SSL VPN issue on linux OS

Hi everyone,

I hope this is the right place to ask this question. If not feel free to notify me or move that discussion on the right place!

We have an issue with SSL VPN setup on linux operating systems.

We've setup the VPN and all the Windows clients work flawlessly. People using W7/10 can successfully connect to the VPN and access remotely to the network resources.

Things get a little bit more complicated on linux. We have tested and failed to setup on Ubuntu 20.04 / 18.04 (both LTS) and on Arch/manjaro

After downloading the configuration, we tried to setup the vpn using the CLI and the command : `sudo openvpn --config config.ovpn`

However, we always get the same error :

```

2021-02-12 19:25:45 Using peer cipher 'AES-128-CBC'
2021-02-12 19:25:45 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-02-12 19:25:45 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-02-12 19:25:45 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-02-12 19:25:45 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-02-12 19:25:45 net_route_v4_best_gw query: dst 0.0.0.0
2021-02-12 19:25:45 net_route_v4_best_gw result: via 10.0.0.1 dev wlp3s0
2021-02-12 19:25:45 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=wlp3s0 HWADDR=b4:6b:fc:53:44:7c
2021-02-12 19:25:45 TUN/TAP device tun0 opened
2021-02-12 19:25:45 net_iface_mtu_set: mtu 1500 for tun0
2021-02-12 19:25:45 net_iface_up: set tun0 up
2021-02-12 19:25:45 net_addr_v4_add: 10.21.118.1/24 dev tun0
2021-02-12 19:25:49 net_route_v4_add: 185.132.67.4/32 via 10.0.0.1 dev [NULL] table 0 metric -1
2021-02-12 19:25:49 net_route_v4_add: 0.0.0.0/1 via 10.21.118.0 dev [NULL] table 0 metric -1
2021-02-12 19:25:49 sitnl_send: rtnl: generic error (-22): Invalid argument
2021-02-12 19:25:49 ERROR: Linux route add command failed
2021-02-12 19:25:49 net_route_v4_add: 128.0.0.0/1 via 10.21.118.0 dev [NULL] table 0 metric -1
2021-02-12 19:25:49 sitnl_send: rtnl: generic error (-22): Invalid argument
2021-02-12 19:25:49 ERROR: Linux route add command failed
2021-02-12 19:25:49 net_route_v4_add: 185.132.67.4/32 via 10.0.0.1 dev [NULL] table 0 metric -1
2021-02-12 19:25:49 net_route_v4_add: 185.132.67.4/32 via 10.0.0.1 dev [NULL] table 0 metric -1
2021-02-12 19:25:49 Initialization Sequence Completed

```

Setup is then complete but remote network resources are not accessible.

MTU is checked and matches on both side.

The error is the same as in this thread https://support.sophos.com/support/s/article/KB-000039342?language=en_US However the proposed fix does not work.

Error is triggered by the route command in the .ovpn file : `route remote_host 255.255.255.255 net_gateway`. Naturally, commenting it "fix" the error but resources are still not accessible (which is obvious as no routes are added). Running `nmcli connection import type openvpn file config.ovpn` returns a syntax error `configuration error: unsupported 1th argument remote_host to “route” (line 6).`

Trying to use the GUI in the network manager is the same. It failes to import the raw file (we must manually extract the keys and put them into dedicated files)

Does anyone has ever met this issue? This is really strange as the VPN works correctly on all windows clients.

Thank you for your help !



Edited TAGs
[edited by: emmosophos at 7:49 PM (GMT -8) on 16 Feb 2021]