FreeBSD ifconfig failed: external program exited with error status: 1



  • Hi, I have strange issue with openvpn and ospf. May be ospf is not reason of the trouble, but I saw it when they worked together.
    VPN interface go down and I can't understand why

    Part of log

    May 11 21:10:36 openvpn 8070 /sbin/ifconfig ovpnc2 10.44.0.10 10.44.0.9 mtu 1500 netmask 255.255.255.255 up
    May 11 21:10:36 openvpn 8070 FreeBSD ifconfig failed: external program exited with error status: 1
    May 11 21:10:36 openvpn 8070 Exiting due to fatal error





  • Maybe the route already exists?



  • @heper:

    Maybe the route already exists?

    Yeah a conflict of some sort is usually the reason in that case, can't add an IP that's already configured elsewhere.



  • Yes, you are right. Thank you for the hint.

    I checked interfaces and routes and found that in the server part ovpn interface is in up, and ospf had distributed route for this network to other.

    ovpn interface is in a down on the client, but the route(tunneled) arrived with ospf and ovpn can't update it



  • there should be a checkbox on the ospf interface page to disable the distribution of tunnel networks.

    if you are on 2.3 & quagga 1.x: https://forum.pfsense.org/index.php?topic=111108.0
    quagga 1.x doesn't seem to update routes, even after link down.



  • @heper:

    there should be a checkbox on the ospf interface page to disable the distribution of tunnel networks.

    if you are on 2.3 & quagga 1.x: https://forum.pfsense.org/index.php?topic=111108.0
    quagga 1.x doesn't seem to update routes, even after link down.

    What is the checkbox?

    I use 2.3 with quagga 0.99



  • quagga > interface-settings > Accept Filter



  • The problem has not solved. Some tunnels also go down with the same reason.

    in the log I see this

    /sbin/ifconfig ovpnc4 10.44.0.54 10.44.0.53 mtu 1500 netmask 255.255.255.255 up
    FreeBSD ifconfig failed: external program exited with error status: 1

    I was tried to do ifconfig command manually, and recieved the next result

    [2.3-RELEASE][root@nlvz.local]/root: /sbin/ifconfig ovpnc4 10.44.0.54 10.44.0.53 mtu 1500 netmask 255.255.255.255 up
    ifconfig: ioctl (SIOCAIFADDR): Address already in use

    but i can't find, who and how is using this address

    ifconfigovpnc2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::20c:29ff:fe90:2047%ovpnc2 prefixlen 64 scopeid 0x8
            inet 10.44.0.14 –> 10.44.0.13 netmask 0xffffffff
            nd6 options=21 <performnud,auto_linklocal>Opened by PID 41437
    ovpnc3: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
            options=80000 <linkstate>nd6 options=21 <performnud,auto_linklocal>ovpnc4: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::20c:29ff:fe90:2047%ovpnc4 prefixlen 64 scopeid 0xa
            nd6 options=21 <performnud,auto_linklocal>ovpnc5: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::20c:29ff:fe90:2047%ovpnc5 prefixlen 64 scopeid 0xb
            inet 10.44.0.74 --> 10.44.0.73 netmask 0xffffffff
            nd6 options=21 <performnud,auto_linklocal>Opened by PID 92738</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></pointopoint,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast>



  • Check your routing table (diagnostics routing)
    It will probably have /32 routes in there that match your tunnel network…. the same routes can be found in the ospf status screen

    i have one site where the accept filter isn't enough.
    there, i fill in the tunnel subnets in the quagga 'disable acceptance' list (=bottom of global settings)

    The attached screenshot is at the SERVER end of the tunnel (hence the .1 address' )
    On the client end its the same except it is for the .2 address'

    hope it helps.




  • SOLVED!!!!

    Really thanks you!!!


Log in to reply