ERROR: FreeBSD route add command failed


  • ERROR: FreeBSD route add command failed

    I have created a pfSense OpenVPN Client, which I am connecting to a Asus router that is running an OpenVPN Server:

    client local subnet: 10.55.83.0/24
    tunnel network: 10.8.0.0/24
    server (remote) network: 192.168.2.0/24

    Here is a snip from the log file:

    /sbin/ifconfig ovpnc2 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
    /usr/local/sbin/ovpn-linkup ovpnc2 1500 1545 10.8.0.6 10.8.0.5 init
    openvpn 31875 ERROR: FreeBSD route add command failed: external program exited with error status: 1)

    Here are the relative entries from the routing table. I think the 10.8.0.1/32 row is causing an address conflict with the next two rows, but I don't know how to fix it? Thank you in advance for any help:

    Destination Gateway Flags Use Mtu Netif
    10.8.0.1/32 10.8.0.5 UGS 0 1500 ovpnc2
    10.8.0.5 link#15 UH 0 1500 ovpnc2
    10.8.0.6 link#15 UHS 0 16384 lo0


  • I did some more experimenting. The OpenVPN server is sending the following:

    Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 PUSH: Received control message: 'PUSH_REQUEST'
    Jan 13 17:19:59 vpnserver1[20122]: client/136.56.23.109:12315 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,route 10.8.0.1,topology net30,ping 10,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5,peer-id 0' (status=1)

    I am assuming the "route 10.8.0.1" part of the string above, is what is causing the 10.8.0.1/32 routing table entry. I don't understand why the server is sending this, as the "ifconfig 10.8.0.6 10.8.0.5," part of the string is specifying 10.8.0.6 as the client IP, so 10.8.0.1 should not be needed?

    I attempted to workaround this as follows: By changing the client VPN configuration to include a check for the "don't pull routes" option, the route "10.8.0.1/32 10.8.0.5" is no longer present. I manually added a static route of "10.8.0.0/24 10.8.0.5". This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server. I am stuck, any help appreciated.

    10.8.0.0/24 10.8.0.5 UGS 0 1500 ovpnc2
    10.8.0.5 link#15 UH 490 1500 ovpnc2
    10.8.0.6 link#15 UHS 0 16384 lo0
    192.168.2.0/24 10.8.0.5 UGS 550 1500 ovpnc2


  • @wmcneil
    Seems to be something wrong in the server config.

    @wmcneil said in ERROR: FreeBSD route add command failed:

    This results in the routing entries below, which look correct, but I am still unable to access any local IPs (192.168.2.*) on the remote OpenVPN server.

    Ensure that the destination device allows the access. For testing shut down its firewall (reboot if it's Windows!).


  • @viragomann I can access the destination when I use other OpenVPN client machines (including windows and android), so it is not a permissions things.