Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Solved: Site-to-site OpenVPN broken after update 2.3.4_1

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    2 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      betatest
      last edited by

      I had a Site-to-site OpenVPN connection running in pfsense 2.3.4.
      Did not change anything configuration-wise.
      Updated local pfSense to 2.3.4_1. Everything still working.
      Updated client side. Nothing works anymore.

      I am not an expert in VPN or networking and English is not my native language so please bear with me.

      Strange thing is, VPN is up and running. Everything seems normal.

      But there is something strange in OpenVPN logs:
      ERROR: FreeBSD route add command failed: external program exited with error status: 1

      Don't know if it was there before.
      Any help would be greatly appreciated. Otherwise I have to look up how to roll back to 2.3.4. Unfortunately I forgot backup my remote site before update…

      Update: RoadWarrior ist still working. I created another site-to-site VPN for testing and it works!
      No idea if it had something to do with cert.

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Updated client side. Nothing works anymore.
        …
        Strange thing is, VPN is up and running. Everything seems normal.

        Is it working or not?

        ERROR: FreeBSD route add command failed: external program exited with error status: 1

        That generally means there is an existing route in the system that conflicts with a route that OpenVPN is trying to add so OpenVPN cannot add it. It is generally a soft failure unless it happens to be a conflict with the actual tunnel network which can prevent OpenVPN from starting.

        That very likely has more to do with the reboot after the update putting the route there than the upgrade to 2.3.4_1.

        Stop the OpenVPN client process and look at the routing table. Start the OpenVPN client and examine the logs. If you set the logging verbosity to 4 it will show you which route it is trying to add. These are the entries with an intentional conflict created (Static route in the system for 10.100.100.0/24 and also listing it as a remote network in an OpenVPN client):

        Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 172.25.232.0 10.10.10.1 255.255.255.0
        Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 10.100.100.0 10.10.10.1 255.255.255.0
        Jul 23 19:09:36 openvpn 71076 ERROR: FreeBSD route add command failed: external program exited with error status: 1

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.