Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ERROR: FreeBSD route add command failed

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wmcneil
      last edited by

      ERROR: FreeBSD route add command failed

      I have created a pfSense OpenVPN Client, which I am connecting to a Asus router that is running an OpenVPN Server:

      client local subnet: 10.55.83.0/24
      tunnel network: 10.8.0.0/24
      server (remote) network: 192.168.2.0/24

      Here is a snip from the log file:

      /sbin/ifconfig ovpnc2 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
      /usr/local/sbin/ovpn-linkup ovpnc2 1500 1545 10.8.0.6 10.8.0.5 init
      openvpn 31875 ERROR: FreeBSD route add command failed: external program exited with error status: 1)

      Here are the relative entries from the routing table. I think the 10.8.0.1/32 row is causing an address conflict with the next two rows, but I don't know how to fix it? Thank you in advance for any help:

      Destination Gateway Flags Use Mtu Netif
      10.8.0.1/32 10.8.0.5 UGS 0 1500 ovpnc2
      10.8.0.5 link#15 UH 0 1500 ovpnc2
      10.8.0.6 link#15 UHS 0 16384 lo0

      W 1 Reply Last reply Reply Quote 0
      • W
        wmcneil @wmcneil
        last edited by

        I did some more experimenting. The OpenVPN server is sending the following:

        Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 PUSH: Received control message: 'PUSH_REQUEST'
        Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0' (status=1)

        I am assuming the "route 10.8.0.1" part of the string above, is what is causing the 10.8.0.1/32 routing table entry. I don't understand why the server is sending this, as the "ifconfig 10.8.0.6 10.8.0.5," part of the string is specifying 10.8.0.6 as the client IP, so 10.8.0.1 should not be needed?

        I attempted to workaround this as follows: By changing the client VPN configuration to include a check for the "don't pull routes" option, the route "10.8.0.1/32 10.8.0.5" is no longer present. I manually added a static route of "10.8.0.0/24 10.8.0.5". This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server. I am stuck, any help appreciated.

        10.8.0.0/24 10.8.0.5 UGS 0 1500 ovpnc2
        10.8.0.5 link#15 UH 490 1500 ovpnc2
        10.8.0.6 link#15 UHS 0 16384 lo0
        192.168.2.0/24 10.8.0.5 UGS 550 1500 ovpnc2

        V 1 Reply Last reply Reply Quote 0
        • V
          viragomann @wmcneil
          last edited by

          @wmcneil
          Seems to be something wrong in the server config.

          @wmcneil said in ERROR: FreeBSD route add command failed:

          This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server.

          Ensure that the destination device allows the access. For testing shut down its firewall (reboot if it's Windows!).

          W 1 Reply Last reply Reply Quote 0
          • W
            wmcneil @viragomann
            last edited by

            @viragomann I can access the destination when I use other OpenVPN client machines (including windows and android), so it is not a permissions things.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.