OpenVPN TAP interface: gateway options



  • I’m setting up an OpenVPN TAP tunnel between a pfSense (2.4.0) server and a LEDE (17.01.4) client.

    If I import the pfSense-generated .ovpn file in LEDE, I get the following error:

    Wed Nov 8 01:22:54 2017 TUN/TAP device tap0 opened
    Wed Nov 8 01:22:54 2017 NOTE: unable to redirect default gateway – VPN gateway parameter (–route-gateway or --ifconfig) is missing
    Wed Nov 8 01:22:54 2017 Initialization Sequence Completed
    

    A TAP tunnel is established, but there is no traffic as there is no route. For reference, the same errors occurs when running this in a Windows client.

    So, I add "route-gateway <ip-of-gateway>" to the .ovpn file. However, I then get the following error:

    Wed Nov 8 01:24:05 2017 TUN/TAP device tap0 opened
    route: SIOCADDRT: File exists
    Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1
    route: SIOCADDRT: Network unreachable
    Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1
    route: SIOCADDRT: Network unreachable
    Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1
    route: SIOCADDRT: Network unreachable
    Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1
    Wed Nov 8 01:24:05 2017 Initialization Sequence Completed
    

    Again, a TAP tunnel is established, but there is no traffic (still no gateway). For reference, a successful working connection in established from a Windows client with the route-gateway option.

    I expect LEDE can't reach the gateway IP, but if that's because the tunnel-initialization is faulty, or if it doens't know where/how to look for the gateway, I don't know. I've tried several 'route-gateway' options for as far as OpenVPN understands these commands, but nothing seems to work. I've also tried to push the setting, but to no avail. I understand the fault must lie in my LEDE device, but maybe someone here has some insight in this setup.</ip-of-gateway>


Log in to reply