OpenVPN: the No route to host and ERR_ADDRESS_UNREACHABLE errors – the cause and a solution

By | 10/14/2019

We have an OpenVPN Access Server running, see its setup in the OpenVPN: OpenVPN Access Server set up and AWS VPC peering configuration post.

The VPN server is hosted in a first AWS VPC, while a Bitwarden service – in another one VPC.

Between those VPCs we have a VPC peering configured, and the OpenVPN has to route traffic between users and the Bitwarden host.

The problem is that if try to access the Bitwarden host (see the Bitwarden: an organization’s password manager self-hosted version installation on an AWS EC2 post about its setup) – we have the”ERR_ADDRESS_UNREACHABLE/No route to host” error:

curl: (7) Failed to connect to port 443: No route to host

Check the IP of the Bitwarden’s URL:

dig +short
ec2-63-***-*** – okay, it is resolved to a private IP, all good here (see the AWS: VPC peering DNS resolution and DNS settings for OpenVPN Access Server for details about DNS resolution setup).

Now, check the NAT rules in the OpenVPN server admin page – do we have a route to the network:

Okay – the route is added.

Check a local route table:

route -n | grep   UG    101    0        0 tun0   UG    101    0        0 tun0   UG    101    0        0 tun0   UG    101    0        0 tun0   UG    101    0        0 tun0   UG    101    0        0 tun0

And here is our route – looks good? But still doesn’t work.

Check the hosts in this network:

Address:          10101100.00011111.0001 0000.00000000
Netmask: = 20   11111111.11111111.1111 0000.00000000
Wildcard:           00000000.00000000.0000 1111.11111111
Network:       10101100.00011111.0001 0000.00000000
HostMin:          10101100.00011111.0001 0000.00000001
HostMax:        10101100.00011111.0001 1111.11111110
Broadcast:        10101100.00011111.0001 1111.11111111
Hosts/Net: 4094                  Class B, Private Internet

And pay attention to the HostMax:, while our Bitwarden host hosted in the subnet.

So, the solution could be to set a, subnet in the OpenVPN AS NAT routes, or to use

Set it to the, re-connect and check local routes now:

route -n | grep
...   UG    101    0        0 tun0

Try with the curl:

curl -I
HTTP/1.1 200 OK
Server: nginx/1.10.3