WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

OpenVPN Recursive routing detected

0 votes
4,731 views 5 comments
by
Hi

I use OpenVPN in a RUT240 device

when i get a disconnection with 4G network, the openvpn don't work after the 4G is up again

i see that the openvpn client try to reconnect but i get a "Recursive routing detected, drop tun packet to [...]" error.

i know why :

when the connection 4G is lost, the default route is not modified:

so routing is like:

root@Teltonika-RUT240:~# ip r s
0.0.0.0/1 via 10.10.0.1 dev tun_c_IPC
default via 10.65.113.202 dev wwan0
10.10.0.0/24 dev tun_c_IPC  proto kernel  scope link  src 10.10.0.2
10.65.113.200/30 dev wwan0  proto kernel  scope link  src 10.65.113.201
10.65.113.202 dev wwan0  proto static  scope link  src 10.65.113.201
128.0.0.0/1 via 10.10.0.1 dev tun_c_IPC
192.168.10.110 via 10.65.113.202 dev wwan0
192.168.11.0/24 dev br-lan  proto kernel  scope link  src 192.168.11.4
194.51.3.56 via 10.65.113.202 dev wwan0

if i add a route to the vpn server using wwan0 as gateway, it works again!

PULIC_IP_OF_VPN via 10.65.113.202 dev wwan0

i tried to add this route using static routes, but each time i get a disconnection, the route is deleted...

how can i be sure that this static route will not be deleted, or at least the openvpn route is deleted when the connection is lost ?

2 Answers

0 votes
by

Hi

thanks for the answer

i'm running with RUT2XX_R_00.01.05.1 

the openvpn client is with TLS but no crypto

i added the route as static route, but it still deleted when the 4G connection is down.

For example, here are the route when everything works:

root@Teltonika-RUT240:~# ip r s
0.0.0.0/1 via 10.10.0.1 dev tun_c_IPC
default via 10.65.113.202 dev wwan0
10.10.0.0/24 dev tun_c_IPC  proto kernel  scope link  src 10.10.0.2
10.65.113.200/30 dev wwan0  proto kernel  scope link  src 10.65.113.201
10.65.113.202 dev wwan0  proto static  scope link  src 10.65.113.201
128.0.0.0/1 via 10.10.0.1 dev tun_c_IPC
176.31.xxx.yyy via 10.65.113.202 dev wwan0 <this is the static route i added through the GUI
192.168.10.110 via 10.65.113.202 dev wwan0
192.168.11.0/24 dev br-lan  proto kernel  scope link  src 192.168.11.4
194.51.3.56 via 10.65.113.202 dev wwan0
 

now, i remove the antenna, to force the GSM to get disconnected

and here is the route after it goes disconnected/reconnected through 4g;

Notice that the route to the VPN public ip has been removed...

root@Teltonika-RUT240:~# ip r s
0.0.0.0/1 via 10.10.0.1 dev tun_c_IPC
default via 10.65.22.4 dev wwan0
default via 10.65.22.4 dev wwan0  proto static  src 10.65.22.3
10.10.0.0/24 dev tun_c_IPC  proto kernel  scope link  src 10.10.0.2
10.65.22.0/29 dev wwan0  proto kernel  scope link  src 10.65.22.3
10.65.22.4 dev wwan0  proto static  scope link  src 10.65.22.3
128.0.0.0/1 via 10.10.0.1 dev tun_c_IPC
192.168.10.110 via 10.65.22.4 dev wwan0
192.168.11.0/24 dev br-lan  proto kernel  scope link  src 192.168.11.4
194.51.3.56 via 10.65.22.4 dev wwan0
 

Openvpn will not reconnect, because there is the default route to 0.0.0.0 via the openvpn (down) tunnel, and not more route to the server through wwan0 :(

in the openvpn log i can see:

Mon Mar 25 13:47:34 2019 us=384651 Recursive routing detected, drop tun packet to [AF_INET]176.31.xxx.yyy

this is because it cannot find the route to the public vpn address.

Best answer
by anonymous

I tried on latest release and seems working correctly.

Used settings bellow:

by

Strange

my settings are a bit different but i don't see any error in my settings :(

(i cant put the image, it's refused by the forum)

client
nobind
persist-key
persist-tun
auth sha1
ca /lib/uci/upload/cbid.openvpn.636C69656E745F495043.ca
cert /lib/uci/upload/cbid.openvpn.636C69656E745F495043.cert
cipher none
dev tun_c_IPC
keepalive 20 120
key /lib/uci/upload/cbid.openvpn.636C69656E745F495043.key
port 1195
proto udp
remote blabla.blablabla.bla
resolv-retry infinite
verb 5
log-append /var/log/openvpn.log
script-security 2
verb 4
txqueuelen 1000
mssfix 1300
fragment 1300
connect-retry 5 5

i don't add "remote ip address"

is it needed ?

to reproduce the problem i just need to do a "restart connection" from the mobile page.

i'm trying to upgrade to latest fw. i'll tell you if it works better

by

Nope. the problem persists :(

When connecting, here is what i see:

Mon Mar 25 15:39:43 2019 us=880569 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 1.1.1.1,dhcp-option DNS 8.8.8.8,route-gateway 10.10.0.1,topology subnet,ping 20,ping-restart 120,ifconfig 10.10.0.6 255.255.255.0,peer-id 4'
Mon Mar 25 15:39:43 2019 us=882028 OPTIONS IMPORT: timers and/or timeouts modified
Mon Mar 25 15:39:43 2019 us=882338 OPTIONS IMPORT: --ifconfig/up options modified
Mon Mar 25 15:39:43 2019 us=882500 OPTIONS IMPORT: route options modified
Mon Mar 25 15:39:43 2019 us=882648 OPTIONS IMPORT: route-related options modified
Mon Mar 25 15:39:43 2019 us=882799 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Mar 25 15:39:43 2019 us=882947 OPTIONS IMPORT: peer-id set
Mon Mar 25 15:39:43 2019 us=883102 OPTIONS IMPORT: adjusting link_mtu to 1628
Mon Mar 25 15:39:43 2019 us=883294 ******* WARNING *******: '--cipher none' was specified. This means NO encryption will be performed and tunnelled data WILL be transmitted in clear text over the network! PLEASE DO RECONSIDER THIS SETTING!
Mon Mar 25 15:39:43 2019 us=883550 Data Channel MTU parms [ L:1532 D:1300 EF:32 EB:406 ET:0 EL:3 AF:14/125 ]
Mon Mar 25 15:39:43 2019 us=885351 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 25 15:39:43 2019 us=885628 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Mar 25 15:39:43 2019 us=890749 TUN/TAP device tun_c_IPC opened
Mon Mar 25 15:39:43 2019 us=901738 TUN/TAP TX queue length set to 1000
Mon Mar 25 15:39:43 2019 us=902031 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Mar 25 15:39:43 2019 us=902387 /sbin/ifconfig tun_c_IPC 10.10.0.6 netmask 255.255.255.0 mtu 1500 broadcast 10.10.0.255
Mon Mar 25 15:39:43 2019 us=914276 /sbin/route add -net 176.31.xxx.yyy netmask 255.255.255.255 gw 10.65.26.197
Mon Mar 25 15:39:43 2019 us=932716 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.10.0.1
Mon Mar 25 15:39:43 2019 us=954888 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.10.0.1

OpenVPN add a route (which already exists as i added it as static route !)

and when it get disconnected, this route is removed :(

but the default route 0.0.0.0 is not removed.

i try adding pull-filter ignore "route 176" without success.

the server conf is:

port 1195
proto udp
dev tun
ca server/ca.crt
cert server/server.crt
key server/server.key
dh server/dh.pem
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
topology subnet
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
;client-to-client
duplicate-cn
keepalive 20 120
mssfix 1300
fragment 1300
ping-timer-rem
cipher none
ncp-disable
user nobody
group nobody
persist-key
persist-tun
log-append /var/log/openvpn-nocrypt.log
status openvpn-nocrypt-status.log
verb 4
explicit-exit-notify 1
txqueuelen 1000
 

by

 I was able to solve the problem by adding "remap-usr1 SIGHUP" in the openvpn client config

apparently, the route to the vpn server is not deleted by openvpn when the connection is lost, but by the modem itself.

because if i loose the 4g network, i can see that openvpn wait for XX secondes, and then try to delete the route, failing to do it


Mon Mar 25 16:41:41 2019 us=21583 Recursive routing detected, drop tun packet to [AF_INET]176.31.xxx.yyy
Mon Mar 25 16:41:54 2019 us=927012 [server] Inactivity timeout (--ping-restart), restarting
Mon Mar 25 16:41:54 2019 us=929296 TCP/UDP: Closing socket
Mon Mar 25 16:41:54 2019 us=930005 /sbin/route del -net 176.31.xxx.yyy netmask 255.255.255.255
route: SIOCDELRT: No such process
Mon Mar 25 16:41:54 2019 us=938105 ERROR: Linux route delete command failed: external program exited with error status: 1
Mon Mar 25 16:41:54 2019 us=938683 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Mon Mar 25 16:41:54 2019 us=946925 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Mon Mar 25 16:41:54 2019 us=955145 Closing TUN/TAP interface
Mon Mar 25 16:41:54 2019 us=955537 /sbin/ifconfig tun_c_IPC 0.0.0.0
Mon Mar 25 16:41:54 2019 us=968745 SIGHUP[soft,ping-restart] received, process restarting

with sighup, openvpn restart copmpletely and apparently it solve the issue. but for me there is a problem somewhere.

by anonymous
ok, thank you for your feedback.
0 votes
by anonymous
HI,

Which firmware release you are using?

Static key or TLS is used?

Have you tried to static route via router WebUI?