4. Solved: Site-to-site OpenVPN broken after update 2.3.4_1

Solved: Site-to-site OpenVPN broken after update 2.3.4_1

  • B

    I had a Site-to-site OpenVPN connection running in pfsense 2.3.4.
    Did not change anything configuration-wise.
    Updated local pfSense to 2.3.4_1. Everything still working.
    Updated client side. Nothing works anymore.

    I am not an expert in VPN or networking and English is not my native language so please bear with me.

    Strange thing is, VPN is up and running. Everything seems normal.

    But there is something strange in OpenVPN logs:
    ERROR: FreeBSD route add command failed: external program exited with error status: 1

    Don't know if it was there before.
    Any help would be greatly appreciated. Otherwise I have to look up how to roll back to 2.3.4. Unfortunately I forgot backup my remote site before update…

    Update: RoadWarrior ist still working. I created another site-to-site VPN for testing and it works!
    No idea if it had something to do with cert.

    0
  • Netgate

    Updated client side. Nothing works anymore.

    Strange thing is, VPN is up and running. Everything seems normal.

    Is it working or not?

    ERROR: FreeBSD route add command failed: external program exited with error status: 1

    That generally means there is an existing route in the system that conflicts with a route that OpenVPN is trying to add so OpenVPN cannot add it. It is generally a soft failure unless it happens to be a conflict with the actual tunnel network which can prevent OpenVPN from starting.

    That very likely has more to do with the reboot after the update putting the route there than the upgrade to 2.3.4_1.

    Stop the OpenVPN client process and look at the routing table. Start the OpenVPN client and examine the logs. If you set the logging verbosity to 4 it will show you which route it is trying to add. These are the entries with an intentional conflict created (Static route in the system for 10.100.100.0/24 and also listing it as a remote network in an OpenVPN client):

    Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 172.25.232.0 10.10.10.1 255.255.255.0
    Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 10.100.100.0 10.10.10.1 255.255.255.0
    Jul 23 19:09:36 openvpn 71076 ERROR: FreeBSD route add command failed: external program exited with error status: 1

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy