OpenVPN No Connectivity on Mac OSX

We recently setup a Windows tablet to allow a customer remote access using OpenVPN. “While we were there” the customer asked if we could setup his Mac so he could connect from home. Adding a Mac is a pretty easy using Tunnel Brick. However we encountered an issue where the VPN would be created and we could ping the remote PC but after ~10seconds the VPN would say it’s still up however we could no longer ping.

Doing a bit of digging and the results of a netstat -r showed no route to the remote network (in this case Adding the route using

Jamie-MacBook-Pro:~ jamie$ sudo route -n add -interface tap0

would bring back connectivity. The issue was as soon as the VPN went down the route was removed so the command would have to be entered every time the VPN was brought up. After looking at the configuration on the server the block

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (
# back to the OpenVPN server.
;push "route"
;push "route"

was found. By adding

push "route"

the problem is solved. Why this affects Macs and Not PC’s I don’t know probably something to do with the way the TAP/TUN interface is brought up.

Netflow Setup with Ntop

I was always surprised when working for an ISP clients would ring and ask why they have gone over their quota. These aren’t home users many of these were major corporations spanning several sites with equipment several of our datacentres. Even in small networks it is important to know what data is traversing your network even if it is just to know who is running bit torrent and slowing everyone’s internet down. But it also has many more uses then that. It is a great way to detect anomalies in your network which most often are caused by Virus/Malware/Trogens all the fun stuff.

