OpenVPN TAP interface: gateway options
-
I’m setting up an OpenVPN TAP tunnel between a pfSense (2.4.0) server and a LEDE (17.01.4) client.
If I import the pfSense-generated .ovpn file in LEDE, I get the following error:
Wed Nov 8 01:22:54 2017 TUN/TAP device tap0 opened Wed Nov 8 01:22:54 2017 NOTE: unable to redirect default gateway – VPN gateway parameter (–route-gateway or --ifconfig) is missing Wed Nov 8 01:22:54 2017 Initialization Sequence Completed
A TAP tunnel is established, but there is no traffic as there is no route. For reference, the same errors occurs when running this in a Windows client.
So, I add "route-gateway <ip-of-gateway>" to the .ovpn file. However, I then get the following error:
Wed Nov 8 01:24:05 2017 TUN/TAP device tap0 opened route: SIOCADDRT: File exists Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1 route: SIOCADDRT: Network unreachable Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1 route: SIOCADDRT: Network unreachable Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1 route: SIOCADDRT: Network unreachable Wed Nov 8 01:24:05 2017 ERROR: Linux route add command failed: external program exited with error status: 1 Wed Nov 8 01:24:05 2017 Initialization Sequence Completed
Again, a TAP tunnel is established, but there is no traffic (still no gateway). For reference, a successful working connection in established from a Windows client with the route-gateway option.
I expect LEDE can't reach the gateway IP, but if that's because the tunnel-initialization is faulty, or if it doens't know where/how to look for the gateway, I don't know. I've tried several 'route-gateway' options for as far as OpenVPN understands these commands, but nothing seems to work. I've also tried to push the setting, but to no avail. I understand the fault must lie in my LEDE device, but maybe someone here has some insight in this setup.</ip-of-gateway>