Openvpn Routes are not adding to the server when client is connecting

[emoxam]

Can't find out why routes are not adding.
Here's my configs

cat /etc/openvpn/ccd/kostroma

    ifconfig-push 192.168.200.38 255.255.255.0
    iroute 10.1.0.0 255.255.255.0
    iroute 10.1.3.0 255.255.255.0
    iroute 10.1.4.0 255.255.255.0
    iroute 10.1.0.0 255.255.0.0

cat /etc/openvpn/server.conf

    ...
    route 10.1.0.0 255.255.255.0
    route 10.1.3.0 255.255.255.0
    route 10.1.4.0 255.255.255.0
    route 10.1.0.0 255.255.0.0
    user root
    group root
    ...

tail -f openvpn.log | grep kostro

    2024-06-26 11:59:22 kostroma/85.26.211.200:55610 SIGTERM[soft,delayed-exit] received, client-instance exiting
    2024-06-26 11:59:23 85.26.211.200:58054 VERIFY OK: depth=0, CN=kostroma
    2024-06-26 11:59:23 85.26.211.200:58054 [kostroma] Peer Connection Initiated with [AF_INET]85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI_sva: pool returned IPv4=192.168.200.3, IPv6=(Not enabled)
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/kostroma
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: Learn: 192.168.200.38 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: primary virtual IP for kostroma/85.26.211.200:58054: 192.168.200.38
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: internal route 10.1.0.0/16 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: Learn: 10.1.0.0/16 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: internal route 10.1.4.0/24 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: Learn: 10.1.4.0/24 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: internal route 10.1.3.0/24 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: Learn: 10.1.3.0/24 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: internal route 10.1.0.0/24 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 MULTI: Learn: 10.1.0.0/24 -> kostroma/85.26.211.200:58054
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 Data Channel: using negotiated cipher 'AES-128-GCM'
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
    2024-06-26 11:59:23 kostroma/85.26.211.200:58054 SENT CONTROL [kostroma]: 'PUSH_REPLY,topology subnet,dhcp-option DNS 172.16.10.1,dhcp-option DNS 172.16.10.2,route 172.16.10.0 255.255.255.0,route 172.16.11.0 255.255.255.0,route 172.22.22.0 255.255.255.0,route-gateway 192.168.200.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.200.38 255.255.255.0,peer-id 4,cipher AES-128-GCM' (status=1)

ip r

    default via 172.16.10.254 dev ens18 proto static
    172.16.2.0/24 via 172.16.10.81 dev ens18 proto static
    172.16.10.0/24 dev ens18 proto kernel scope link src 172.16.10.177
    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
    192.168.188.0/24 via 172.16.10.254 dev ens18 proto static
    192.168.189.0/24 via 172.16.10.254 dev ens18 proto static
    192.168.200.0/24 dev tun0 proto kernel scope link src 192.168.200.1

Why there is no routes from /etc/openvpn/ccd/kostroma ? Is it because of (status=1) ? (status=1) it is bad ?
Thank

[emoxam]

Is it about https://openvpn.net/community-resources/how-to/#security ?
We have
openvpn --version

OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=yes with_sysroot=no

mention enable_iproute2=no
maybe that's why route is not working ?

[Sy3Omda]

Hi @emoxam
did you manage to find a solution !

[emoxam]

Hi @Sy3Omda
No.

[wibsea]

try in /etc/openvpn/server.conf
push "route 10.1.0.0 255.255.255.0"
push "route 10.3.0.0 255.255.255.0"
...
etc