Adding routes seemingly fail on Windows after force close openvpn

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Letalis
OpenVPN User
Posts: 47
Joined: Mon Sep 14, 2020 11:46 am

Adding routes seemingly fail on Windows after force close openvpn

Post by Letalis » Thu Mar 31, 2022 1:08 pm

Hi, when I connect to my OpenVPN server from Windows I push some routes to the client. Using a new TAP interface, these routes get created successfully each time I connect and disconnect with control-C:

Code: Select all

2022-03-31 13:43:47 C:\WINDOWS\system32\route.exe ADD 192.168.0.27 MASK 255.255.255.255 192.168.0.1 IF 29
2022-03-31 13:43:47 us=15000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
2022-03-31 13:43:47 us=15000 Route addition via IPAPI succeeded [adaptive]
2022-03-31 13:43:47 us=15000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
2022-03-31 13:43:47 us=15000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
2022-03-31 13:43:47 us=15000 Route addition via IPAPI succeeded [adaptive]
2022-03-31 13:43:47 us=15000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
2022-03-31 13:43:47 us=15000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
2022-03-31 13:43:47 us=15000 Route addition via IPAPI succeeded [adaptive]
2022-03-31 13:43:47 us=15000 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.0.0 192.168.0.1
2022-03-31 13:43:47 us=15000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
2022-03-31 13:43:47 us=15000 Route addition via IPAPI succeeded [adaptive]
2022-03-31 13:43:47 us=31000 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.0.0.0 192.168.0.1
2022-03-31 13:43:47 us=31000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
2022-03-31 13:43:47 us=31000 Route addition via IPAPI succeeded [adaptive]
2022-03-31 13:43:47 us=31000 C:\WINDOWS\system32\route.exe ADD 172.16.0.0 MASK 255.240.0.0 192.168.0.1
2022-03-31 13:43:47 us=31000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
2022-03-31 13:43:47 us=31000 Route addition via IPAPI succeeded [adaptive]
2022-03-31 13:43:47 us=31000 add_route_ipv6(::/3 -> fd15:53b6:dead::1 metric -1) dev openvpn-tap
2022-03-31 13:43:47 us=31000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route ::/3 11 fe80::8 store=active
2022-03-31 13:43:47 us=31000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:43:47 us=125000 add_route_ipv6(2000::/4 -> fd15:53b6:dead::1 metric -1) dev openvpn-tap
2022-03-31 13:43:47 us=125000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 2000::/4 11 fe80::8 store=active
2022-03-31 13:43:47 us=125000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:43:47 us=203000 add_route_ipv6(3000::/4 -> fd15:53b6:dead::1 metric -1) dev openvpn-tap
2022-03-31 13:43:47 us=203000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 3000::/4 11 fe80::8 store=active
2022-03-31 13:43:47 us=203000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:43:47 us=281000 add_route_ipv6(fc00::/7 -> fd15:53b6:dead::1 metric -1) dev openvpn-tap
2022-03-31 13:43:47 us=281000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route fc00::/7 11 fe80::8 store=active
2022-03-31 13:43:47 us=281000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
However, if for whatever reason, OpenVPN gets force closed, I get an error when an attempt to create these routes is made. This happens even after rebooting, so it's not as if some temporary routes don't get removed from the table:

Code: Select all

C:\WINDOWS\system32\route.exe ADD 192.168.0.27 MASK 255.255.255.255 192.168.0.1 IF 29
2022-03-31 13:38:45 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=29]
2022-03-31 13:38:45 Route addition via IPAPI failed [adaptive]
2022-03-31 13:38:45 Route addition fallback to route.exe
2022-03-31 13:38:45 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=46000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
2022-03-31 13:38:45 us=62000 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=11]
2022-03-31 13:38:45 us=62000 Route addition via IPAPI failed [adaptive]
2022-03-31 13:38:45 us=62000 Route addition fallback to route.exe
2022-03-31 13:38:45 us=62000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=93000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
2022-03-31 13:38:45 us=93000 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=11]
2022-03-31 13:38:45 us=93000 Route addition via IPAPI failed [adaptive]
2022-03-31 13:38:45 us=93000 Route addition fallback to route.exe
2022-03-31 13:38:45 us=93000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=140000 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.0.0 192.168.0.1
2022-03-31 13:38:45 us=140000 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=29]
2022-03-31 13:38:45 us=140000 Route addition via IPAPI failed [adaptive]
2022-03-31 13:38:45 us=140000 Route addition fallback to route.exe
2022-03-31 13:38:45 us=140000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=171000 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.0.0.0 192.168.0.1
2022-03-31 13:38:45 us=171000 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=29]
2022-03-31 13:38:45 us=171000 Route addition via IPAPI failed [adaptive]
2022-03-31 13:38:45 us=171000 Route addition fallback to route.exe
2022-03-31 13:38:45 us=171000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=218000 C:\WINDOWS\system32\route.exe ADD 172.16.0.0 MASK 255.240.0.0 192.168.0.1
2022-03-31 13:38:45 us=218000 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=29]
2022-03-31 13:38:45 us=218000 Route addition via IPAPI failed [adaptive]
2022-03-31 13:38:45 us=218000 Route addition fallback to route.exe
2022-03-31 13:38:45 us=218000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=250000 add_route_ipv6(::/3 -> fd15:53b6:dead::1 metric -1) dev opevnpn-tap
2022-03-31 13:38:45 us=250000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route ::/3 11 fe80::8 store=active
2022-03-31 13:38:45 us=250000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=328000 ERROR: Windows route add ipv6 command failed: returned error code 1
2022-03-31 13:38:45 us=328000 add_route_ipv6(2000::/4 -> fd15:53b6:dead::1 metric -1) dev opevnpn-tap
2022-03-31 13:38:45 us=328000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 2000::/4 11 fe80::8 store=active
2022-03-31 13:38:45 us=328000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=421000 ERROR: Windows route add ipv6 command failed: returned error code 1
2022-03-31 13:38:45 us=421000 add_route_ipv6(3000::/4 -> fd15:53b6:dead::1 metric -1) dev opevnpn-tap
2022-03-31 13:38:45 us=421000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 3000::/4 11 fe80::8 store=active
2022-03-31 13:38:45 us=421000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=500000 ERROR: Windows route add ipv6 command failed: returned error code 1
2022-03-31 13:38:45 us=500000 add_route_ipv6(fc00::/7 -> fd15:53b6:dead::1 metric -1) dev opevnpn-tap
2022-03-31 13:38:45 us=500000 C:\WINDOWS\system32\netsh.exe interface ipv6 add route fc00::/7 11 fe80::8 store=active
2022-03-31 13:38:45 us=500000 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
2022-03-31 13:38:45 us=593000 ERROR: Windows route add ipv6 command failed: returned error code 1
The only way I can get this error to go away is to delete the tap interface and recreate it, which isn't ideal. The stranger thing is that my routing table entries for before and after the connection don't seem to change from when I do get this error and don't get this error. (I have put both routing tables before the connection, one when the error occurs, and one where it doesn't, into a text comparison tool and found no differences. I've also tested both routing tables for after the connection, one with the error and one not. With either comparison there are no differences in the tables).

This is the routing tables before the connection:

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.14     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.14    291
     192.168.0.14  255.255.255.255         On-link      192.168.0.14    291
    192.168.0.255  255.255.255.255         On-link      192.168.0.14    291
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link      192.168.0.14    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link      192.168.0.14    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 16    281 fe80::/64                On-link
 29    291 fe80::/64                On-link
 29    291 fe80::607d:5e25:c52f:37e4/128
                                    On-link
 16    281 fe80::699c:88ba:4be0:2f42/128
                                    On-link
  1    331 ff00::/8                 On-link
 16    281 ff00::/8                 On-link
 29    291 ff00::/8                 On-link
===========================================================================
This is the routing tables after connection:

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.14     35
          0.0.0.0        128.0.0.0         10.8.0.1         10.8.0.2     25
         10.0.0.0        255.0.0.0      192.168.0.1     192.168.0.14     35
         10.8.0.0    255.255.254.0         On-link          10.8.0.2    281
         10.8.0.2  255.255.255.255         On-link          10.8.0.2    281
       10.8.1.255  255.255.255.255         On-link          10.8.0.2    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0         10.8.0.1         10.8.0.2     25
       172.16.0.0      255.240.0.0      192.168.0.1     192.168.0.14     35
      192.168.0.0      255.255.0.0      192.168.0.1     192.168.0.14     35
      192.168.0.0    255.255.255.0         On-link      192.168.0.14    291
     192.168.0.14  255.255.255.255         On-link      192.168.0.14    291
     192.168.0.27  255.255.255.255      192.168.0.1     192.168.0.14     35
    192.168.0.255  255.255.255.255         On-link      192.168.0.14    291
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link      192.168.0.14    291
        224.0.0.0        240.0.0.0         On-link          10.8.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link      192.168.0.14    291
  255.255.255.255  255.255.255.255         On-link          10.8.0.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    281 ::/3                     fe80::8
  1    331 ::1/128                  On-link
 11    281 2000::/4                 fe80::8
 11    281 3000::/4                 fe80::8
 11    281 fc00::/7                 fe80::8
 11    281 fd15:53b6:dead::/64      fe80::8
 11    281 fd15:53b6:dead::2/128    On-link
 16    281 fe80::/64                On-link
 29    291 fe80::/64                On-link
 11    281 fe80::/64                On-link
 11    281 fe80::195b:537f:10ee:36a8/128
                                    On-link
 29    291 fe80::607d:5e25:c52f:37e4/128
                                    On-link
 16    281 fe80::699c:88ba:4be0:2f42/128
                                    On-link
  1    331 ff00::/8                 On-link
 16    281 ff00::/8                 On-link
 29    291 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
I have no persistent routes for IPv4 or IPv6 listed.
Why does OpenVPN struggle to create the routes even after a reboot, when the same routes actually get created? Is this actually a problem if the routing tables seem to be the same or could it be safely ignored?
Thanks.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Adding routes seemingly fail on Windows after force close openvpn

Post by TinCanTech » Thu Mar 31, 2022 1:45 pm

It all depends on how you chose to shut down openvpn.

Routes do not live through a reboot, unless they are persistent.

If it works then you can probably ignore it.

Just use the GUI.
Top
Letalis
OpenVPN User
Posts: 47
Joined: Mon Sep 14, 2020 11:46 am

Re: Adding routes seemingly fail on Windows after force close openvpn

Post by Letalis » Thu Mar 31, 2022 2:50 pm

TinCanTech wrote:
Thu Mar 31, 2022 1:45 pm
 It all depends on how you chose to shut down openvpn.
Of course, I would expect a forceful close of openvpn to cause issues on the next startup if trying to create routes that already exist. The issue is that openvpn continuously appears to believe these routes exist when they actually do not even after a reboot. And yes, I can use the GUI but surely it will be doing the same thing but just hiding the errors from me instead?

The main thing I'm concerned with is the fact it's apparently struggling to create existing routes when they don't exist. The routes appear to still be being created correctly, so I could ignore it, I'd just rather figure out what's causing openvpn to think they're there. Could it be an issue with the tap interface?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Adding routes seemingly fail on Windows after force close openvpn

Post by TinCanTech » Thu Mar 31, 2022 3:23 pm

Letalis wrote:
Thu Mar 31, 2022 2:50 pm
 The issue is that openvpn continuously appears to believe these routes exist when they actually do not even after a reboot
Only if you are running the same config twice ....... or two configs which clash.

I suppose openvpn could be the cause of the problem but then this place would be lit up like an Xmas tree.
Top
Letalis
OpenVPN User
Posts: 47
Joined: Mon Sep 14, 2020 11:46 am

Re: Adding routes seemingly fail on Windows after force close openvpn

Post by Letalis » Thu Mar 31, 2022 3:46 pm

Hmm, well I'm certainly not running the same config twice and am only running one instance. Could running an OpenVPN server in a VM using the host machine to connect cause this problem (as that's what I'm doing for testing)? I am using a bridged adapter, but that's the only thing I can really think of.
Top
Post Reply

Return to “Server Administration”