OpenVPN error : Error: Nexthop has invalid gateway.

randomAbraham · 2018-12-29 12:35:14

sudo openvpn openvpn-tcp80.ovpn

Sat Dec 29 18:02:33 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Sat Dec 29 18:02:33 2018 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10
Enter Auth Username: vpnbook
Enter Auth Password: *******
Sat Dec 29 18:02:42 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Dec 29 18:02:42 2018 NOTE: --fast-io is disabled since we are not using UDP
Sat Dec 29 18:02:42 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]37.187.158.97:80
Sat Dec 29 18:02:42 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sat Dec 29 18:02:42 2018 Attempting to establish TCP connection with [AF_INET]37.187.158.97:80 [nonblock]
Sat Dec 29 18:02:43 2018 TCP connection established with [AF_INET]37.187.158.97:80
Sat Dec 29 18:02:43 2018 TCP_CLIENT link local: (not bound)
Sat Dec 29 18:02:43 2018 TCP_CLIENT link remote: [AF_INET]37.187.158.97:80
Sat Dec 29 18:02:46 2018 TLS: Initial packet from [AF_INET]37.187.158.97:80, sid=7d13fd36 eeacb489
Sat Dec 29 18:02:46 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Dec 29 18:02:47 2018 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Sat Dec 29 18:02:47 2018 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Sat Dec 29 18:02:49 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat Dec 29 18:02:49 2018 [vpnbook.com] Peer Connection Initiated with [AF_INET]37.187.158.97:80
Sat Dec 29 18:02:50 2018 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
Sat Dec 29 18:02:51 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS  213.186.33.99,dhcp-option DNS  91.239.100.100,route 10.12.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.12.0.254 10.12.0.253,peer-id 0,cipher AES-256-GCM'
Sat Dec 29 18:02:51 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 29 18:02:51 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 29 18:02:51 2018 OPTIONS IMPORT: route options modified
Sat Dec 29 18:02:51 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Dec 29 18:02:51 2018 OPTIONS IMPORT: peer-id set
Sat Dec 29 18:02:51 2018 OPTIONS IMPORT: adjusting link_mtu to 1627
Sat Dec 29 18:02:51 2018 OPTIONS IMPORT: data channel crypto options modified
Sat Dec 29 18:02:51 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Dec 29 18:02:51 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 29 18:02:51 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 29 18:02:51 2018 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=wlp3s0 HWADDR=30:d1:6b:8c:13:5b
Sat Dec 29 18:02:51 2018 TUN/TAP device tun3 opened
Sat Dec 29 18:02:51 2018 TUN/TAP TX queue length set to 100
Sat Dec 29 18:02:51 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Dec 29 18:02:51 2018 /usr/bin/ip link set dev tun3 up mtu 1500
Sat Dec 29 18:02:51 2018 /usr/bin/ip addr add dev tun3 local 10.12.0.254 peer 10.12.0.253
Sat Dec 29 18:02:53 2018 /usr/bin/ip route add 37.187.158.97/32 via 192.168.43.1
Sat Dec 29 18:02:53 2018 /usr/bin/ip route add 0.0.0.0/1 via 10.12.0.253
Error: Nexthop has invalid gateway.
Sat Dec 29 18:02:53 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Dec 29 18:02:53 2018 /usr/bin/ip route add 128.0.0.0/1 via 10.12.0.253
Error: Nexthop has invalid gateway.
Sat Dec 29 18:02:53 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Dec 29 18:02:53 2018 /usr/bin/ip route add 10.12.0.1/32 via 10.12.0.253
Error: Nexthop has invalid gateway.
Sat Dec 29 18:02:53 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Dec 29 18:02:53 2018 Initialization Sequence Completed

Error: Nexthop has invalid gateway.

How to fix this?

Last edited by randomAbraham (2018-12-30 05:30:22)

graysky · 2018-12-29 12:37:36

Did you google openvpn Error: Nexthop has invalid gateway?

randomAbraham · 2018-12-29 12:50:15

Yes, in those they were fixing files that didn't exist in mine.

randomAbraham · 2018-12-29 15:20:55

On restarting,
it gets initialised but after a while this happens :

RTNETLINK answers: Cannot assign requested address
Sat Dec 29 22:09:23 2018 Linux ip addr del failed: external program exited with error status: 2
Sat Dec 29 22:09:24 2018 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=wlp3s0 HWADDR=30:d1:6b:8c:13:5b
Sat Dec 29 22:09:24 2018 TUN/TAP device tun0 opened
Sat Dec 29 22:09:24 2018 TUN/TAP TX queue length set to 100
Sat Dec 29 22:09:24 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Dec 29 22:09:24 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Sat Dec 29 22:09:24 2018 /usr/bin/ip addr add dev tun0 local 10.8.0.106 peer 10.8.0.105
Sat Dec 29 22:09:26 2018 /usr/bin/ip route add 192.99.37.222/32 via 192.168.43.1
Sat Dec 29 22:09:26 2018 /usr/bin/ip route add 0.0.0.0/1 via 10.8.0.105
Error: Nexthop has invalid gateway.

Last edited by randomAbraham (2018-12-29 17:06:05)

madman_xxx · 2018-12-29 22:54:11

Hello,

randomAbraham wrote:

...
Sat Dec 29 22:09:24 2018 /usr/bin/ip addr add dev tun0 local 10.8.0.106 peer 10.8.0.105
...

I think that's the problem right there. AFAIK ip addr add expects an IP with netmask, without it /32 is assumed. If such a mask is used, the peer is in fact unreachable (outside of /32) and adding any routes that point to it makes no sense. A mask of /31 would also be inappropriate:

$ ipcalc 10.8.0.106/31
Address:   10.8.0.106           00001010.00001000.00000000.0110101 0
Netmask:   255.255.255.254 = 31 11111111.11111111.11111111.1111111 0
Wildcard:  0.0.0.1              00000000.00000000.00000000.0000000 1
=>
Network:   10.8.0.106/31        00001010.00001000.00000000.0110101 0
HostMin:   10.8.0.106           00001010.00001000.00000000.0110101 0
HostMax:   10.8.0.107           00001010.00001000.00000000.0110101 1
Hosts/Net: 2                     Class A, Private Internet, PtP Link RFC 3021

Either the addresses should be e.g. local 10.8.0.106 peer 10.8.0.107 or mask /30.

If you cannot change config on server side, you may just add the addresses manually.

AFAIK2 - Windows systems do not expose this behaviour.

jasonwryan · 2018-12-29 23:10:12

Please edit your thread title to reflect your actual issue: https://wiki.archlinux.org/index.php/Co … ow_to_post

randomAbraham · 2018-12-30 05:33:48

@madman_xxx

How do I manually add them?

@jasonwryan
Sorry for that, changed the title.

madman_xxx · 2018-12-30 20:39:07

randomAbraham wrote:

...
How do I manually add them?
...

The same way OpenVPN tries to do it (more less):

# Make a connection
openvpn openvpn-tcp80.ovpn

# Open another session

# Become root
sudo -i

# Remove existing, incorrect address
# nothing else than replacing 'add' keyword with 'del'
ip addr del dev tun3 local 10.12.0.254 peer 10.12.0.253

# add proper address
# this should be the same as seen in the connection log, netmask included
ip addr add dev tun3 local 10.12.0.254/30 peer 10.12.0.253

# add static routes - these should work by entering them without modifications:
ip route add 0.0.0.0/1 via 10.12.0.253
ip route add 128.0.0.0/1 via 10.12.0.253

Note: Make sure you use the correct addresses - I have used those from the log.

randomAbraham · 2018-12-31 08:07:48

This is what I got this time :

Mon Dec 31 13:35:09 2018 TUN/TAP device tun0 opened
Mon Dec 31 13:35:09 2018 TUN/TAP TX queue length set to 100
Mon Dec 31 13:35:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Dec 31 13:35:09 2018 /usr/bin/ip link set dev tun0 up mtu 1500
Mon Dec 31 13:35:09 2018 /usr/bin/ip addr add dev tun0 local 10.8.0.106 peer 10.8.0.105
Mon Dec 31 13:35:12 2018 /usr/bin/ip route add 192.99.37.222/32 via 192.168.43.1
Mon Dec 31 13:35:12 2018 /usr/bin/ip route add 0.0.0.0/1 via 10.8.0.105
Error: Nexthop has invalid gateway.
Mon Dec 31 13:35:12 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Dec 31 13:35:12 2018 /usr/bin/ip route add 128.0.0.0/1 via 10.8.0.105
Error: Nexthop has invalid gateway.
Mon Dec 31 13:35:12 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Dec 31 13:35:12 2018 /usr/bin/ip route add 10.8.0.1/32 via 10.8.0.105
Error: Nexthop has invalid gateway.
Mon Dec 31 13:35:12 2018 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Dec 31 13:35:12 2018 Initialization Sequence Completed

I tried

# ip addr del dev tun3 local 10.8.0.106 peer 10.8.0.105
Cannot find device "tun3"

I modified tun3 to tun0

# ip addr del dev tun0 local 10.8.0.106 peer 10.8.0.105
RTNETLINK answers: Cannot assign requested address

Are these the right addresses?

Last edited by randomAbraham (2018-12-31 08:08:24)

Arch Linux

#1 2018-12-29 12:35:14

OpenVPN error : Error: Nexthop has invalid gateway.

#2 2018-12-29 12:37:36

Re: OpenVPN error : Error: Nexthop has invalid gateway.

#3 2018-12-29 12:50:15

Re: OpenVPN error : Error: Nexthop has invalid gateway.

#4 2018-12-29 15:20:55

Re: OpenVPN error : Error: Nexthop has invalid gateway.

#5 2018-12-29 22:54:11

Re: OpenVPN error : Error: Nexthop has invalid gateway.

#6 2018-12-29 23:10:12

Re: OpenVPN error : Error: Nexthop has invalid gateway.

#7 2018-12-30 05:33:48

Re: OpenVPN error : Error: Nexthop has invalid gateway.

#8 2018-12-30 20:39:07

Re: OpenVPN error : Error: Nexthop has invalid gateway.

#9 2018-12-31 08:07:48

Re: OpenVPN error : Error: Nexthop has invalid gateway.

Board footer