almost there (Linux route add command failed)

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
leden
OpenVpn Newbie
Posts: 2
Joined: Sun Nov 08, 2015 9:09 pm

almost there (Linux route add command failed)

Post by leden » Sun Nov 08, 2015 9:25 pm

Hello, I'm hoping somebody can point me in the right direction to jump over what feels like the final hurdle to getting my openvpn setup working.
I have created certificates and client configs and set up my server (linksys E1200 with dd-wrt) according to instructions and tweaked my iptables firewall commands to the point where it seems the firewall is no longer blocking the connection (this was a problem for quite a while, but now looks OK). Certificates seem to be verified correctly in the connection process and things look promising up to this error:

Code: Select all

Sun Nov  8 21:52:40 2015 us=935858 /sbin/ip link set dev tun0 up mtu 1500
Sun Nov  8 21:52:40 2015 us=937992 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Sun Nov  8 21:52:40 2015 us=940113 /sbin/ip route add 10.8.99.1/24 via 10.8.0.1
RTNETLINK answers: Invalid argument
Sun Nov  8 21:52:40 2015 us=942299 ERROR: Linux route add command failed: external program exited with error status: 2
Sun Nov  8 21:52:40 2015 us=942384 Initialization Sequence Completed
Sun Nov  8 21:52:50 2015 us=399976 write to TUN/TAP : Invalid argument (code=22)
My server config is:

Code: Select all

push "route 10.8.99.1 255.255.255.0"
server 10.8.0.0 255.255.255.0
dev tun0
proto tcp
keepalive 10 120
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001
script-security 3 system
(I added the script-security 3 system line because at some stage I was getting an error that this line fixed).
The router's local IP address is 10.8.99.1 and I what I want to achieve is to be able to correct remotely and then access machines on my home LAN behind the router. I am testing by pulling the LAN cable from my client PC and connecting via mobile phone hotspot (to simulate a genuinely remote connection). I am connecting from linux client using sudo openvpn --config lenovo-linux.ovpn. I have a ddns set up to access my dynamic IP and that's working without issue.
For completeness here are the firewall commands:

Code: Select all

iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
I am a fully-confessed noob and will be grateful for any help anybody can offer!

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: almost there (Linux route add command failed)

Post by Traffic » Mon Nov 09, 2015 11:38 am

leden wrote:Sun Nov 8 21:52:40 2015 us=940113 /sbin/ip route add 10.8.99.1/24 via 10.8.0.1
RTNETLINK answers: Invalid argument
Sun Nov 8 21:52:40 2015 us=942299 ERROR: Linux route add command failed: external program exited with error status: 2
because of:
leden wrote:My server config is:
Code:
push "route 10.8.99.1 255.255.255.0"
Should be:

Code: Select all

push "route 10.8.99.0 255.255.255.0"

leden
OpenVpn Newbie
Posts: 2
Joined: Sun Nov 08, 2015 9:09 pm

[SOLVED] Re: almost there (Linux route add command failed)

Post by leden » Mon Nov 09, 2015 1:16 pm

Yes, that works!

Thanks Traffic, you are a star! (in fact, you ought to be on the dev team)

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: almost there (Linux route add command failed)

Post by Traffic » Wed Nov 18, 2015 11:28 pm

No problem 8-)

I cannot change what daft text the administrator of this site chooses for number of posts :roll:

Post Reply