[OpenVPN] - Exiting due to fatal error
-
I'm having a hard time trying to configure Pfsense's OpenVpn-client to connect to ExpressVPN.
Everything should be configured the correct way if i'm not mistaken, but i do see this error message in the log and i can't get an IP add.I for sure hope some of your guys knows what is going on here, because i don't :(
openvpn 93023 FreeBSD ifconfig failed: external program exited with error status: 1 Oct 11 19:39:39 openvpn 93023 /sbin/ifconfig ovpnc1 10.21.3.174 10.21.3.173 mtu 1500 netmask 255.255.255.255 up Oct 11 19:39:39 openvpn 93023 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Oct 11 19:39:39 openvpn 93023 TUN/TAP device /dev/tun1 opened Oct 11 19:39:36 openvpn 93023 [Server] Peer Connection Initiated with [AF_INET]173.244.55.58:1195 Oct 11 19:39:36 openvpn 93023 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic' Oct 11 19:39:36 openvpn 93023 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606' Oct 11 19:39:36 openvpn 93023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Oct 11 19:39:36 openvpn 93023 UDPv4 link remote: [AF_INET]173.244.55.58:1195 Oct 11 19:39:36 openvpn 93023 UDPv4 link local (bound): [AF_INET]xx.xxx.xx.xxx Oct 11 19:39:36 openvpn 93023 Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file Oct 11 19:39:36 openvpn 93023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 11 19:39:36 openvpn 93023 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Oct 11 19:39:36 openvpn 92936 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Oct 11 19:39:36 openvpn 92936 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09 Oct 11 19:39:36 openvpn 92936 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016 Oct 11 19:36:26 openvpn 66148 Exiting due to fatal error Oct 11 19:36:26 openvpn 66148 FreeBSD ifconfig failed: external program exited with error status: 1 Oct 11 19:36:26 openvpn 66148 /sbin/ifconfig ovpnc1 10.21.3.174 10.21.3.173 mtu 1500 netmask 255.255.255.255 up Oct 11 19:36:26 openvpn 66148 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Oct 11 19:36:26 openvpn 66148 TUN/TAP device /dev/tun1 opened Oct 11 19:36:24 openvpn 66148 [Server] Peer Connection Initiated with [AF_INET]173.244.55.58:1195 Oct 11 19:36:24 openvpn 66148 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic' Oct 11 19:36:24 openvpn 66148 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606' Oct 11 19:36:23 openvpn 66148 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Oct 11 19:36:23 openvpn 66148 UDPv4 link remote: [AF_INET]173.244.55.58:1195 Oct 11 19:36:23 openvpn 66148 UDPv4 link local (bound): [AF_INET]xx.xxx.xx.xxx Oct 11 19:36:23 openvpn 66148 Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file Oct 11 19:36:23 openvpn 66148 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 11 19:36:23 openvpn 66148 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Oct 11 19:36:23 openvpn 66062 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Oct 11 19:36:23 openvpn 66062 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09 Oct 11 19:36:23 openvpn 66062 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
-
Oct 11 19:36:26 openvpn 66148 /sbin/ifconfig ovpnc1 10.21.3.174 10.21.3.173 mtu 1500 netmask 255.255.255.255 up Oct 11 19:36:26 openvpn 66148 FreeBSD ifconfig failed: external program exited with error status: 1
That means it could not apply that IP address to the OpenVPN interface. Do you have a network that might already overlap that subnet or IP address? Check Status > Interfaces and Diagnostics > Routes.
-
I can see that it uses 10.21.3.141 and i have an OpenVPN Server running on 10.0.3.x could that be the issue here?
-
copy/paste your routing table here. (remove or modify your public ip adresses of wan)
-
Here is a copy of my Routes (Didn't thhought the forum was that helpfull ;) )
Destination Gateway Flags Use Mtu Netif Expire 0.0.0.0/1 10.21.3.145 UGS 0 1500 ovpnc1 default xx.xxx.xx.xxx UGS 166894 1500 em0 4.2.2.3 xx.xxx.xx.xxx UGHS 3 1500 em0 10.0.1.0/24 link#1 U 4025931 1500 re0 10.0.1.1 link#1 UHS 0 16384 lo0 10.0.2.0/24 link#3 U 242129 1500 em1 10.0.2.1 xx.xxx.xx.xxx UGHS 0 16384 em0 10.0.3.0/24 10.0.3.1 UGS 0 1500 ovpns2 10.0.3.1 link#10 UHS 0 16384 lo0 10.0.3.2 link#10 UH 0 1500 ovpns2 10.21.0.1/32 10.21.3.145 UGS 0 1500 ovpnc1 10.21.3.145 link#11 UH 38 1500 ovpnc1 10.21.3.146 link#11 UHS 0 16384 lo0 xx.xxx.xx.xxx/30 link#2 U 107212 1500 em0 xx.xxx.xx.xxx link#2 UHS 0 16384 lo0 127.0.0.1 link#8 UH 838 16384 lo0 128.0.0.0/1 10.21.3.145 UGS 2 1500 ovpnc1 173.244.55.11/32 xx.xxx.xx.xxx UGS 36 1500 em0 208.67.222.222 xx.xxx.xx.xxx UGHS 13 1500 em0
-
What's on .145? Are those static routes?
Remove all unneeded 10.21.3.x configuration.
Stop ovpnc1 and check routing table again for differences -
So I stopped my OpenVPN server and my routing tables looked like this
default xx.xxx.xx.xxx UGS 354394 1500 em0 4.2.2.3 xx.xxx.xx.xxx UGHS 3 1500 em0 10.0.1.0/24 link#1 U 9835635 1500 re0 10.0.1.1 link#1 UHS 0 16384 lo0 10.0.2.0/24 link#3 U 428520 1500 em1 10.0.2.1 xx.xxx.xx.xxx UGHS 0 16384 em0 xx.xxx.xx.xxx/30 link#2 U 206541 1500 em0 xx.xxx.xx.xxx link#2 UHS 0 16384 lo0 127.0.0.1 link#8 UH 1542 16384 lo0 208.67.222.222 xx.xxx.xx.xxx UGHS 15 1500 em0
and started the OpenVPN client without any luck.
0.0.0.0/1 10.21.3.185 UGS 4 1500 ovpnc1 default xx.xxx.xx.xxx UGS 354728 1500 em0 4.2.2.3 xx.xxx.xx.xxx UGHS 3 1500 em0 10.0.1.0/24 link#1 U 9836394 1500 re0 10.0.1.1 link#1 UHS 0 16384 lo0 10.0.2.0/24 link#3 U 429113 1500 em1 10.0.2.1 xx.xxx.xx.xxx UGHS 0 16384 em0 10.21.0.1/32 10.21.3.185 UGS 0 1500 ovpnc1 10.21.3.185 link#11 UH 68 1500 ovpnc1 10.21.3.186 link#11 UHS 0 16384 lo0 xx.xxx.xx.xxx/30 link#2 U 206881 1500 em0 xx.xxx.xx.xxx link#2 UHS 0 16384 lo0 127.0.0.1 link#8 UH 1551 16384 lo0 128.0.0.0/1 10.21.3.185 UGS 134 1500 ovpnc1 173.244.55.5/32 xx.xxx.xx.xxx UGS 169 1500 em0 208.67.222.222 xx.xxx.xx.xxx UGHS 19 1500 em0
do you mean 10.0.3.145? In that case my guess is that it is the virtual IP i get from the client, so it shouldn't be static.
I haven't configured anything regarding 10.21.3.xxx