Network unreachable (code=101)

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
Dash
OpenVpn Newbie
Posts: 3
Joined: Sat Feb 02, 2019 10:32 pm

Network unreachable (code=101)

Post by Dash » Sat Feb 02, 2019 10:48 pm

Hey there!

I'm setting up a VPN between a cloud server (my server, created following https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-18-04, and a router (my client, a Linksys AE5800 configured with OpenWRT as outlined in https://openwrt.org/docs/guide-user/services/vpn/openvpn/client, and while things have gone relatively smoothly thus far, I've run into a snag where my client isn't able to connect.

As you'll see below, the error I get is "Network unreachable (code=101)", but I haven't been able to find any documentation on the error code numbers to help me figure out what I'm doing wrong, and I hope one of you will be able to help me out.

As a note, I have confirmed that the server is working as expected - I plugged the same configuration file into the Windows OpenVPN client and it connected up and handled traffic with no fuss at all.

Here are my configuration files and logs:

server

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1

Code: Select all

Sat Feb  2 22:09:29 2019 us=238436   client_connect_script = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238442   learn_address_script = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238447   client_disconnect_script = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238453   client_config_dir = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238458   ccd_exclusive = DISABLED
Sat Feb  2 22:09:29 2019 us=238464   tmp_dir = '/tmp'
Sat Feb  2 22:09:29 2019 us=238470   push_ifconfig_defined = DISABLED
Sat Feb  2 22:09:29 2019 us=238476   push_ifconfig_local = 0.0.0.0
Sat Feb  2 22:09:29 2019 us=238486   push_ifconfig_remote_netmask = 0.0.0.0
Sat Feb  2 22:09:29 2019 us=238492   push_ifconfig_ipv6_defined = DISABLED
Sat Feb  2 22:09:29 2019 us=238499   push_ifconfig_ipv6_local = ::/0
Sat Feb  2 22:09:29 2019 us=238505   push_ifconfig_ipv6_remote = ::
Sat Feb  2 22:09:29 2019 us=238511   enable_c2c = DISABLED
Sat Feb  2 22:09:29 2019 us=238518   duplicate_cn = DISABLED
Sat Feb  2 22:09:29 2019 us=238523   cf_max = 0
Sat Feb  2 22:09:29 2019 us=238528   cf_per = 0
Sat Feb  2 22:09:29 2019 us=238535   max_clients = 1024
Sat Feb  2 22:09:29 2019 us=238540   max_routes_per_client = 256
Sat Feb  2 22:09:29 2019 us=238546   auth_user_pass_verify_script = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238553   auth_user_pass_verify_script_via_file = DISABLED
Sat Feb  2 22:09:29 2019 us=238559   auth_token_generate = DISABLED
Sat Feb  2 22:09:29 2019 us=238564   auth_token_lifetime = 0
Sat Feb  2 22:09:29 2019 us=238569   port_share_host = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238575   port_share_port = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238581   client = DISABLED
Sat Feb  2 22:09:29 2019 us=238587   pull = DISABLED
Sat Feb  2 22:09:29 2019 us=238594   auth_user_pass_file = '[UNDEF]'
Sat Feb  2 22:09:29 2019 us=238601 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018
Sat Feb  2 22:09:29 2019 us=238612 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Sat Feb  2 22:09:29 2019 us=242254 Diffie-Hellman initialized with 2048 bit key
Sat Feb  2 22:09:29 2019 us=242620 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Feb  2 22:09:29 2019 us=242639 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Feb  2 22:09:29 2019 us=242650 TLS-Auth MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sat Feb  2 22:09:29 2019 us=242825 ROUTE_GATEWAY {server address}/255.255.240.0 IFACE=eth0 HWADDR=56:78:36:3e:33:51
Sat Feb  2 22:09:29 2019 us=247316 TUN/TAP device tun0 opened
Sat Feb  2 22:09:29 2019 us=247412 TUN/TAP TX queue length set to 100
Sat Feb  2 22:09:29 2019 us=247427 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Feb  2 22:09:29 2019 us=247443 /sbin/ip link set dev tun0 up mtu 1500
Sat Feb  2 22:09:29 2019 us=256568 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sat Feb  2 22:09:29 2019 us=262939 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sat Feb  2 22:09:29 2019 us=265768 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Feb  2 22:09:29 2019 us=266103 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Feb  2 22:09:29 2019 us=266123 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Feb  2 22:09:29 2019 us=266135 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Feb  2 22:09:29 2019 us=266140 UDPv4 link remote: [AF_UNSPEC]
Sat Feb  2 22:09:29 2019 us=266148 GID set to nogroup
Sat Feb  2 22:09:29 2019 us=266156 UID set to nobody
Sat Feb  2 22:09:29 2019 us=266166 MULTI: multi_init called, r=256 v=256
Sat Feb  2 22:09:29 2019 us=266188 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Feb  2 22:09:29 2019 us=266196 ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
Sat Feb  2 22:09:29 2019 us=266203 succeeded -> ifconfig_pool_set()
Sat Feb  2 22:09:29 2019 us=266208 IFCONFIG POOL LIST
Sat Feb  2 22:09:29 2019 us=266213 client1,10.8.0.4
Sat Feb  2 22:09:29 2019 us=267905 Initialization Sequence Completed
client

client
dev tun
proto udp
remote {server address} 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
key-direction 1
verb 4
# script-security 2
# up /etc/openvpn/update-resolve-conf
# down /etc/openvpn/update-resolve-conf
<ca>
{removed}
</ca>
<cert>
{removed}
</cert>
<key>
{removed}
</key>
<tls-auth>
{removed}
</tls-auth>

Code: Select all

Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Re-using SSL/TLS context
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: TCP/UDP: Preserving recently used remote address: [AF_INET]{server address}:1194
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: UDP link local: (not bound)
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: UDP link remote: [AF_INET]{server address}:1194
Sat Feb  2 22:41:55 2019 daemon.err openvpn(vpnclient)[30135]: write UDP: Network unreachable (code=101)
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Network unreachable, restarting
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: TCP/UDP: Closing socket
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: SIGUSR1[soft,network-unreachable] received, process restarting
Sat Feb  2 22:41:55 2019 daemon.notice openvpn(vpnclient)[30135]: Restart pause, 300 second(s)

Dash
OpenVpn Newbie
Posts: 3
Joined: Sat Feb 02, 2019 10:32 pm

Re: Network unreachable (code=101)

Post by Dash » Tue Feb 12, 2019 8:17 am

Is there something I should add to this to make it easier to answer?

Barring that, are there other places I should look for help on this (even at a cost)?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5574
Joined: Fri Jun 03, 2016 1:17 pm

Re: Network unreachable (code=101)

Post by TinCanTech » Tue Feb 12, 2019 2:04 pm

Dash wrote:
Sat Feb 02, 2019 10:48 pm
I have confirmed that the server is working as expected - I plugged the same configuration file into the Windows OpenVPN client and it connected up and handled traffic with no fuss at all.
Then most likely you have not configured the network in your router correctly.

Dash
OpenVpn Newbie
Posts: 3
Joined: Sat Feb 02, 2019 10:32 pm

Re: Network unreachable (code=101)

Post by Dash » Sat Feb 16, 2019 12:15 pm

Thanks much. It was definitely some kind of router configuration issue.

Unfortunately the fix ended up being starting completely over with the router setup, so I don't know specifically what the issue was, but if anyone wants to see what I went through before arriving at the "just flash the router's firmware and try again" solution, you can find it at: https://forum.openwrt.org/t/network-unr ... e/31313/17

Locked