Skip to content
 

OpenVPN And PPP on Linux: VPN Traffic Forwarding Default Gateway Fix

Background

I use OpenVPN all the time and had the task of setting it up to function as the default gateway for an embedded linux machine that is using PPP with a USB 3G dongle.  The VPN connection worked great as always but for some reason I couldn’t get the traffic forwarded over the 3G line.  It worked fine when connected to an Ethernet line which was the first clue.

This fix assumes a working OpenVPN setup with broken traffic forwarding functionality via PPP.

PPP Anomaly

For some reason when PPP connects and is the sole outbound gateway the routing table works but the PPP default route has only the UH flags and no ‘G’ flag (for gateway).  When OpenVPN attempts to change default gateway it is unable to detect the PPP device due to the missing flag.

The Fix

I need to find the source for this.  I found this a couple years ago and it has served me well but I do not know the author.  It is a script to run after the PPP daemon comes up to add the ‘G’ flag to the default gateway in the routing table.  I have mine named 00000routefix and it lives in /etc/ppp/ip-up.d with executable permissions (auto run when PPP goes up).

#!/bin/bash

if [ $(ip route list exact default |
  awk '/^default/ {print $2}') = dev ];
then
         IF=$(ip route | awk '/^default/ {print $3}')
         GW=$(ip address show $IF |
         awk '/peer/ {print $4}' | cut -d"/" -f1)
         ip route replace default via $GW dev $IF
fi

Conclusion

The above works great for me and allows all traffic on the remote box to be securely forwarded and routed through our primary network.

Note:  The above has been tested on Debian and may require tweaks depending on command output differences.

Leave a Reply