PfSense OpenVPN as a client is not persistent and complains of "route add" fail
-
Hi Everyone,
I have just setup pfSense 1.2.3 to connect to a CentOS OpenVPN server. It connects and both sides clients have access to each other. However, in System Log > OpenVPN I see this which worries me:
Apr 17 22:43:03 openvpn[21428]: LZO compression initialized Apr 17 22:43:03 openvpn[21429]: UDPv4 link local (bound): [undef]:1194 Apr 17 22:43:03 openvpn[21429]: UDPv4 link remote: 66.77.88.99:11194 Apr 17 22:43:03 openvpn[13333]: SIGTERM[hard,] received, process exiting Apr 17 22:43:04 openvpn[21429]: [192-168-20-50] Peer Connection Initiated with 66.77.88.99:11194 Apr 17 22:43:05 openvpn[21429]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: topology (2.0.6) Apr 17 22:43:05 openvpn[21429]: gw 10.10.9.1 Apr 17 22:43:05 openvpn[21429]: TUN/TAP device /dev/tun0 opened Apr 17 22:43:05 openvpn[21429]: /sbin/ifconfig tun0 172.16.14.6 172.16.14.5 mtu 1500 netmask 255.255.255.255 up Apr 17 22:43:05 openvpn[21429]: /etc/rc.filter_configure tun0 1500 1558 172.16.14.6 172.16.14.5 init Apr 17 22:43:08 openvpn[21429]: ERROR: FreeBSD route add command failed: shell command exited with error status: Apr 17 22:43:08 openvpn[21429]: Initialization Sequence Completed
1- Notice second last line how pfSense complains of not being able to do a "route add"? I have seen that happening before on Windows Vista where there is no administration privilege. Is this a bug?
2- Despite putting this line in the "Custom Options" setting section of the client my tunnel is not presistent:
persist-key;persist-tun;resolv-retry infinite
This works fine when using OpenVPN client from windows and reconnect happens if OpenVPN server is down for a second or so but it doesn't seem to give me that presistency when putting it as an option on pfSense client side.
Is there anything I can do to fix this?
Thanks
-
What does the server config look like?
-
I don't think that matters as I have tested this on Windows with OpenVPN client and adding presistent tunnel actually gives me retries if connection drops without any changes to server config. But here it is:
port 1194
proto udp
dev tun
ca ca.crt
cert key1.crt
key key2.key
dh dh1024.pem
server 172.16.14.0 255.255.255.0
push "route 172.16.14.0 255.255.255.0"
client-config-dir ccd
route 10.200.200.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
cipher AES-256-CBC
By the way do you know why this is:
Apr 17 22:43:08 openvpn[21429]: ERROR: FreeBSD route add command failed: shell command exited with error status:
Thanks
-
The route error generally only happens if you already have a route to the network that you're trying to get pushed from the server side.
-
Thank you very much for the input.
Okay, that makes sense as I have a perfectly fine connection. Maybe I should restart the router to confirm this 100% because the once restarted all routes will be lost.
So, what are you thoughts about:
"persist-key;persist-tun;resolv-retry infinite"Thanks,