Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN says: FreeBSD ifconfig failed: external program exited with error status: 1

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfImprudence
      last edited by pfImprudence

      Hi there!

      I want to connect pfSense as a client to an Ubuntu OpenVPN Server.
      The strange thing is, yesterday all went really well.
      I have assigned the client to an interface ovpnc4 (the other 3 are OpenVPN Servers) and routed some traffic through the tunnel.

      Last thing I know was that I changed the Monitor IP for the ovpnc4 Gateway, because it monitored the pfSense client IP x.x.x.10 and not the Ubuntu server IP x.x.x.1

      Now I cannot reconnect to the server.

      pfSense is exiting due to fatal error:

      Sep 19 18:54:01 	openvpn 	41366 	Exiting due to fatal error
Sep 19 18:54:01 	openvpn 	41366 	FreeBSD ifconfig failed: external program exited with error status: 1
Sep 19 18:54:01 	openvpn 	41366 	/sbin/ifconfig ovpnc4 x.x.x.2 x.x.x.1 mtu 1500 netmask 255.255.255.0 up
Sep 19 18:54:01 	openvpn 	41366 	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sep 19 18:54:01 	openvpn 	41366 	ioctl(TUNSIFMODE): Device busy (errno=16)
Sep 19 18:54:01 	openvpn 	41366 	TUN/TAP device /dev/tun4 opened
Sep 19 18:54:01 	openvpn 	41366 	TUN/TAP device ovpnc4 exists previously, keep at program end
Sep 19 18:54:01 	openvpn 	41366 	Incoming Data Channel: CIPHER block_size=16 iv_size=12

      And Ubuntu is desperately waiting for an answer from pfSense:

      Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] UDPv4 READ [112] from [AF_INET][my_client]: P_CONTROL_V1 kid=0 pid=[ #12 ]
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] PUSH: Received control message: 'PUSH_REQUEST'
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] SENT CONTROL [client]: 'PUSH_REPLY,route-gateway x.x.x.1,topology subnet,ping
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] UDPv4 WRITE [78] to [AF_INET][my_client]: P_ACK_V1 kid=0 pid=[ #10 ] [ 6 ]
Sep 19 18:48:43 [my_server] ovpn-server[909]: client/[my_client] UDPv4 WRITE [241] to [AF_INET][my_client]: P_CONTROL_V1 kid=0 pid=[ #11 ]
Sep 19 18:48:46 [my_server] ovpn-server[909]: client/[my_client] UDPv4 WRITE [241] to [AF_INET][my_client]: P_CONTROL_V1 kid=0 pid=[ #12 ]

      I see that this might be an issue that the subnet x.x.x.0/24 is already in use, because i messed up the ovpns4 gateway somehow. But I already deleted the gateway, the OpenVPN-Client and the ovpnc4 interface to no avail.

      Can you give me any advice, how to troubleshoot this issue?

      P.S.: I have not restarted the pfSense machine yet, because I like to pretend this is a production environment and rebooting the entire firewall would be a bad idea.

      Kind regards,

      Holger

      1 Reply Last reply Reply Quote 0
      • P
        pfImprudence
        last edited by

        I think I have found something?

        "netstat -r" shows this route

        Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
x.x.x.1        x.x.x.10       UGHS        lo0

        This might be some garbage from unecessary experiments I have done.
        How do I delete this?

        route delete -net x.x.x.1/32 x.x.x.10

        says

        route: route has not been found
delete net x.x.x.1: gateway x.x.x.10 fib 0: not in table

        and

        route delete x.x.x.1

        says

        route: writing to routing socket: Address already in use
delete host x.x.x.1 fib 0: gateway uses the same route

        I am failing to find out how to delete a route with no netmask in BSD :(

        1 Reply Last reply Reply Quote 0
        • P
          pfImprudence
          last edited by

          I have found some more.

          This is apparently a known issue that is caused by changing the Monitor IP on an OpenVPN-Interface.

          Here is the bug report: https://redmine.pfsense.org/issues/8142
          And here the discussion linked in the report: https://forum.pfsense.org/index.php?topic=138608.msg764734#msg764734

          The issue is still present in 2.4.3-RELEASE (amd64).

          The only workaround I have found without resetting the system was to change the subnet of the Ubuntu OpenVPN-server to something different than x.x.x.0/24.

          x.x.x.0/24 seems to be forever blocked by the non removable route.

          If anyone has any updates in that regard, I would be highly interested, so please let me know!

          Kind regards,

          Holger

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.