OpenVPN says: FreeBSD ifconfig failed: external program exited with error status: 1



  • Hi there!

    I want to connect pfSense as a client to an Ubuntu OpenVPN Server.
    The strange thing is, yesterday all went really well.
    I have assigned the client to an interface ovpnc4 (the other 3 are OpenVPN Servers) and routed some traffic through the tunnel.

    Last thing I know was that I changed the Monitor IP for the ovpnc4 Gateway, because it monitored the pfSense client IP x.x.x.10 and not the Ubuntu server IP x.x.x.1

    Now I cannot reconnect to the server.

    pfSense is exiting due to fatal error:

    Sep 19 18:54:01 	openvpn 	41366 	Exiting due to fatal error
    Sep 19 18:54:01 	openvpn 	41366 	FreeBSD ifconfig failed: external program exited with error status: 1
    Sep 19 18:54:01 	openvpn 	41366 	/sbin/ifconfig ovpnc4 x.x.x.2 x.x.x.1 mtu 1500 netmask 255.255.255.0 up
    Sep 19 18:54:01 	openvpn 	41366 	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Sep 19 18:54:01 	openvpn 	41366 	ioctl(TUNSIFMODE): Device busy (errno=16)
    Sep 19 18:54:01 	openvpn 	41366 	TUN/TAP device /dev/tun4 opened
    Sep 19 18:54:01 	openvpn 	41366 	TUN/TAP device ovpnc4 exists previously, keep at program end
    Sep 19 18:54:01 	openvpn 	41366 	Incoming Data Channel: CIPHER block_size=16 iv_size=12
    

    And Ubuntu is desperately waiting for an answer from pfSense:

    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] UDPv4 READ [112] from [AF_INET][my_client]: P_CONTROL_V1 kid=0 pid=[ #12 ]
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] PUSH: Received control message: 'PUSH_REQUEST'
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] SENT CONTROL [client]: 'PUSH_REPLY,route-gateway x.x.x.1,topology subnet,ping
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Data Channel: using negotiated cipher 'AES-256-GCM'
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] UDPv4 WRITE [78] to [AF_INET][my_client]: P_ACK_V1 kid=0 pid=[ #10 ] [ 6 ]
    Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] UDPv4 WRITE [241] to [AF_INET][my_client]: P_CONTROL_V1 kid=0 pid=[ #11 ]
    Sep 19 18:48:46 [my_server] ovpn-server[909]: client/[my_client] UDPv4 WRITE [241] to [AF_INET][my_client]: P_CONTROL_V1 kid=0 pid=[ #12 ]
    

    I see that this might be an issue that the subnet x.x.x.0/24 is already in use, because i messed up the ovpns4 gateway somehow. But I already deleted the gateway, the OpenVPN-Client and the ovpnc4 interface to no avail.

    Can you give me any advice, how to troubleshoot this issue?

    P.S.: I have not restarted the pfSense machine yet, because I like to pretend this is a production environment and rebooting the entire firewall would be a bad idea.

    Kind regards,

    Holger



  • I think I have found something?

    "netstat -r" shows this route

    Routing tables
    
    Internet:
    Destination        Gateway            Flags     Netif Expire
    x.x.x.1        x.x.x.10       UGHS        lo0
    

    This might be some garbage from unecessary experiments I have done.
    How do I delete this?

    route delete -net x.x.x.1/32 x.x.x.10
    

    says

    route: route has not been found
    delete net x.x.x.1: gateway x.x.x.10 fib 0: not in table
    

    and

    route delete x.x.x.1
    

    says

    route: writing to routing socket: Address already in use
    delete host x.x.x.1 fib 0: gateway uses the same route
    

    I am failing to find out how to delete a route with no netmask in BSD :(



  • I have found some more.

    This is apparently a known issue that is caused by changing the Monitor IP on an OpenVPN-Interface.

    Here is the bug report: https://redmine.pfsense.org/issues/8142
    And here the discussion linked in the report: https://forum.pfsense.org/index.php?topic=138608.msg764734#msg764734

    The issue is still present in 2.4.3-RELEASE (amd64).

    The only workaround I have found without resetting the system was to change the subnet of the Ubuntu OpenVPN-server to something different than x.x.x.0/24.

    x.x.x.0/24 seems to be forever blocked by the non removable route.

    If anyone has any updates in that regard, I would be highly interested, so please let me know!

    Kind regards,

    Holger


Log in to reply