ERROR: FreeBSD route add command failed

wmcneil · Jan 12, 2021, 11:30 PM

I have created a pfSense OpenVPN Client, which I am connecting to a Asus router that is running an OpenVPN Server:

client local subnet: 10.55.83.0/24
tunnel network: 10.8.0.0/24
server (remote) network: 192.168.2.0/24

Here is a snip from the log file:

/sbin/ifconfig ovpnc2 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
/usr/local/sbin/ovpn-linkup ovpnc2 1500 1545 10.8.0.6 10.8.0.5 init
openvpn 31875 ERROR: FreeBSD route add command failed: external program exited with error status: 1)

Here are the relative entries from the routing table. I think the 10.8.0.1/32 row is causing an address conflict with the next two rows, but I don't know how to fix it? Thank you in advance for any help:

Destination Gateway Flags Use Mtu Netif
10.8.0.1/32 10.8.0.5 UGS 0 1500 ovpnc2
10.8.0.5 link#15 UH 0 1500 ovpnc2
10.8.0.6 link#15 UHS 0 16384 lo0

wmcneil · Jan 13, 2021, 11:04 PM

I did some more experimenting. The OpenVPN server is sending the following:

Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 PUSH: Received control message: 'PUSH_REQUEST'
Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0' (status=1)

I am assuming the "route 10.8.0.1" part of the string above, is what is causing the 10.8.0.1/32 routing table entry. I don't understand why the server is sending this, as the "ifconfig 10.8.0.6 10.8.0.5," part of the string is specifying 10.8.0.6 as the client IP, so 10.8.0.1 should not be needed?

I attempted to workaround this as follows: By changing the client VPN configuration to include a check for the "don't pull routes" option, the route "10.8.0.1/32 10.8.0.5" is no longer present. I manually added a static route of "10.8.0.0/24 10.8.0.5". This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server. I am stuck, any help appreciated.

10.8.0.0/24 10.8.0.5 UGS 0 1500 ovpnc2
10.8.0.5 link#15 UH 490 1500 ovpnc2
10.8.0.6 link#15 UHS 0 16384 lo0
192.168.2.0/24 10.8.0.5 UGS 550 1500 ovpnc2

viragomann · Jan 13, 2021, 11:35 PM

@wmcneil
Seems to be something wrong in the server config.

@wmcneil said in ERROR: FreeBSD route add command failed:

This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server.

Ensure that the destination device allows the access. For testing shut down its firewall (reboot if it's Windows!).

wmcneil · Jan 14, 2021, 12:15 AM

@viragomann I can access the destination when I use other OpenVPN client machines (including windows and android), so it is not a permissions things.