Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can someone tell me what this means?

    OpenVPN
    1
    1
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Helix26404
      last edited by

      The bolded line:

      Jan 13 16:17:16 openvpn[389]: Initialization Sequence Completed
      Jan 13 16:17:16 openvpn[389]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1
      Jan 13 16:17:05 openvpn[389]: [client10] Peer Connection Initiated with 24.162.113.x:2051
      Jan 13 16:17:02 openvpn[389]: TCPv4_SERVER link remote: 24.162.113.x:2051
      Jan 13 16:17:02 openvpn[389]: TCPv4_SERVER link local (bound): [undef]:1194
      Jan 13 16:17:02 openvpn[389]: TCP connection established with 24.162.113.x:2051
      Jan 13 16:16:23 openvpn[389]: Listening for incoming TCP connection on [undef]:1194
      Jan 13 16:16:23 openvpn[336]: /etc/rc.filter_configure tun0 1500 1544 172.16.40.1 172.16.40.2 init
      Jan 13 16:16:23 openvpn[336]: /sbin/ifconfig tun0 172.16.40.1 172.16.40.2 mtu 1500 netmask 255.255.255.255 up
      Jan 13 16:16:23 openvpn[336]: TUN/TAP device /dev/tun0 opened
      Jan 13 16:16:23 openvpn[336]: gw 75.13.22.118
      Jan 13 16:16:23 openvpn[336]: LZO compression initialized
      Jan 13 16:16:23 openvpn[336]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
      Jan 13 16:16:23 openvpn[336]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006

      The reason I ask is that I have a semi-working VPN set up. This is a site-to-site VPN. On the client side, each machine can see and "talk" to every machine on the server side.

      However, on the server-side, the only machine that can talk to the client machine subnet (192.168.1.0/24) is pfSense. No other machine can.

      It's almost as if pfSense isn't advertising the tun0 interface (172.16.40.0/24). Have a look at a snippet of my local routes:

      127.0.0.1 127.0.0.1 UH 0 0 16384 lo0
      172.16.10/24 link#1 UC 0 0 1500 bge0
      172.16.10.254 00:0f:b5:9f:95:d7 UHLW 3 0 1500 bge0 528
      172.16.20/24 172.16.10.254 UGS 0 467 1500 bge0
      172.16.30/24 172.16.10.254 UGS 0 1399 1500 bge0
      172.16.40.2 172.16.40.1 UH 1 5 1500 tun0
      192.168.1 172.16.40.2 UGS 0 233 1500 tun0

      As you can see, there is no route for the 172.16.40.0/24 network. There should be a local route for this network so that every other machine/router knows that the interface for 172.16.40.0/24 exists on the pfSense…it's almost as if pfSense isn't completely "aware" that the tun0 interface exists locally. When doing a traceroute, pfSense shoots the packets out the default gateway, which is my WAN interface. Obviously pfSense is dealing with the packets correctly, I just need a route here indicating locality.

      I am thinking the bolded logged comment above explains this but I don't know enough about FreeBSD to know what it means or how to manually add that route.

      Ideas?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.