VPN: ERROR: Linux route add command failed with status 2
I'm trying to connect throught ovpn but I have the following error, don't know why:
I have ubuntu-gnome and I'm connected throught wifi.
.ovpn:
client
remote gateway.xxx.com 1194
dev tun
proto udp
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca ca-cert.pem
cert client-xxx-cert.pem
key client-xxx-key.pem
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
redirect-gateway def1
Connection error:
sudo openvpn --config gateway.xxxx.com.ovpn
Mon Jun 19 23:25:55 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
Mon Jun 19 23:25:55 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Enter Auth Username: ******
Enter Auth Password: ******
Mon Jun 19 23:25:58 2017 WARNING: file 'client-xxxx-key.pem' is group or others accessible
Mon Jun 19 23:25:58 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jun 19 23:25:59 2017 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Jun 19 23:25:59 2017 UDPv4 link local: [undef]
Mon Jun 19 23:25:59 2017 UDPv4 link remote: [AF_INET]xx.xxx.xxx.xxx:xxxx
Mon Jun 19 23:25:59 2017 TLS: Initial packet from [AF_INET]xx.xxx.xxx.xxx:xxxx, sid=359b3959 c62dbda9
Mon Jun 19 23:25:59 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jun 19 23:25:59 2017 VERIFY OK: depth=1, C=ES, L=xxx, O=xxx, OU=xxx, CN=ca.gateway.xxx.com, [email protected], O=xxx, ST=xxx
Mon Jun 19 23:25:59 2017 VERIFY OK: nsCertType=SERVER
Mon Jun 19 23:25:59 2017 VERIFY OK: depth=0, C=ES, ST=xxx, L=xxx, O=xxx, O=xxx, OU=xxx, CN=gateway.xxx.com, [email protected]
Mon Jun 19 23:26:01 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 19 23:26:01 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 19 23:26:01 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 19 23:26:01 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 19 23:26:01 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jun 19 23:26:01 2017 [gateway.xxx.com] Peer Connection Initiated with [AF_INET]91.126.210.222:1194
Mon Jun 19 23:26:04 2017 SENT CONTROL [gateway.xxx.com]: 'PUSH_REQUEST' (status=1)
Mon Jun 19 23:26:04 2017 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS xxx.xxx.xx.xx,dhcp-option WINS 192.168.47.3,dhcp-option DOMAIN xxx.com,route 192.168.47.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.18 10.8.0.17'
Mon Jun 19 23:26:04 2017 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jun 19 23:26:04 2017 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jun 19 23:26:04 2017 OPTIONS IMPORT: route options modified
Mon Jun 19 23:26:04 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jun 19 23:26:04 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlxc4e9841c8867 HWADDR=c4:e9:84:1c:88:67
Mon Jun 19 23:26:04 2017 TUN/TAP device tun0 opened
Mon Jun 19 23:26:04 2017 TUN/TAP TX queue length set to 100
Mon Jun 19 23:26:04 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jun 19 23:26:04 2017 /sbin/ip link set dev tun0 up mtu 1500
Mon Jun 19 23:26:04 2017 /sbin/ip addr add dev tun0 local 10.8.0.18 peer 10.8.0.17
Mon Jun 19 23:26:04 2017 /sbin/ip route add xx.xx.xxx.xxx/32 via 192.168.1.1
RTNETLINK answers: File exists
Mon Jun 19 23:26:04 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Jun 19 23:26:04 2017 /sbin/ip route add 0.0.0.0/1 via 10.8.0.17
Mon Jun 19 23:26:04 2017 /sbin/ip route add 128.0.0.0/1 via 10.8.0.17
Mon Jun 19 23:26:04 2017 /sbin/ip route add 192.168.47.0/24 via 10.8.0.17
Mon Jun 19 23:26:04 2017 /sbin/ip route add 10.8.0.1/32 via 10.8.0.17
Mon Jun 19 23:26:04 2017 GID set to nogroup
Mon Jun 19 23:26:04 2017 UID set to nobody
Mon Jun 19 23:26:04 2017 Initialization Sequence Completed
^CMon Jun 19 23:26:23 2017 event_wait : Interrupted system call (code=4)
Mon Jun 19 23:26:23 2017 /sbin/ip route del 10.8.0.1/32
RTNETLINK answers: Operation not permitted
Mon Jun 19 23:26:23 2017 ERROR: Linux route delete command failed: external program exited with error status: 2
Mon Jun 19 23:26:23 2017 /sbin/ip route del 192.168.47.0/24
RTNETLINK answers: Operation not permitted
Mon Jun 19 23:26:23 2017 ERROR: Linux route delete command failed: external program exited with error status: 2
Mon Jun 19 23:26:23 2017 /sbin/ip route del 91.126.210.222/32
RTNETLINK answers: Operation not permitted
Mon Jun 19 23:26:23 2017 ERROR: Linux route delete command failed: external program exited with error status: 2
Mon Jun 19 23:26:23 2017 /sbin/ip route del 0.0.0.0/1
RTNETLINK answers: Operation not permitted
Mon Jun 19 23:26:23 2017 ERROR: Linux route delete command failed: external program exited with error status: 2
Mon Jun 19 23:26:23 2017 /sbin/ip route del 128.0.0.0/1
RTNETLINK answers: Operation not permitted
Mon Jun 19 23:26:23 2017 ERROR: Linux route delete command failed: external program exited with error status: 2
Mon Jun 19 23:26:23 2017 Closing TUN/TAP interface
Mon Jun 19 23:26:23 2017 /sbin/ip addr del dev tun0 local 10.8.0.18 peer 10.8.0.17
RTNETLINK answers: Operation not permitted
Mon Jun 19 23:26:23 2017 Linux ip addr del failed: external program exited with error status: 2
Mon Jun 19 23:26:23 2017 SIGINT[hard,] received, process exiting
Solution 1:
The answer is in your log, the route you try to add already exists (it trys to add it because of the redirect-gateway
directive or client ccd):
RTNETLINK answers: File exists
Try to add the pushed route via ip route add
on your guest to check the error and adjust the routing on your host.