Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [OpenVPN] - Exiting due to fatal error

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      notaduck
      last edited by

      I'm having a hard time trying to configure Pfsense's OpenVpn-client to connect to ExpressVPN.
      Everything should be configured the correct way if i'm not mistaken, but i do see this error message in the log and i can't get an IP add.

      I for sure hope some of your guys knows what is going on here, because i don't  :(

      	openvpn	93023	FreeBSD ifconfig failed: external program exited with error status: 1
      Oct 11 19:39:39	openvpn	93023	/sbin/ifconfig ovpnc1 10.21.3.174 10.21.3.173 mtu 1500 netmask 255.255.255.255 up
      Oct 11 19:39:39	openvpn	93023	do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Oct 11 19:39:39	openvpn	93023	TUN/TAP device /dev/tun1 opened
      Oct 11 19:39:36	openvpn	93023	[Server] Peer Connection Initiated with [AF_INET]173.244.55.58:1195
      Oct 11 19:39:36	openvpn	93023	WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
      Oct 11 19:39:36	openvpn	93023	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
      Oct 11 19:39:36	openvpn	93023	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Oct 11 19:39:36	openvpn	93023	UDPv4 link remote: [AF_INET]173.244.55.58:1195
      Oct 11 19:39:36	openvpn	93023	UDPv4 link local (bound): [AF_INET]xx.xxx.xx.xxx
      Oct 11 19:39:36	openvpn	93023	Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
      Oct 11 19:39:36	openvpn	93023	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Oct 11 19:39:36	openvpn	93023	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Oct 11 19:39:36	openvpn	92936	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
      Oct 11 19:39:36	openvpn	92936	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
      Oct 11 19:39:36	openvpn	92936	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
      Oct 11 19:36:26	openvpn	66148	Exiting due to fatal error
      Oct 11 19:36:26	openvpn	66148	FreeBSD ifconfig failed: external program exited with error status: 1
      Oct 11 19:36:26	openvpn	66148	/sbin/ifconfig ovpnc1 10.21.3.174 10.21.3.173 mtu 1500 netmask 255.255.255.255 up
      Oct 11 19:36:26	openvpn	66148	do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Oct 11 19:36:26	openvpn	66148	TUN/TAP device /dev/tun1 opened
      Oct 11 19:36:24	openvpn	66148	[Server] Peer Connection Initiated with [AF_INET]173.244.55.58:1195
      Oct 11 19:36:24	openvpn	66148	WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
      Oct 11 19:36:24	openvpn	66148	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
      Oct 11 19:36:23	openvpn	66148	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Oct 11 19:36:23	openvpn	66148	UDPv4 link remote: [AF_INET]173.244.55.58:1195
      Oct 11 19:36:23	openvpn	66148	UDPv4 link local (bound): [AF_INET]xx.xxx.xx.xxx
      Oct 11 19:36:23	openvpn	66148	Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
      Oct 11 19:36:23	openvpn	66148	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Oct 11 19:36:23	openvpn	66148	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Oct 11 19:36:23	openvpn	66062	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
      Oct 11 19:36:23	openvpn	66062	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
      Oct 11 19:36:23	openvpn	66062	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
      
      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Oct 11 19:36:26	openvpn	66148	/sbin/ifconfig ovpnc1 10.21.3.174 10.21.3.173 mtu 1500 netmask 255.255.255.255 up
        Oct 11 19:36:26	openvpn	66148	FreeBSD ifconfig failed: external program exited with error status: 1
        
        

        That means it could not apply that IP address to the OpenVPN interface. Do you have a network that might already overlap that subnet or IP address? Check Status > Interfaces and Diagnostics > Routes.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • N
          notaduck
          last edited by

          I can see that it uses 10.21.3.141 and i have an OpenVPN Server running on 10.0.3.x could that be the issue here?

          1 Reply Last reply Reply Quote 0
          • H
            heper
            last edited by

            copy/paste your routing table here. (remove or modify your public ip adresses of wan)

            1 Reply Last reply Reply Quote 0
            • N
              notaduck
              last edited by

              Here is a copy of my Routes (Didn't thhought the forum was that helpfull ;) )

              Destination	Gateway	Flags	Use	Mtu	Netif	Expire
              0.0.0.0/1	10.21.3.145	UGS	0	1500	ovpnc1	
              default	xx.xxx.xx.xxx	UGS	166894	1500	em0	
              4.2.2.3	xx.xxx.xx.xxx	UGHS	3	1500	em0	
              10.0.1.0/24	link#1	U	4025931	1500	re0	
              10.0.1.1	link#1	UHS	0	16384	lo0	
              10.0.2.0/24	link#3	U	242129	1500	em1	
              10.0.2.1	xx.xxx.xx.xxx	UGHS	0	16384	em0	
              10.0.3.0/24	10.0.3.1	UGS	0	1500	ovpns2	
              10.0.3.1	link#10	UHS	0	16384	lo0	
              10.0.3.2	link#10	UH	0	1500	ovpns2	
              10.21.0.1/32	10.21.3.145	UGS	0	1500	ovpnc1	
              10.21.3.145	link#11	UH	38	1500	ovpnc1	
              10.21.3.146	link#11	UHS	0	16384	lo0	
              xx.xxx.xx.xxx/30	link#2	U	107212	1500	em0	
              xx.xxx.xx.xxx	link#2	UHS	0	16384	lo0	
              127.0.0.1	link#8	UH	838	16384	lo0	
              128.0.0.0/1	10.21.3.145	UGS	2	1500	ovpnc1	
              173.244.55.11/32 	xx.xxx.xx.xxx	UGS	36	1500	em0	
              208.67.222.222	xx.xxx.xx.xxx	UGHS	13	1500	em0
              
              1 Reply Last reply Reply Quote 0
              • H
                heper
                last edited by

                What's on .145? Are those static routes?

                Remove all unneeded 10.21.3.x configuration.
                Stop ovpnc1 and check routing table again for differences

                1 Reply Last reply Reply Quote 0
                • N
                  notaduck
                  last edited by

                  So I stopped my OpenVPN server and my routing tables looked like this

                  default	xx.xxx.xx.xxx	UGS	354394	1500	em0	
                  4.2.2.3	xx.xxx.xx.xxx	UGHS	3	1500	em0	
                  10.0.1.0/24	link#1	U	9835635	1500	re0	
                  10.0.1.1	link#1	UHS	0	16384	lo0	
                  10.0.2.0/24	link#3	U	428520	1500	em1	
                  10.0.2.1	xx.xxx.xx.xxx	UGHS	0	16384	em0	
                  xx.xxx.xx.xxx/30	link#2	U	206541	1500	em0	
                  xx.xxx.xx.xxx	link#2	UHS	0	16384	lo0	
                  127.0.0.1	link#8	UH	1542	16384	lo0	
                  208.67.222.222	xx.xxx.xx.xxx	UGHS	15	1500	em0	
                  
                  

                  and started the OpenVPN client without any luck.

                  0.0.0.0/1	10.21.3.185	UGS	4	1500	ovpnc1	
                  default	xx.xxx.xx.xxx 	UGS	354728	1500	em0	
                  4.2.2.3	xx.xxx.xx.xxx 	UGHS	3	1500	em0	
                  10.0.1.0/24	link#1	U	9836394	1500	re0	
                  10.0.1.1	link#1	UHS	0	16384	lo0	
                  10.0.2.0/24	link#3	U	429113	1500	em1	
                  10.0.2.1	xx.xxx.xx.xxx 	UGHS	0	16384	em0	
                  10.21.0.1/32	10.21.3.185	UGS	0	1500	ovpnc1	
                  10.21.3.185	link#11	UH	68	1500	ovpnc1	
                  10.21.3.186	link#11	UHS	0	16384	lo0	
                  xx.xxx.xx.xxx/30	link#2	U	206881	1500	em0	
                  xx.xxx.xx.xxx 	link#2	UHS	0	16384	lo0	
                  127.0.0.1	link#8	UH	1551	16384	lo0	
                  128.0.0.0/1	10.21.3.185	UGS	134	1500	ovpnc1	
                  173.244.55.5/32	xx.xxx.xx.xxx 	UGS	169	1500	em0	
                  208.67.222.222	xx.xxx.xx.xxx 	UGHS	19	1500	em0	
                  
                  

                  do you mean 10.0.3.145? In that case my guess is that it is the virtual IP i get from the client, so it shouldn't be static.
                  I haven't configured anything regarding 10.21.3.xxx

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.