openvpn failed to add route

hescominsoon · Feb 22, 2023, 7:12 PM

the openvpn server is a netgate 7100 1u running the 23.01 release. I have setup openvpn with great assistance from users here. I am now getting an error about failing to add route. The client is a windows 10 pr0 machine. UAC is disabled.

the error is2023-02-22 14:04:07 ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=11]

it is failing to add the route for the 172.23.0.254/24 into the route tables so internal resources are not available. The tunnel network is 192.168.100.1/24 and that appears to be working. What am i missing?

viragomann · Feb 22, 2023, 7:31 PM

@hescominsoon said in openvpn failed to add route:

it is failing to add the route for the 172.23.0.254/24 into the route tables so internal resources are not available.

This is not a network address! You have to state network addresses with masks in the "Local Networks" box, e.g. 172.23.0.0/24.

hescominsoon · Feb 22, 2023, 7:45 PM

@viragomann bleh i knew better. i've been banging my head against the wall for so long...:) let me fix that and try this again.

Of course i have not setup a vpn in over a decade...as i have and use other means for remote access..:)

hescominsoon · Feb 22, 2023, 7:54 PM

ok that error is now fixed. now i jsut need to get the route for 172.23.0.0/24 working so i can access information internally. here is what route print looks like right now:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.255.1 192.168.255.200 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.23.0.0 255.255.255.0 192.168.100.1 192.168.100.2 281
192.168.100.0 255.255.255.0 On-link 192.168.100.2 281
192.168.100.2 255.255.255.255 On-link 192.168.100.2 281
192.168.100.255 255.255.255.255 On-link 192.168.100.2 281
192.168.255.0 255.255.255.0 On-link 192.168.255.200 281
192.168.255.200 255.255.255.255 On-link 192.168.255.200 281
192.168.255.255 255.255.255.255 On-link 192.168.255.200 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.255.200 281
224.0.0.0 240.0.0.0 On-link 192.168.100.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.255.200 281
255.255.255.255 255.255.255.255 On-link 192.168.100.2 281

hescominsoon · Feb 22, 2023, 8:02 PM

i think i got it. i disabled DCO and that seems to have fixed it. i can now hit the remote local resources and dns entries over there work now as well..:)