Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Solved: Site-to-site OpenVPN broken after update 2.3.4_1

    Installation and Upgrades
    2
    2
    2048
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      betatest last edited by

      I had a Site-to-site OpenVPN connection running in pfsense 2.3.4.
      Did not change anything configuration-wise.
      Updated local pfSense to 2.3.4_1. Everything still working.
      Updated client side. Nothing works anymore.

      I am not an expert in VPN or networking and English is not my native language so please bear with me.

      Strange thing is, VPN is up and running. Everything seems normal.

      But there is something strange in OpenVPN logs:
      ERROR: FreeBSD route add command failed: external program exited with error status: 1

      Don't know if it was there before.
      Any help would be greatly appreciated. Otherwise I have to look up how to roll back to 2.3.4. Unfortunately I forgot backup my remote site before update…

      Update: RoadWarrior ist still working. I created another site-to-site VPN for testing and it works!
      No idea if it had something to do with cert.

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by

        Updated client side. Nothing works anymore.
        …
        Strange thing is, VPN is up and running. Everything seems normal.

        Is it working or not?

        ERROR: FreeBSD route add command failed: external program exited with error status: 1

        That generally means there is an existing route in the system that conflicts with a route that OpenVPN is trying to add so OpenVPN cannot add it. It is generally a soft failure unless it happens to be a conflict with the actual tunnel network which can prevent OpenVPN from starting.

        That very likely has more to do with the reboot after the update putting the route there than the upgrade to 2.3.4_1.

        Stop the OpenVPN client process and look at the routing table. Start the OpenVPN client and examine the logs. If you set the logging verbosity to 4 it will show you which route it is trying to add. These are the entries with an intentional conflict created (Static route in the system for 10.100.100.0/24 and also listing it as a remote network in an OpenVPN client):

        Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 172.25.232.0 10.10.10.1 255.255.255.0
        Jul 23 19:09:36 openvpn 71076 /sbin/route add -net 10.100.100.0 10.10.10.1 255.255.255.0
        Jul 23 19:09:36 openvpn 71076 ERROR: FreeBSD route add command failed: external program exited with error status: 1

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy