Can someone tell me what this means?



  • The bolded line:

    Jan 13 16:17:16 openvpn[389]: Initialization Sequence Completed
    Jan 13 16:17:16 openvpn[389]: ERROR: FreeBSD route add command failed: shell command exited with error status: 1
    Jan 13 16:17:05 openvpn[389]: [client10] Peer Connection Initiated with 24.162.113.x:2051
    Jan 13 16:17:02 openvpn[389]: TCPv4_SERVER link remote: 24.162.113.x:2051
    Jan 13 16:17:02 openvpn[389]: TCPv4_SERVER link local (bound): [undef]:1194
    Jan 13 16:17:02 openvpn[389]: TCP connection established with 24.162.113.x:2051
    Jan 13 16:16:23 openvpn[389]: Listening for incoming TCP connection on [undef]:1194
    Jan 13 16:16:23 openvpn[336]: /etc/rc.filter_configure tun0 1500 1544 172.16.40.1 172.16.40.2 init
    Jan 13 16:16:23 openvpn[336]: /sbin/ifconfig tun0 172.16.40.1 172.16.40.2 mtu 1500 netmask 255.255.255.255 up
    Jan 13 16:16:23 openvpn[336]: TUN/TAP device /dev/tun0 opened
    Jan 13 16:16:23 openvpn[336]: gw 75.13.22.118
    Jan 13 16:16:23 openvpn[336]: LZO compression initialized
    Jan 13 16:16:23 openvpn[336]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
    Jan 13 16:16:23 openvpn[336]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006

    The reason I ask is that I have a semi-working VPN set up. This is a site-to-site VPN. On the client side, each machine can see and "talk" to every machine on the server side.

    However, on the server-side, the only machine that can talk to the client machine subnet (192.168.1.0/24) is pfSense. No other machine can.

    It's almost as if pfSense isn't advertising the tun0 interface (172.16.40.0/24). Have a look at a snippet of my local routes:

    127.0.0.1 127.0.0.1 UH 0 0 16384 lo0
    172.16.10/24 link#1 UC 0 0 1500 bge0
    172.16.10.254 00:0f:b5:9f:95:d7 UHLW 3 0 1500 bge0 528
    172.16.20/24 172.16.10.254 UGS 0 467 1500 bge0
    172.16.30/24 172.16.10.254 UGS 0 1399 1500 bge0
    172.16.40.2 172.16.40.1 UH 1 5 1500 tun0
    192.168.1 172.16.40.2 UGS 0 233 1500 tun0

    As you can see, there is no route for the 172.16.40.0/24 network. There should be a local route for this network so that every other machine/router knows that the interface for 172.16.40.0/24 exists on the pfSense…it's almost as if pfSense isn't completely "aware" that the tun0 interface exists locally. When doing a traceroute, pfSense shoots the packets out the default gateway, which is my WAN interface. Obviously pfSense is dealing with the packets correctly, I just need a route here indicating locality.

    I am thinking the bolded logged comment above explains this but I don't know enough about FreeBSD to know what it means or how to manually add that route.

    Ideas?


Log in to reply