Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Solved: Site-to-site OpenVPN broken after update 2.3.4_1

    Installation and Upgrades
    2
    2
    2060
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      betatest last edited by

      I had a Site-to-site OpenVPN connection running in pfsense 2.3.4.
      Did not change anything configuration-wise.
      Updated local pfSense to 2.3.4_1. Everything still working.
      Updated client side. Nothing works anymore.

      I am not an expert in VPN or networking and English is not my native language so please bear with me.

      Strange thing is, VPN is up and running. Everything seems normal.

      But there is something strange in OpenVPN logs:
      ERROR: FreeBSD route add command failed: external program exited with error status: 1

      Don't know if it was there before.
      Any help would be greatly appreciated. Otherwise I have to look up how to roll back to 2.3.4. Unfortunately I forgot backup my remote site before update…

      Update: RoadWarrior ist still working. I created another site-to-site VPN for testing and it works!
      No idea if it had something to do with cert.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Updated client side. Nothing works anymore.
        …
        Strange thing is, VPN is up and running. Everything seems normal.

        Is it working or not?

        ERROR: FreeBSD route add command failed: external program exited with error status: 1

        That generally means there is an existing route in the system that conflicts with a route that OpenVPN is trying to add so OpenVPN cannot add it. It is generally a soft failure unless it happens to be a conflict with the actual tunnel network which can prevent OpenVPN from starting.

        That very likely has more to do with the reboot after the update putting the route there than the upgrade to 2.3.4_1.

        Stop the OpenVPN client process and look at the routing table. Start the OpenVPN client and examine the logs. If you set the logging verbosity to 4 it will show you which route it is trying to add. These are the entries with an intentional conflict created (Static route in the system for 10.100.100.0/24 and also listing it as a remote network in an OpenVPN client):

        Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 172.25.232.0 10.10.10.1 255.255.255.0
        Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 10.100.100.0 10.10.10.1 255.255.255.0
        Jul 23 19:09:36 openvpn 71076 ERROR: FreeBSD route add command failed: external program exited with error status: 1

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post