ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=35]

[firepacket]

This error seems to prevent my client from setting gateway for the adapter. I can't find any information online about what causes it or how to fix it. Has anyone run into this before? Here is the relevant config info:

Log:

Code: Select all

Thu Jun 08 17:19:06 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Thu Jun 08 17:19:06 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jun 08 17:19:06 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
Enter Management Password:
Thu Jun 08 17:19:11 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.1.202:11940
Thu Jun 08 17:19:11 2017 UDP link local (bound): [AF_INET][undef]:1194
Thu Jun 08 17:19:11 2017 UDP link remote: [AF_INET]10.10.1.202:11940
Thu Jun 08 17:19:11 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jun 08 17:19:13 2017 [VPNCert] Peer Connection Initiated with [AF_INET]10.10.1.202:11940
Thu Jun 08 17:19:14 2017 open_tun
Thu Jun 08 17:19:14 2017 TAP-WIN32 device [Ethernet] opened: \\.\Global\{C5C06EA9-F3F4-4891-B126-E72BC391C07B}.tap
Thu Jun 08 17:19:14 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.1.0/10.0.1.2/255.255.255.0 [SUCCEEDED]
Thu Jun 08 17:19:14 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.1.2/255.255.255.0 on interface {C5C06EA9-F3F4-4891-B126-E72BC391C07B} [DHCP-serv: 10.0.1.254, lease-time: 31536000]
Thu Jun 08 17:19:14 2017 Successful ARP Flush on interface [35] {C5C06EA9-F3F4-4891-B126-E72BC391C07B}
Thu Jun 08 17:19:14 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jun 08 17:19:14 2017 Blocking outside dns using service succeeded.
Thu Jun 08 17:19:19 2017 ROUTE: route addition failed using service: The parameter is incorrect.   [status=87 if_index=35]
Thu Jun 08 17:19:19 2017 Initialization Sequence Completed
Thu Jun 08 17:19:19 2017 Register_dns request sent to the service

Client:

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote 10.10.1.202 11940 udp
setenv opt block-outside-dns
verify-x509-name "VPNCert" name
auth-user-pass
pkcs12 fw-udp-11940-user.p12
tls-auth fw-udp-11940-user-tls.key 1
remote-cert-tls server
comp-lzo no

Server:

Code: Select all

dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 10.10.1.202
engine cryptodev
tls-server
server 10.0.1.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jCWwgRGOPYWJhc2U= true server1 11940" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'VPNCert' 1"
lport 11940
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 192.168.1.1 255.255.255.0"
push "dhcp-option DOMAIN domain.com"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "block-outside-dns"
push "register-dns"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo no
persist-remote-ip
float
topology subnet

Adapter:

Code: Select all

Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . : vpn.domain.com
   Link-local IPv6 Address . . . . . : fe80::71af:9c8f:d2d5:d7ab%35
   IPv4 Address. . . . . . . . . . . : 10.0.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

As you can see there is no gateway and thus no internet connection.

I am trying to have my openvpn clients appear to be on the LAN network with the other computers plugged directly into the server and to use the internet from the WAN adapter.

I am using Windows 10 as the client and pfSense as the server.

Any help would be appreciated, I've been struggling with this for a while now. Thank you!

[TinCanTech]

ROUTE: route addition failed using service: The parameter is incorrect. [status=87 if_index=35]

push "route 192.168.1.1 255.255.255.0"

Learn routing and do it right ..

[firepacket]

Could you please be more specific? That route was automatically generated by pfSense. I have tried removing it and I get the same error.

[TinCanTech]

Sounds like a pfsense bug ..

[firepacket]

Maybe... but I can manually edit the openvpn config files if needed. What should the correct route be that gives clients access to the LAN and internet access?

[Pippin]

In pfSense there is no need to manually edit config files.
I think you will have better luck on pfSense forum as this looks like a configuration mistake.

[firepacket]

I have found the pfsense configuration to remove the "route" command and I no longer get the route error, but I am still not getting assigned a gateway and get no internet access. It was my understanding that "redirect-gateway def1" should do this, but it doesn't seem to be working.

I shouldn't need to go to the pfsense forms because this is clearly an openvpn issue. Does anyone know what could cause the openvpn client to lack a gateway?

[firepacket]

I finally fixed this by changing route to "route 192.168.1.0 255.255.255.0" and removing redirect-gateway def1. I now see the LAN and get internet access, although the gateway field in ipconfig still remains blank.

Problem solved

[@tosky]

I finally fixed this by changing route to "route 192.168.1.0 255.255.255.0" and removing redirect-gateway def1. I now see the LAN and get internet access, although the gateway field in ipconfig still remains blank.

Problem solved

stp u arrives a connecter le client au serveur via internet? si oui comment u procède parce que moi j'ai configuré le mien et en local ca fonctionne parfaitement et quand je veux passer via internet (connexion distante) ca ne marche pas

[marcosmagalhaes]

Bom dia. Muito obrigado.... Funcionou perfeitamente a dica de adicionar uma rota com o endereço do servidor de PFsense

[Pippin]

Write English please.

Thanks.

Good Morning. Thank you very much .... The tip to add a route with the address of the PFsense server worked perfectly