OpenVPN routes lost on DHCP lease renewal

Discussion in 'Linux Networking' started by Jan Thomä, Jun 4, 2009.

  1. Jan Thomä

    Jan Thomä Guest

    Hi,

    i have been working with OpenVPN for quite some time and have had
    little issues. I am now working in an environment where most of the
    OpenVPN routes are lost when the DHCP lease is renewed. This leads to a
    "network deadlock", as the OpenVPN server (10.8.0.1) is still set up as
    the default gateway, but all other routes have been removed, so the
    server is practically unreachable. I have to restart the VPN connection
    at that point. Since the lease is renewed every 10 minutes or so, VPN
    is quite unusable in this environment. Is there a way I can prevent the
    routes from being deleted when the lease is renewed, or do you know of
    a script which tracks if the routes are there and restores them once
    they disappear? Any help would be greatly appreciated.

    Kind regards,
    Jan
     
    Jan Thomä, Jun 4, 2009
    #1
    1. Advertisements

  2. Assuming a default Linux distribution, you're probably running the ISC
    dhclient. In this case, take a look at /sbin/dhclient-script and
    associated hooks (in Debian they are below /etc/dhcp3/). But there's
    also udhcpcd (embedded), dhcpcd (bsd) and network-manager has its own
    dhcp client, I believe. So: more info needed!

    If the openvpn routes are permanent (and you are running the ISC
    client), you might want to look into writing an exit hook for it so that
    they are reconfigured automatically, this can even be done based on a
    configuration parameter sent down from the server.

    That said, routes should only be deleted if the hosts IP address has
    changed. If they are deleted in case of a lease renewal as well, you
    might want to file a bug with your distribution.
    This is an ugly kludge, but you might want to try to write a pair of
    entry/exit hooks that save the routes on entry, and restore them on
    exit. This solution is probably so ugly that no one would admit to
    having written a script for it...


    Good luck,
    Arno
     
    Arno Schuring, Jun 14, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.