Thanks Kyle, that did the trick. I used the up script from http://openbsd-archive.7691.n7.nabble.com/ratble-and-rdomain-support-on-dhcpd-and-openvpn-tp300260p300262.html which pushed the correct default route. There seems to be an issue on boot with the VLAN pushing its own default route but I believe that's because it happens earlier than the OpenVPN connection.
On 29 April 2018 3:13:28 pm AEST, Kyle <arad...@tma-0.net> wrote: >On Saturday, April 28, 2018 8:09:32 PM CDT z...@znedw.com wrote: >> Hi all, >> >> I'm trying to configure a TUN interface in a separate rdomain, so >that my >> default route is not via the VPN, and only a specific subnet will use >> the TUN connection on the way out. >> >> The OpenVPN connection is established ok via my default gateway on >em1 (this >> is my internet connection), however, once I add the TUN interface to >> another rdomain, I'm unable to manually push the routes from the VPN >server >> in with route -TX add x.x.x.x x.x.x.x. >> >> I'm unable to ping anything on the internet via route -TX exec. >> With PF allowing all connections I am still unable to access the >> internet on rdomain 2. I've uploaded config files at the link below. >Any >> assistance would be greatly appreciated. >> >> https://gist.github.com/zachnedwich/208bcaac3bcdb15e2f5ab5737db8c2d2 >> >> Thank-you, >> Zach Nedwich > >What does the routing table for rdomain 2 look like (route -T2 -n >show)? Does >it have a default route? To set routes pushed from the server in that >rdomain, >you might need to use up/down scripts on the client (commented lines at >the >bottom of your pia.ovpn). > >I'm using a very similar config: > >$ cat /etc/hostname.tun0 > >up >rdomain 1 >!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/config.ovpn > >$ ifconfig tun0 >tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> rdomain 1 mtu 1500 > index 13 priority 0 llprio 3 > groups: tun > status: active > inet 10.8.8.9 --> 10.8.8.1 netmask 0xffffff00 > >$ route -T1 -n show >Routing tables > >Internet: >Destination Gateway Flags Refs Use Mtu Prio >Iface >default 10.8.8.1 UGS 25293 27087073 - 8 >tun0 >10.8.8.1 10.8.8.9 UHh 1 1 - 8 >tun0 >10.8.8.9 10.8.8.9 UHl 0 47965 - 1 >tun0 >127.0.0.1 127.0.0.1 UHl 0 6462016 32768 1 >lo1
