Issue openvpn with openbsd 6.0

svk900 · #1 **(View Single Post)** 5th September 2016

Last weekend i updated my openbsd system to version 6.0.
Since the update i have a problem with openvpn 2.3.11.

This is my openvpn config:

Code:

client
dev tun
proto udp
remote vpn.btguard.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/btguard.ca.crt
verb 3
mute 3
auth-user-pass
mute-replay-warnings
float
reneg-sec 0

This are the errors i see in the openvpn log:

Code:

Mon Sep  5 13:27:46 2016 /sbin/route delete -net 0.0.0.0 192.168.2.1 -netmask 0.0.0.0
delete net 0.0.0.0: gateway 192.168.2.1: not in table
Mon Sep  5 13:27:46 2016 ERROR: OpenBSD/NetBSD route delete command failed: external program exited with error status: 1
Mon Sep  5 13:27:46 2016 /sbin/route add -net 0.0.0.0 10.10.10.237 -netmask 0.0.0.0
add net 0.0.0.0: gateway 10.10.10.237: File exists

Cause of this problem traffic is not send to the vpn but to the default gateway.
With openbsd 5.8 and 5.9 this was working fine.

I can fix it with the follow commands but it's just a temporary solution:

Code:

route delete default
route add default 10.10.10.237

Any help would be appreciated.

svk900 · #2 **(View Single Post)** 11th September 2016

I have fixed my problem by building version 2.3.12 from source and created a patch for route.c

Code:

--- route.c     Tue Aug 23 16:16:22 2016
+++ /root/route.c       Sun Sep 11 18:17:43 2016
@@ -1501,10 +1501,19 @@
     argv_printf_cat (&argv, "-rtt %d", r->metric);
 #endif

-  argv_printf_cat (&argv, "-net %s %s -netmask %s",
+if( count_netmask_bits(netmask) < 32)
+  {
+  argv_printf_cat (&argv, "-net %s/%d %s",
              network,
-             gateway,
-             netmask);
+             count_netmask_bits(netmask),
+             gateway);
+}
+else
+{
+  argv_printf_cat (&argv, "-host %s %s",
+              network,
+              gateway);
+}

   /* FIXME -- add on-link support for OpenBSD/NetBSD */

@@ -1880,11 +1889,21 @@

 #elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)

-  argv_printf (&argv, "%s delete -net %s %s -netmask %s",
+if (count_netmask_bits(netmask) < 32)
+  {
+  argv_printf (&argv, "%s delete -net %s/%d %s",
                ROUTE_PATH,
              network,
-             gateway,
-             netmask);
+             count_netmask_bits(netmask),
+             gateway);
+  }
+else
+  {
+  argv_printf (&argv, "%s delete -host %s %s",
+                ROUTE_PATH,
+              network,
+              gateway);
+  }

   argv_msg (D_ROUTE, &argv);
   openvpn_execve_check (&argv, es, 0, "ERROR: OpenBSD/NetBSD route delete command failed");

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
OpenVPN on OpenBSD 5.1	scrummie02	OpenBSD Security	6	1st October 2012 04:46 PM
Openvpn pf/nat/route-to issue	lasstoff	OpenBSD Security	3	16th January 2012 12:28 PM
OpenBSD port of OpenVPN revisited	J65nko	OpenBSD Packages and Ports	4	11th February 2011 03:53 AM
openvpn on openbsd problem....	michaelk	OpenBSD Security	8	9th February 2011 04:49 AM
openvpn-auth-ldap on openbsd 4.7	jespada	OpenBSD General	2	26th August 2010 09:05 PM