We recently setup a Windows tablet to allow a customer remote access using OpenVPN. “While we were there” the customer asked if we could setup his Mac so he could connect from home. Adding a Mac is a pretty easy using Tunnel Brick. However we encountered an issue where the VPN would be created and we could ping the remote PC but after ~10seconds the VPN would say it’s still up however we could no longer ping.
Doing a bit of digging and the results of a netstat -r showed no route to the remote network (in this case 10.0.0.0/24) Adding the route using
Jamie-MacBook-Pro:~ jamie$ sudo route -n add 10.0.0.0/24 -interface tap0
would bring back connectivity. The issue was as soon as the VPN went down the route was removed so the command would have to be entered every time the VPN was brought up. After looking at the configuration on the server the block
# Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0"
was found. By adding
push "route 10.0.0.0 255.255.255.0"
the problem is solved. Why this affects Macs and Not PC’s I don’t know probably something to do with the way the TAP/TUN interface is brought up.