You are not logged in.

#1 2012-10-04 11:15:20

jiewmeng
Member
Registered: 2012-02-09
Posts: 117

openvpn: Linux route add command failed

I am trying to VPN into the school network using openvpn. The files I've downloaded: http://pastie.org/4908260

Then I did

sudo openvpn --config socvpn.ovpn --ca ca.txt 

The output:

Thu Oct  4 19:08:05 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Aug 18 2012
Enter Auth Username:...
Enter Auth Password:
Thu Oct  4 19:08:14 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Oct  4 19:08:14 2012 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Thu Oct  4 19:08:14 2012 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Oct  4 19:08:14 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Oct  4 19:08:14 2012 RESOLVE: NOTE: vpn.comp.nus.edu.sg resolves to 2 addresses
Thu Oct  4 19:08:14 2012 Data Channel MTU parms [ L:1575 D:1460 EF:43 EB:4 ET:32 EL:0 ]
Thu Oct  4 19:08:14 2012 Local Options hash (VER=V4): '10f35004'
Thu Oct  4 19:08:14 2012 Expected Remote Options hash (VER=V4): 'a917298a'
Thu Oct  4 19:08:14 2012 Attempting to establish TCP connection with 137.132.80.26:443 [nonblock]
Thu Oct  4 19:08:15 2012 TCP connection established with 137.132.80.26:443
Thu Oct  4 19:08:15 2012 TCPv4_CLIENT link local: [undef]
Thu Oct  4 19:08:15 2012 TCPv4_CLIENT link remote: 137.132.80.26:443
Thu Oct  4 19:08:15 2012 TLS: Initial packet from 137.132.80.26:443, sid=c00fffa6 680cfb0b
Thu Oct  4 19:08:15 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Oct  4 19:08:15 2012 VERIFY OK: depth=1, /C=SG/ST=Singapore/L=Singapore/O=National_University_of_Singapore/CN=National_University_of_Singapore_CA/emailAddress=root@noc.comp.nus.edu.sg
Thu Oct  4 19:08:15 2012 VERIFY OK: nsCertType=SERVER
Thu Oct  4 19:08:15 2012 VERIFY OK: depth=0, /C=SG/ST=Singapore/L=Singapore/O=National_University_of_Singapore/CN=vpn.comp.nus.edu.sg/emailAddress=root@noc.comp.nus.edu.sg
Thu Oct  4 19:08:16 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct  4 19:08:16 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct  4 19:08:16 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct  4 19:08:16 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct  4 19:08:16 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Oct  4 19:08:16 2012 [vpn.comp.nus.edu.sg] Peer Connection Initiated with 137.132.80.26:443
Thu Oct  4 19:08:18 2012 SENT CONTROL [vpn.comp.nus.edu.sg]: 'PUSH_REQUEST' (status=1)
Thu Oct  4 19:08:18 2012 PUSH: Received control message: 'PUSH_REPLY,route remote_host 255.255.255.255 net_gateway,route 137.132.0.0 255.255.0.0 172.18.180.1,route 172.16.0.0 255.240.0.0 172.18.180.1,route 192.168.20.0 255.255.254.0 172.18.180.1,route 192.168.21.0 255.255.254.0 172.18.180.1,route 192.168.24.0 255.255.254.0 172.18.180.1,dhcp-option DNS 137.132.85.2,dhcp-option DNS 137.132.94.2,dhcp-option WINS 137.132.1.60,dhcp-option WINS 137.132.1.63,ping 10,ping-restart 120,ifconfig 172.18.180.136 255.255.255.128'
Thu Oct  4 19:08:18 2012 OPTIONS IMPORT: timers and/or timeouts modified
Thu Oct  4 19:08:18 2012 OPTIONS IMPORT: --ifconfig/up options modified
Thu Oct  4 19:08:18 2012 OPTIONS IMPORT: route options modified
Thu Oct  4 19:08:18 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Oct  4 19:08:18 2012 ROUTE default_gateway=192.168.1.254
Thu Oct  4 19:08:18 2012 TUN/TAP device tap0 opened
Thu Oct  4 19:08:18 2012 TUN/TAP TX queue length set to 100
Thu Oct  4 19:08:18 2012 /usr/sbin/ip link set dev tap0 up mtu 1500
Thu Oct  4 19:08:18 2012 /usr/sbin/ip addr add dev tap0 172.18.180.136/25 broadcast 172.18.180.255
Thu Oct  4 19:08:18 2012 /usr/sbin/ip route add 137.132.80.26/32 via 192.168.1.254
Thu Oct  4 19:08:18 2012 /usr/sbin/ip route add 137.132.0.0/16 via 172.18.180.1
RTNETLINK answers: No such process
Thu Oct  4 19:08:18 2012 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Oct  4 19:08:18 2012 /usr/sbin/ip route add 172.16.0.0/12 via 172.18.180.1
RTNETLINK answers: No such process
Thu Oct  4 19:08:18 2012 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Oct  4 19:08:18 2012 /usr/sbin/ip route add 192.168.20.0/23 via 172.18.180.1
RTNETLINK answers: No such process
Thu Oct  4 19:08:18 2012 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Oct  4 19:08:18 2012 /usr/sbin/ip route add 192.168.21.0/23 via 172.18.180.1
RTNETLINK answers: Invalid argument
Thu Oct  4 19:08:18 2012 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Oct  4 19:08:18 2012 /usr/sbin/ip route add 192.168.24.0/23 via 172.18.180.1
RTNETLINK answers: No such process
Thu Oct  4 19:08:18 2012 ERROR: Linux route add command failed: external program exited with error status: 2
sh: start: command not found
Thu Oct  4 19:08:18 2012 WARNING: Failed running command (--route-up): could not execute external program
Thu Oct  4 19:08:18 2012 Initialization Sequence Completed
^CThu Oct  4 19:10:37 2012 event_wait : Interrupted system call (code=4)
Thu Oct  4 19:10:37 2012 TCP/UDP: Closing socket
Thu Oct  4 19:10:37 2012 /usr/sbin/ip route del 137.132.80.26/32
Thu Oct  4 19:10:37 2012 Closing TUN/TAP interface
Thu Oct  4 19:10:37 2012 /usr/sbin/ip addr del dev tap0 172.18.180.136/25
Thu Oct  4 19:10:37 2012 SIGINT[hard,] received, process exiting

Whats wrong? It looks like something on my side? regarding "Linux route add command failed", I did run with sudo already

Last edited by jiewmeng (2012-10-04 11:38:09)


Computer Science Student, Web Developer

Offline

#2 2012-10-04 11:24:32

karol
Archivist
Registered: 2009-05-06
Posts: 25,428

Re: openvpn: Linux route add command failed

When pasting code, please use [ code ] tags, not [ quote ] tags https://bbs.archlinux. org/help.php#bbcode

like this

It makes the code more readable and - in case of longer listings - more convenient to  scroll through.

Offline

#3 2012-10-04 11:44:07

p0x8
Member
Registered: 2012-09-20
Posts: 67

Re: openvpn: Linux route add command failed

You seem to be getting invalid network settings. The IP address is:

Thu Oct  4 19:08:18 2012 /usr/sbin/ip addr add dev tap0 172.18.180.136/25 broadcast 172.18.180.255

Notice the /25 network mask. If your IP is .136, it means you won't be able to access any host on the 172.18.180.{0..127} range. So trying to add a route through 172.18.180.1 fails:

Thu Oct  4 19:08:18 2012 /usr/sbin/ip route add 137.132.0.0/16 via 172.18.180.1
RTNETLINK answers: No such process

It looks like the VPN server is not properly set up.


EDIT: As a workaround you can try establishing the connection, manually set the network mask to /24 and then add all the routes.

Last edited by p0x8 (2012-10-04 12:29:33)

Offline

#4 2012-10-04 11:47:37

seveg
Member
From: Bratislava, Slovakia
Registered: 2012-04-17
Posts: 33

Re: openvpn: Linux route add command failed

Could you post your vpn config?


Just another drug abuser..

Offline

#5 2012-10-04 13:06:09

jiewmeng
Member
Registered: 2012-02-09
Posts: 117

Re: openvpn: Linux route add command failed

@p0x8, how do I "manually set the network mask to /24 and then add all the routes"?

@seveg Hmm what VPN config? Cos its not my server ... its the school's, unless I can get it somehow? I do that the 2 files downloaded in the OP.


Computer Science Student, Web Developer

Offline

#6 2012-10-04 14:05:49

seveg
Member
From: Bratislava, Slovakia
Registered: 2012-04-17
Posts: 33

Re: openvpn: Linux route add command failed

I meant content of socvpn.ovpn, but now I see you have provided it in your first post..

Anyway, p0x8 is right, you can't set gateway to 172.18.180.1 in 172.18.180.136/25 subnet, because range of this subnet is  172.18.180.129-254
Try to conntact server admin for help. About suggested workaround, I'm not sure how to override ip address/subnet pulled from server..

Last edited by seveg (2012-10-04 14:07:03)


Just another drug abuser..

Offline

#7 2012-10-04 14:44:53

p0x8
Member
Registered: 2012-09-20
Posts: 67

Re: openvpn: Linux route add command failed

After the connection is established you have a tap0 network device with a 172.18.180.xxx IP address, despite the error messages. Don't kill the openvpn client, and on another console repeat all the configuration commands you can see in the log, but using a /24 mask to set the IP address:

1) reset the IP and network mask (the 172.18.180.136 address is just an example, use the one you got from the server):

sudo ip addr add dev tap0 172.18.180.136/24 broadcast 172.18.180.255

2) create all the routes:

sudo ip route add 137.132.80.26/32 via 192.168.1.254
sudo ip route add 137.132.0.0/16 via 172.18.180.1
sudo ip route add 172.16.0.0/12 via 172.18.180.1
sudo ip route add 192.168.20.0/23 via 172.18.180.1
sudo ip route add 192.168.21.0/23 via 172.18.180.1
sudo ip route add 192.168.24.0/23 via 172.18.180.1

It may not work, depending on the network configuration on the server side, but it's worth a try.

Offline

#8 2012-10-04 14:57:27

seveg
Member
From: Bratislava, Slovakia
Registered: 2012-04-17
Posts: 33

Re: openvpn: Linux route add command failed

According to this, I woud suppose that tap0 is no longer available:

Thu Oct  4 19:10:37 2012 TCP/UDP: Closing socket
Thu Oct  4 19:10:37 2012 /usr/sbin/ip route del 137.132.80.26/32
Thu Oct  4 19:10:37 2012 Closing TUN/TAP interface
Thu Oct  4 19:10:37 2012 /usr/sbin/ip addr del dev tap0 172.18.180.136/25
Thu Oct  4 19:10:37 2012 SIGINT[hard,] received, process exiting

Just another drug abuser..

Offline

#9 2012-10-04 15:22:59

p0x8
Member
Registered: 2012-09-20
Posts: 67

Re: openvpn: Linux route add command failed

In that example, yes, due to Ctrl+C being hit to kill the openvpn client:

Thu Oct  4 19:08:18 2012 Initialization Sequence Completed
^CThu Oct  4 19:10:37 2012 event_wait : Interrupted system call (code=4)
Thu Oct  4 19:10:37 2012 TCP/UDP: Closing socket

Offline

#10 2012-10-05 06:31:35

seveg
Member
From: Bratislava, Slovakia
Registered: 2012-04-17
Posts: 33

Re: openvpn: Linux route add command failed

Oh, I see. In that case, changing routing table really is easy.


Just another drug abuser..

Offline

Board footer

Powered by FluxBB