Ask Your Question

Revision history [back]

You should never use a tun device in your routing configs. If you bring up a more than one device you can't be sure that the kernel will always give you the same tun device for a VPN Link. You have to use IP addresses.

Almost all IPSEC/OpenVPN etc servers use DHCP to allocate both random and fixed client IP Addresses. Also most network admins will set the config option to push default route. Without some detective work you not going to know what the VPN server is sending or how its networks are configured.

You need to treat this problem not as a VPN issue but an IP routing issue and command netstat -nr is your friend.

Here is a example:

First thing is to do a netstat -nr so you can see the Kernel IP routing table before you activate the VPN. image description

Next I configure the VPN GUI like this :- image description

Now I am going to activate the VPN from the GUI and do another netstat -nr image description

So now from netstat we can learn the following about the server and the dhcp settings

On the second line we see destination 10.255.254.0 gateway 0.0.0.0 genmask 255.255.255.0 dveice tun0 and we know that the subnet for dhcp network is 255.255.255.0 and the IP range is 10.255.254.1 to 10.225.254.254

Next we need to know is what the default gateway for this network is, and line five tells us as I now the 172.30.254.0 network is a remote network and the gateway for this network is 10.255.254.1

Now we know that the VPN network has the following properties :- Network 10.255.254.0 Broadcats 10.255.254.255 Default GW 10.255.254.1

Now regardless of tun device (tun0, tun1, tun2 etc) it will always have this IP network so we can now configure the vpn.

So now the GUI will look like :- image description

Bring it up and test it.

All should work regarless of the number of VPN's in use or tun

Hope this help

reclusivegeek