Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    ERROR: FreeBSD route add command failed

    OpenVPN
    2
    4
    109
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wmcneil last edited by

      ERROR: FreeBSD route add command failed

      I have created a pfSense OpenVPN Client, which I am connecting to a Asus router that is running an OpenVPN Server:

      client local subnet: 10.55.83.0/24
      tunnel network: 10.8.0.0/24
      server (remote) network: 192.168.2.0/24

      Here is a snip from the log file:

      /sbin/ifconfig ovpnc2 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
      /usr/local/sbin/ovpn-linkup ovpnc2 1500 1545 10.8.0.6 10.8.0.5 init
      openvpn 31875 ERROR: FreeBSD route add command failed: external program exited with error status: 1)

      Here are the relative entries from the routing table. I think the 10.8.0.1/32 row is causing an address conflict with the next two rows, but I don't know how to fix it? Thank you in advance for any help:

      Destination Gateway Flags Use Mtu Netif
      10.8.0.1/32 10.8.0.5 UGS 0 1500 ovpnc2
      10.8.0.5 link#15 UH 0 1500 ovpnc2
      10.8.0.6 link#15 UHS 0 16384 lo0

      W 1 Reply Last reply Reply Quote 0
      • W
        wmcneil @wmcneil last edited by

        I did some more experimenting. The OpenVPN server is sending the following:

        Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 PUSH: Received control message: 'PUSH_REQUEST'
        Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0' (status=1)

        I am assuming the "route 10.8.0.1" part of the string above, is what is causing the 10.8.0.1/32 routing table entry. I don't understand why the server is sending this, as the "ifconfig 10.8.0.6 10.8.0.5," part of the string is specifying 10.8.0.6 as the client IP, so 10.8.0.1 should not be needed?

        I attempted to workaround this as follows: By changing the client VPN configuration to include a check for the "don't pull routes" option, the route "10.8.0.1/32 10.8.0.5" is no longer present. I manually added a static route of "10.8.0.0/24 10.8.0.5". This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server. I am stuck, any help appreciated.

        10.8.0.0/24 10.8.0.5 UGS 0 1500 ovpnc2
        10.8.0.5 link#15 UH 490 1500 ovpnc2
        10.8.0.6 link#15 UHS 0 16384 lo0
        192.168.2.0/24 10.8.0.5 UGS 550 1500 ovpnc2

        V 1 Reply Last reply Reply Quote 0
        • V
          viragomann @wmcneil last edited by

          @wmcneil
          Seems to be something wrong in the server config.

          @wmcneil said in ERROR: FreeBSD route add command failed:

          This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server.

          Ensure that the destination device allows the access. For testing shut down its firewall (reboot if it's Windows!).

          W 1 Reply Last reply Reply Quote 0
          • W
            wmcneil @viragomann last edited by

            @viragomann I can access the destination when I use other OpenVPN client machines (including windows and android), so it is not a permissions things.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy