Messages

Thanks for posting this! I had the same issue, it seems to persist regardless of the new "instance" vs the legacy system.

In my case, I had to disable the route that existed (apparently it was conflicting). I had created an interface on top of the OpenVPN connection and that was doing weird stuff.

This isn't quite what my setup is. I have two different networks in addition to the main one. I can make your setup work by forcing the one remote network to have the x.x.x.2 address, and letting the other mobile clients just take the higher ips. The problem is when I want to route a third subnet to a different vpn client ip.

Also yes I am using OpenVPN and not WireGuard, so it's possible that this is an OpenVPN-specific bug. But honestly it could be common across both, because your setup described seems like you're only routing to 10.8.0.2/32 which always works for me.

I have an OpenVPN server set up in one location, and 2 remote sites that I am trying to set up a site-to-site with.

Server Settings:
Tunnel Network: 10.x.x.0/24
Local Network: 192.168.x.0/24
Remote Network: 192.168.y.0/24,192.168.z.0/24

Client Specific Overrides:
Client Y:
Tunnel Network:
Local Network:
Remote Network: 192.168.y.0/24

Client Z:
Tunnel Network:
Local Network:
Remote Network: 192.168.z.0/24

OpenVPN Connection Status:
Laptop Virtual Address: 10.x.x.2
Client Y Virtual Address: 10.x.x.3
Client Z Virtual Address: 10.x.x.4

However, when I look at the routing table, I see the following:
Destination: 192.168.y.0/24 Gateway: 10.x.x.2 (wrong, should be .3)
Destination: 192.168.z.0/24 Gateway: 10.x.x.2 (wrong, should be .4)

This is despite the fact that neither one of them use 10.x.x.2 as their ip address. If I FORCE one of the remote sites to use 10.x.x.2 (using "ifconfig-push 10.x.x.2 255.255.255.0"), it works for that one. But of course I cannot force both of my Sites to use the same tunnel address. I have also tried overriding the tunnel address but that doesn't work either.

This seems like it has to be a bug. Either the route builder is pulling the ip address from the wrong place, or it should be routing those subnets to the OpenVPN server at 10.x.x.1 instead to hand off routing.