a remote ISPs router – intermediate network is 192.168.10.0/24

 

I have successfully created the bridge and can browse my network at the primary end no problem. I can’t however get off the network onto the internet at that end – and I need to.

 

I know I have a connection as devices at the remote/secondary end get an IP address in the primary  scope – but the gateway address is missing from client devices at the secondary end and nothing I have been able to do has been able to fix this.

 

This illustrates what I mean: (From a windows 10 laptop connected to the secondary router)

> Ipconfig /all

 

Ethernet adapter Ethernet:

 

Connection-specific DNS Suffix. :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 2C-60-0C-47-10-5E

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::2197:6f71:cfe3:c4a4%6(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : 09 August 2017 21:36:17

Lease Expires . . . . . . . . . . : 10 August 2017 21:36:17

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.0.2

DHCPv6 IAID . . . . . . . . . . . : 53239820

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-44-E2-D9-2C-60-0C-47-10-5E

DNS Servers . . . . . . . . . . . : 192.168.0.2

NetBIOS over Tcpip. . . . . . . . : Enabled

 

NB: No gateway (same happens on non-windows devices – not phones BTW)

 

The OpenVPN log from DD-WRT GUI is:

 

 

20170809 20:39:57 PUSH: Received control message: 'PUSH_REPLY route 192.168.0.0 255.255.255.0 route-delay 5 redirect-gateway def1 route-gateway dhcp ping 10 ping-restart 120'

20170809 20:39:57 OPTIONS IMPORT: timers and/or timeouts modified

20170809 20:39:57 OPTIONS IMPORT: route options modified

20170809 20:39:57 OPTIONS IMPORT: route-related options modified

20170809 20:39:57 ROUTE_GATEWAY 192.168.10.1/255.255.255.0 IFACE=vlan2 HWADDR=f8:1a:67:5a:ce:41

 

20170809 20:39:57 I TUN/TAP device tap1 opened

20170809 20:39:57 TUN/TAP TX queue length set to 100

 

20170809 20:40:02 /sbin/route add -net PUBLICIPHIDDEN netmask 255.255.255.255 gw 192.168.10.1

20170809 20:40:02 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.0.2

20170809 20:40:02 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.0.2

20170809 20:40:02 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.2

 

20170809 20:40:02 I Initialization Sequence Completed

 

I have HAD to add route-gateway 192.168.0.2 to the config – if I don’t the gw address defaults to 192.168.0.1!

 

route-gateway dhcp

 

doesn’t work ( the log complains about no gateway defined via route-gateway!!)

 

At this point I can browse the primary network but not get off it - most probably because there’s no gateway!

 

> ping 192.168.0.3

 

Pinging 192.168.0.3 with 32 bytes of data

Reply from 192.168.0.3: bytes=32 time=46ms TTL=64

Reply from 192.168.0.3: bytes=32 time=47ms TTL=64

Reply from 192.168.0.3: bytes=32 time=48ms TTL=64

Reply from 192.168.0.3: bytes=32 time=48ms TTL=64

 

Ping statistics for 192.168.0.3:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 48ms, Average = 47ms

 

> ping 8.8.8.8

 

Pinging 8.8.8.8 with 32 bytes of data

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

PING: transmit failed. General failure.

 

Ping statistics for 8.8.8.8:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

 

The final point is if I set this Windows Laptop to have a fixed IP address with same data as above but adding a gateway of 192.168.0.2 everything works as expected.

 

The bridge is working, DHCP/PING/Browse prove that so:

 

Why is the gateway not arriving from the primary network DHCP server?

Or is it arriving and getting deleted somewhere?

 

What other steps can I try?

 

This has clearly happened to other people before but there’s no definitive answer..

 

 

 

Here’s my config:

 

Primary Router (Netgear R7000)

Client1.ovpn from router:

 

client

dev tap

proto udp

dev-node NETGEAR-VPN

remote HIDDEN.ddns.net 12974

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

cipher AES-128-CBC

comp-lzo

verb 5

 

Secondary Router (TP-LINK running DD-WRT)

From a 30:30:30 reset!

(TP-LINK/DD-WRT DHCP IS OFF)

 

Enable OpenVPN CLIENT

 

SERVER IP/NAME DDNSNAME.ddns.net

PORT 12974

TUNNEL DEVICE TAP

TUNNEL PROTOCL UDP

ENCYPTION CYPHER AES-128 CBC

HASH ALOGORITHM SHA1

NSCERTTYPE VERIFICATION TICK BOX

 

ADVANCED OPTIONS ENABLE

 

TLS CIPHER AES-128 SHA

LZO COMPRESSION ADAPTIVE

NAT DISABLE

BRIDGE TAP TO BR0 ENABLE

 

 

 

 

ADD TO ADDITONAL CONFIG

 

verb 5

mute 10

route-gateway 192.168.0.2

 

CA CERT

 

-----BEGIN CERTIFICATE-----

SNIP

-----END CERTIFICATE-----

 

 

PUBLIC CLIENT KEY

 

-----BEGIN CERTIFICATE-----

SNIP

-----END CERTIFICATE-----

 

 

PRIVATE CLIENT KEY

 

-----BEGIN RSA PRIVATE KEY-----

 

 

[[snip]]

-----END RSA PRIVATE KEY-----

 

Thank you in anticipation

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 4
ithorne
Star

Re: DHCP Gateway not assigned at remote end of OpenVPN brige. (Wired connection)

I'm still struggling withthis - no gateway is assigned by DHCP server on my R7000.

 

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 2C-60-0C-47-10-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2197:6f71:cfe3:c4a4%6(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.15(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 17 August 2017 19:15:42
   Lease Expires . . . . . . . . . . : 19 August 2017 09:10:34
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.0.2
   DHCPv6 IAID . . . . . . . . . . . : 53239820
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-44-E2-D9-2C-60-0C-47-10-5E
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

 

 

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 2 of 4
TomS9
Tutor

Re: DHCP Gateway not assigned at remote end of OpenVPN brige. (Wired connection)

I'm having the same issue with my new R6220 and believe this is a bug in the OpenVPN server configuration on the router.  The VPN server should be supplying the client with its ip address, mask, and DEFAULT GATEWAY for the remote LAN, which the server can get via DHCP or from the "route-gateway" setting in the server config file.  I also tried "remote-gateway dhcp" in my client config and it didn't do anything (and I didn't expect it to).  That parameter is for the server.

 

So when the client doesn't get a gateway for the remote network, it produces the warning message seen in the client log.

 

Sat Nov 11 16:30:34 2017 us=273800 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Sat Nov 11 16:30:34 2017 us=273800 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.10.0

 

Problem for me is... When a network interface does not have a default gateway, Windows will classify the network as "Public" and apply all of the public firewall policies on traffic to/from the remote network, causing problems for some applications trying to use the tunnel.  Some things work, and some things don't.

 

I will be submitting a new topic on this issue in my section of the forum.  Hopefully the techies at Negear will see this and say "ah ha!"

 

 

Message 3 of 4
JamesGL
Master

Re: DHCP Gateway not assigned at remote end of OpenVPN brige. (Wired connection)

Hi TomS9,

 

Please post your issue under R6000 series board.

 

https://community.netgear.com/t5/R6000-Series-AC-WiFi-Routers/bd-p/home-wifi-routers-r6000-series

Message 4 of 4
Top Contributors
Discussion stats
  • 3 replies
  • 4277 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 6E