Linux route add command failed

[dermessi]

Hello openVPN experts,

what I want to achieve: I want to enter a remote network in order to be able to access a web server which is located in the remote network. To do so I have installed a RaspberryPI running the OpenVPN server into the remote net. The VPN-server should route all the traffic of the client into the remote net and back to it. When I use my mobile phone (android system, client1) everything works fine. But if I am trying to do the same with client2 (laptop, running with linux mint) it doesn't work even though the "Initialization Sequence is Completed" Note, that the config file of client 2 is exactly the same as the one of client1 where everthing works fine.

Server setup:

Code: Select all

local 192.168.2.221 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194

ca ...
cert ...
key ...
dh ...

server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2

push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.2.221 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed.
push "redirect-gateway def1"

client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

Client setup (I skipped posting the crt and key files, of course):

Code: Select all

client 
dev tun 
proto udp 
remote xxx.xxx.xxx.xxx 1194  
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
mute-replay-warnings 
ns-cert-type server 
key-direction 1 
cipher AES-128-CBC 
comp-lzo 
verb 1 
mute 20 

Before starting the connecting the client to the server the routing table looks like as follows:

Code: Select all

~ $ route
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         speedport.ip    0.0.0.0         UG    0      0        0 wlan0
192.168.2.0     *               255.255.255.0   U     9      0        0 wlan0
~ $

In the following you can the the connecting sequence:

Code: Select all

Thu Mar 19 19:15:32 2015 Control Channel Authentication: tls-auth using INLINE static key file
Thu Mar 19 19:15:32 2015 UDPv4 link local: [undef]
Thu Mar 19 19:15:32 2015 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Mar 19 19:15:33 2015 [serverOpenVPN] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Mar 19 19:15:35 2015 TUN/TAP device tun0 opened
Thu Mar 19 19:15:35 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Mar 19 19:15:35 2015 /sbin/ip link set dev tun0 up mtu 1500
Thu Mar 19 19:15:35 2015 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
RTNETLINK answers: Invalid argument
Thu Mar 19 19:15:35 2015 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
Thu Mar 19 19:15:35 2015 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Mar 19 19:15:35 2015 Initialization Sequence Completed

After the connection is established the routing table appears as shown in the following

Code: Select all

~ $ route
Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         10.8.0.5        128.0.0.0       UG    0      0        0 tun0
default         speedport.ip    0.0.0.0         UG    0      0        0 wlan0
10.8.0.0        10.8.0.5        255.255.255.0   UG    0      0        0 tun0
10.8.0.1        10.8.0.5        255.255.255.255 UGH   0      0        0 tun0
10.8.0.5        *               255.255.255.255 UH    0      0        0 tun0
p57B3404E.dip0. speedport.ip    255.255.255.255 UGH   0      0        0 wlan0
128.0.0.0       10.8.0.5        128.0.0.0       UG    0      0        0 tun0
192.168.2.0     *               255.255.255.0   U     9      0        0 wlan0
~ $

I guess that the problem is related to the following message:

Code: Select all

RTNETLINK answers: File exists
Thu Mar 19 19:15:35 2015 ERROR: Linux route add command failed: external program exited with error status: 2

Even though I have no access to the remote network (remote web server) I am able to ping the RaspberryPi (10.8.0.1) when connected.

I haven't found a working solution yet. Someone has an idea? Help is really appreciated.
Best regard!

[Traffic]

Code: Select all

ifconfig 10.8.0.1 10.8.0.2                # delete this

push "route 10.8.0.1 255.255.255.255"     # delete this

push "route 192.168.2.221 255.255.255.0"  # change to: push "route 192.168.2.0 255.255.255.0"

verb 1                                    # change to: verb 4

[dermessi]

Hey Traffic,

thx a lot! Chapeau!!! The changes you suggested work fine with client1 (smartphone) as well as with client2 (laptop). Nevertheless, an error message still appears when connecting client2.

Code: Select all

Sat Mar 21 19:49:54 2015 Control Channel Authentication: tls-auth using INLINE static key file
Sat Mar 21 19:49:54 2015 UDPv4 link local: [undef]
Sat Mar 21 19:49:54 2015 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Sat Mar 21 19:49:55 2015 [serverOpenVPN] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Sat Mar 21 19:49:57 2015 TUN/TAP device tun0 opened
Sat Mar 21 19:49:57 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Mar 21 19:49:57 2015 /sbin/ip link set dev tun0 up mtu 1500
Sat Mar 21 19:49:57 2015 /sbin/ip addr add dev tun0 local 10.8.0.10 peer 10.8.0.9
RTNETLINK answers: File exists
Sat Mar 21 19:49:57 2015 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Mar 21 19:49:57 2015 Initialization Sequence Completed