Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client connects - get route add error and unable to route to internal network

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 23 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jfish
      last edited by jfish

      Running latest pfsense 2.8 CE edition

      configured OpenVPN using the wizard

      internal subnet 192.168.0.1/24
      VPN subnet 192.168.8.0/24

      I can connect but get error as below

      Wed Jul 30 16:37:10 2025 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
      Wed Jul 30 16:37:10 2025 MANAGEMENT: >STATE:1753889830,ADD_ROUTES,,,,,,
      Wed Jul 30 16:37:10 2025 C:\Windows\system32\route.exe ADD 192.168.0.1 MASK 255.255.255.0 192.168.8.1
      Wed Jul 30 16:37:10 2025 ERROR: route addition failed using service: The parameter is incorrect. [status=87 if_index=10]

      I do ssuccessfully get a IP address from the VPN subnet but can not route to the internal network. This is a new build, not sure if I have misconfigured

      my server config as below

      dev ovpns1
      verb 1
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp4
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      client-connect /usr/local/sbin/openvpn.attributes.sh
      client-disconnect /usr/local/sbin/openvpn.attributes.sh
      learn-address "/usr/local/sbin/openvpn.learn-address.sh <removed>"
      local 192.168.10.78
      tls-server
      server 192.168.8.0 255.255.255.0
      client-config-dir /var/etc/openvpn/server1/csc
      username-as-common-name
      plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user TG9jYWwgRGF0YWJhc2U= false server1 1194
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'OPENVPN_SERVER_CERT' 1"
      lport 1194
      management /var/etc/openvpn/server1/sock unix
      push "route 192.168.0.1 255.255.255.0"
      push "dhcp-option DOMAIN <removed>"
      push "dhcp-option DNS 192.168.0.1"
      capath /var/etc/openvpn/server1/ca
      cert /var/etc/openvpn/server1/cert
      key /var/etc/openvpn/server1/key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server1/tls-auth 0
      data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
      data-ciphers-fallback AES-256-CBC
      allow-compression no
      persist-remote-ip
      float
      topology subnet
      fast-io
      explicit-exit-notify 1

      client config

      dev tun
      persist-tun
      persist-key
      data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
      data-ciphers-fallback AES-256-CBC
      auth SHA256
      tls-client
      client
      resolv-retry infinite
      remote <removed> 1194 udp4
      verify-x509-name "OPENVPN_SERVER_CERT" name
      lport 0
      auth-user-pass
      remote-cert-tls server
      explicit-exit-notify

      1 Reply Last reply Reply Quote 0
      • J Offline
        jfish
        last edited by jfish

        I made a mistake in my config, for the local network in the VPN config I enter 192.168.0.1/24 and should have been 192.168.0.0/24

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.