- OpenVPN Support Forum
- OpenVPN doesn’t add all routes to routing table
- OpenVPN doesn’t add all routes to routing table
- OpenVPN Support Forum
- ERROR: Linux route add command failed: external program exited with error status: 2
- ERROR: Linux route add command failed: external program exited with error status: 2
- OpenVPN Support Forum
- Linux route add command failed
OpenVPN Support Forum
OpenVPN doesn’t add all routes to routing table
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
OpenVPN doesn’t add all routes to routing table
Post by Gwyll » Sun Oct 09, 2016 6:21 pm
I have an OpenVPN server 2.3.4 on a Debian 8.6. The OpenVPN server has a few client and most of the client have its own subnet that has to be available through the tunnel.
The VPN server is on 192.168.254.1, the local subnet is 192.168.1.0/24
I put one ‘route’ line per each wanted subnet into server.conf and every client has a corresponding ‘iroute’ line in the client-config.
If I start the OpenVPN server it adds a few of the defined routes. A few, not all. Each time I restart the OpenVPN server the routes are changing. Some of them remains in the routing table (re-added), some of the are missing. With a very rare constellation or humidity the OpenVPN server is able the add all routes (after 3-5-7 restarts) and everything is working without config change . for one day. Then the whole procedure starts from the beginning.
How could I debug the OpenVPN’s route adding function? It is clear from the log that sometimes OpenVPN simply fails to add a route.
The client’s subnet defined in server.conf:
route 172.24.16.0 255.255.252.0 route 172.25.16.0 255.255.252.0 route 192.168.2.0 255.255.255.0 route 192.168.3.0 255.255.255.0 route 192.168.4.0 255.255.255.0 route 192.168.19.0 255.255.255.0 route 192.168.20.0 255.255.255.0 route 192.168.40.0 255.255.255.0 route 192.168.41.0 255.255.255.0 route 192.168.55.0 255.255.255.0 route 192.168.56.0 255.255.255.0 route 192.168.100.0 255.255.255.0 route 192.168.250.0 255.255.255.0 route 192.168.251.0 255.255.255.0 route 192.168.253.0 255.255.255.0 I tried ‘max-routes’ with value 200, the result was worse. Then I tried with value 50, the result was a bit better, but not perfect.
I made a workaround with a script started with the ‘up’ setting, but I think the OpenVPN should do the route adding.
I included all wanted ‘/sbin/ip route add’ line in the script to be sure the all routes are there. The last start of the OpenVPN produced this:
Sun Oct 9 20:11:37 2016 /sbin/ip route add 172.24.16.0/22 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 172.25.16.0/22 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.2.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.3.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.4.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.19.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.20.0/24 via 192.168.254.2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.40.0/24 via 192.168.254.2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.41.0/24 via 192.168.254.2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.55.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.56.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.100.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.250.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.251.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.253.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Oct 9 20:11:37 2016 /sbin/ip route add 192.168.254.0/24 via 192.168.254.2
RTNETLINK answers: File exists
Sun Oct 9 20:11:37 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Those line with bold means that those commands were succeeded. The succeed of those commands means that OpenVPN hasn’t succeeded adding those routes.
So . why OpenVPN fails randomly adding routes?
OpenVPN Support Forum
ERROR: Linux route add command failed: external program exited with error status: 2
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
ERROR: Linux route add command failed: external program exited with error status: 2
Post by Anna Gz » Wed May 16, 2018 4:06 pm
RTNETLINK answers: File exists Tue May 15 23:45:19 2018 ERROR: Linux route add command failed: external program exited with error status: 2port 16122 proto udp dev tun sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh2048.pem topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" keepalive 10 120 tls-auth ta.key 0 # This file is secret key-direction 0 cipher AES-256-CBC # AES auth SHA512 comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log log /var/log/openvpn.log verb 3 mssfix 0client dev tun proto udp sndbuf 0 rcvbuf 0 remote xxx.xx.xx.xx 16122 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun remote-cert-tls server key-direction 1 cipher AES-256-CBC auth SHA512 comp-lzo verb 3 script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.8.0.1 128.0.0.0 UG 0 0 0 tun0 default gateway 0.0.0.0 UG 600 0 0 wlp3s0 10.8.0.0 * 255.255.255.0 U 0 0 0 tun0 128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tun0 link-local * 255.255.0.0 U 1000 0 0 wlp3s0 185.141.27.87 gateway 255.255.255.255 UGH 0 0 0 wlp3s0 192.168.1.0 * 255.255.255.0 U 600 0 0 wlp3s0I go online through a router from a laptop. I start vnn through the terminal.
Please tell me how can I fix this error?
OpenVPN Support Forum
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Linux route add command failed
Post by dermessi » Thu Mar 19, 2015 7:38 pm
what I want to achieve: I want to enter a remote network in order to be able to access a web server which is located in the remote network. To do so I have installed a RaspberryPI running the OpenVPN server into the remote net. The VPN-server should route all the traffic of the client into the remote net and back to it. When I use my mobile phone (android system, client1) everything works fine. But if I am trying to do the same with client2 (laptop, running with linux mint) it doesn’t work even though the «Initialization Sequence is Completed» Note, that the config file of client 2 is exactly the same as the one of client1 where everthing works fine.
local 192.168.2.221 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS dev tun proto udp #Some people prefer to use tcp. Don't change it if you don't know. port 1194 ca . cert . key . dh . server 10.8.0.0 255.255.255.0 # server and remote endpoints ifconfig 10.8.0.1 10.8.0.2 push "route 10.8.0.1 255.255.255.255" push "route 10.8.0.0 255.255.255.0" push "route 192.168.2.221 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed. push "redirect-gateway def1" client-to-client duplicate-cn keepalive 10 120 tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 cipher AES-128-CBC comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log 20 log /var/log/openvpn.log verb 1 client dev tun proto udp remote xxx.xxx.xxx.xxx 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ns-cert-type server key-direction 1 cipher AES-128-CBC comp-lzo verb 1 mute 20 ~ $ route Kernel-IP-Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface default speedport.ip 0.0.0.0 UG 0 0 0 wlan0 192.168.2.0 * 255.255.255.0 U 9 0 0 wlan0 ~ $ Thu Mar 19 19:15:32 2015 Control Channel Authentication: tls-auth using INLINE static key file Thu Mar 19 19:15:32 2015 UDPv4 link local: [undef] Thu Mar 19 19:15:32 2015 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194 Thu Mar 19 19:15:33 2015 [serverOpenVPN] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194 Thu Mar 19 19:15:35 2015 TUN/TAP device tun0 opened Thu Mar 19 19:15:35 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Mar 19 19:15:35 2015 /sbin/ip link set dev tun0 up mtu 1500 Thu Mar 19 19:15:35 2015 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5 RTNETLINK answers: Invalid argument Thu Mar 19 19:15:35 2015 ERROR: Linux route add command failed: external program exited with error status: 2 RTNETLINK answers: File exists Thu Mar 19 19:15:35 2015 ERROR: Linux route add command failed: external program exited with error status: 2 Thu Mar 19 19:15:35 2015 Initialization Sequence Completed ~ $ route Kernel-IP-Routentabelle Ziel Router Genmask Flags Metric Ref Use Iface default 10.8.0.5 128.0.0.0 UG 0 0 0 tun0 default speedport.ip 0.0.0.0 UG 0 0 0 wlan0 10.8.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0 10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0 10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0 p57B3404E.dip0. speedport.ip 255.255.255.255 UGH 0 0 0 wlan0 128.0.0.0 10.8.0.5 128.0.0.0 UG 0 0 0 tun0 192.168.2.0 * 255.255.255.0 U 9 0 0 wlan0 ~ $ RTNETLINK answers: File exists Thu Mar 19 19:15:35 2015 ERROR: Linux route add command failed: external program exited with error status: 2 Even though I have no access to the remote network (remote web server) I am able to ping the RaspberryPi (10.8.0.1) when connected.
I haven’t found a working solution yet. Someone has an idea? Help is really appreciated.
Best regard!