FreeBSD ifconfig failed: external program exited with error status: 1

mph

Hi, I have strange issue with openvpn and ospf. May be ospf is not reason of the trouble, but I saw it when they worked together.
VPN interface go down and I can't understand why

Part of log

May 11 21:10:36 openvpn 8070 /sbin/ifconfig ovpnc2 10.44.0.10 10.44.0.9 mtu 1500 netmask 255.255.255.255 up
May 11 21:10:36 openvpn 8070 FreeBSD ifconfig failed: external program exited with error status: 1
May 11 21:10:36 openvpn 8070 Exiting due to fatal error

heper

Maybe the route already exists?

cmb

@heper:

Maybe the route already exists?

Yeah a conflict of some sort is usually the reason in that case, can't add an IP that's already configured elsewhere.

mph

Yes, you are right. Thank you for the hint.

I checked interfaces and routes and found that in the server part ovpn interface is in up, and ospf had distributed route for this network to other.

ovpn interface is in a down on the client, but the route(tunneled) arrived with ospf and ovpn can't update it

heper

there should be a checkbox on the ospf interface page to disable the distribution of tunnel networks.

if you are on 2.3 & quagga 1.x: https://forum.pfsense.org/index.php?topic=111108.0
quagga 1.x doesn't seem to update routes, even after link down.

mph

@heper:

there should be a checkbox on the ospf interface page to disable the distribution of tunnel networks.

if you are on 2.3 & quagga 1.x: https://forum.pfsense.org/index.php?topic=111108.0
quagga 1.x doesn't seem to update routes, even after link down.

What is the checkbox?

I use 2.3 with quagga 0.99

heper

quagga > interface-settings > Accept Filter

mph

The problem has not solved. Some tunnels also go down with the same reason.

in the log I see this

/sbin/ifconfig ovpnc4 10.44.0.54 10.44.0.53 mtu 1500 netmask 255.255.255.255 up
FreeBSD ifconfig failed: external program exited with error status: 1

I was tried to do ifconfig command manually, and recieved the next result

[2.3-RELEASE][root@nlvz.local]/root: /sbin/ifconfig ovpnc4 10.44.0.54 10.44.0.53 mtu 1500 netmask 255.255.255.255 up
ifconfig: ioctl (SIOCAIFADDR): Address already in use

but i can't find, who and how is using this address

ifconfigovpnc2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::20c:29ff:fe90:2047%ovpnc2 prefixlen 64 scopeid 0x8
        inet 10.44.0.14 –> 10.44.0.13 netmask 0xffffffff
        nd6 options=21 <performnud,auto_linklocal>Opened by PID 41437
ovpnc3: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
        options=80000 <linkstate>nd6 options=21 <performnud,auto_linklocal>ovpnc4: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::20c:29ff:fe90:2047%ovpnc4 prefixlen 64 scopeid 0xa
        nd6 options=21 <performnud,auto_linklocal>ovpnc5: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::20c:29ff:fe90:2047%ovpnc5 prefixlen 64 scopeid 0xb
        inet 10.44.0.74 --> 10.44.0.73 netmask 0xffffffff
        nd6 options=21 <performnud,auto_linklocal>Opened by PID 92738</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></pointopoint,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast>

heper

Check your routing table (diagnostics routing)
It will probably have /32 routes in there that match your tunnel network…. the same routes can be found in the ospf status screen

i have one site where the accept filter isn't enough.
there, i fill in the tunnel subnets in the quagga 'disable acceptance' list (=bottom of global settings)

The attached screenshot is at the SERVER end of the tunnel (hence the .1 address' )
On the client end its the same except it is for the .2 address'

hope it helps.

mph

SOLVED!!!!

Really thanks you!!!