Openvpn no route added

Started by lirees, March 31, 2023, 08:15:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 31, 2023, 08:15:08 AM
Hi,

i have a strange problem with the vpn connection between opnsense (client side ) and an old version of endian 2.5 (server side ) VPN connection goes up but server side cannot be reached from client .. in the routing table there is somthing wrong

Code Select
Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.73.2       UGS         em1
127.0.0.1          link#4             UH          lo0
192.168.12.16      link#7             UHS         lo0
192.168.17.0/24    link#1             U           em0
192.168.17.3       link#1             UHS         lo0
192.168.73.0/24    link#2             U           em1
192.168.73.130     link#2             UHS         lo0
255.255.255.0      link#7             UH       ovpnc1



the network config opnsense side is
IPv4 Tunnel Network : 192.168.12.0/24
IPv4 Remote Network : 192.168.1.0/24

in the log there is many errors about "route add command failed"

Code Select
2023-03-31T08:10:21 Notice openvpn_client1 Initialization Sequence Completed
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Notice openvpn_client1 /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1622 192.168.12.16 255.255.255.0 init
2023-03-31T08:10:21 Notice openvpn_client1 /sbin/ifconfig ovpnc1 192.168.12.16 255.255.255.0 mtu 1500 netmask 255.255.255.255 up
2023-03-31T08:10:21 Notice openvpn_client1 TUN/TAP device /dev/tun1 opened
2023-03-31T08:10:21 Notice openvpn_client1 TUN/TAP device ovpnc1 exists previously, keep at program end
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-03-31T08:10:20 Notice openvpn_client1 [127.0.0.1] Peer Connection Initiated with [AF_INET]88.54.217.98:1194
2023-03-31T08:10:20 Warning openvpn_client1 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
2023-03-31T08:10:20 Warning openvpn_client1 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
2023-03-31T08:10:20 Warning openvpn_client1 WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-03-31T08:10:19 Notice openvpn_client1 UDP link remote: [AF_INET]88.54.217.98:1194
2023-03-31T08:10:19 Notice openvpn_client1 UDP link local (bound): [AF_INET]192.168.73.130:0
2023-03-31T08:10:19 Notice openvpn_client1 TCP/UDP: Preserving recently used remote address: [AF_INET]88.54.217.98:1194
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-03-31T08:10:19 Warning openvpn_client1 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: using --pull/--client and --ifconfig together is probably not what you want
2023-03-31T08:10:19 Notice openvpn_client1 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2023-03-31T08:10:19 Notice openvpn_client1 OpenVPN 2.5.8 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 23 2023
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
2023-03-31T08:10:19 Warning openvpn_client1 DEPRECATED OPTION: --cipher set to 'BF-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'BF-CBC' to --data-ciphers or change --cipher 'BF-CBC' to --data-ciphers-fallback 'BF-CBC' to silence this warning.
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-03-31T08:10:19 Notice openvpn_client1 SIGTERM[hard,] received, process exiting
2023-03-31T08:10:19 Notice openvpn_client1 /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1622 192.168.12.16 255.255.255.0 init

i have tried to leave empty the tunnel network and remote network, assign the ovpnc1 to interface and route the remote subnet manually but nothing to do

i don't understand where i wrong

Thanks in advance
Print
Go Up Pages1
User actions