[Openvpn-users] "redirect-gateway def1 bypass-dhcp" / Options error: in --iroute: Bad network/subne

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thank you OpenVPN forum for reviewing this opportunity to get my OpenVPN
configuration setup correctly.

I've been able to connect OK between my OpenVPN client running on Windows
8 to my OpenVPN server 2.3.2 on Ubuntu 14.04.1 LTS.

However, I'm unable to configure the setting "redirect-gateway def1
bypass-dhcp" in server.conf to allow me to push internet and gateway
traffic from my server.

When I uncomment this setting and restart the OpenVPN service, within 5-10
secs, my SSH connection to my server freezes and disconnects.  I'm unable
to ping to my server IP address without returning a connection failed
error.

However, when I comment this setting, I can restart the service and
connect to my client.  Ping and SSH to my server IP address completes OK.

Please advise.  There seems to be something misconfigured (see cat output
below) in my server configuration which is causing something to crash.
I've spent a few days looking over many forums, seeking help from my VPS
provider support options, and they were unable to assist and suggested I
post here.

I have about 15+ years experience working with Linux systems, however,
networking issues can be tricky for me unless I have a fresh set of eyes.

According to the OpenVPN FAQ:

http://openvpn.net/index.php/open-source/faq/79-client/317-qmulti-bad-source-address-from-client--packet-droppedq-or-qget-inst-by-virt-failedq.html

"MULTI: bad source address from client , packet dropped" or "GET INST BY
VIRT: [failed]"?

These errors occur because OpenVPN doesn't have an internal route for
x.x.210.130. Consequently, it doesn't know how to route the packet to this
machine, so it drops the packet.

However, when I set the following:

root@root:cat /etc/openvpn/server.conf
client-config-dir ccd
route x.x.210.130 255.255.255.0

root@root:cat /etc/openvpn/ccd/ClientWeb
iroute x.x.210.130 255.255.255.0

Then, issue a OpenVPN restart directive, server freezes after about 5-10
secs.  Unable to ping from client to server.

root@root:# cat /etc/openvpn/log/client-config-dir-openvpn.log
Tue Nov 25 05:14:01 2014 us=464946 Current Parameter Settings:
Tue Nov 25 05:14:01 2014 us=465037   config = '/etc/openvpn/server.conf'
Tue Nov 25 05:14:01 2014 us=465051   mode = 1
Tue Nov 25 05:14:01 2014 us=465061   persist_config = DISABLED
Tue Nov 25 05:14:01 2014 us=465070   persist_mode = 1
Tue Nov 25 05:14:01 2014 us=465079   show_ciphers = DISABLED
Tue Nov 25 05:14:01 2014 us=465089   show_digests = DISABLED
Tue Nov 25 05:14:01 2014 us=465098   show_engines = DISABLED
Tue Nov 25 05:14:01 2014 us=465107   genkey = DISABLED
Tue Nov 25 05:14:01 2014 us=465116   key_pass_file = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465125   show_tls_ciphers = DISABLED
Tue Nov 25 05:14:01 2014 us=465135 Connection profiles [default]:
Tue Nov 25 05:14:01 2014 us=465145   proto = udp
Tue Nov 25 05:14:01 2014 us=465154   local = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465164   local_port = 49152
Tue Nov 25 05:14:01 2014 us=465173   remote = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465182   remote_port = 49152
Tue Nov 25 05:14:01 2014 us=465191   remote_float = DISABLED
Tue Nov 25 05:14:01 2014 us=465200   bind_defined = DISABLED
Tue Nov 25 05:14:01 2014 us=465209   bind_local = ENABLED
Tue Nov 25 05:14:01 2014 us=465219   connect_retry_seconds = 5
Tue Nov 25 05:14:01 2014 us=465228   connect_timeout = 10
Tue Nov 25 05:14:01 2014 us=465237   connect_retry_max = 0
Tue Nov 25 05:14:01 2014 us=465246   socks_proxy_server = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465256   socks_proxy_port = 0
Tue Nov 25 05:14:01 2014 us=465265   socks_proxy_retry = DISABLED
Tue Nov 25 05:14:01 2014 us=465275   tun_mtu = 1500
Tue Nov 25 05:14:01 2014 us=465284   tun_mtu_defined = ENABLED
Tue Nov 25 05:14:01 2014 us=465293   link_mtu = 1500
Tue Nov 25 05:14:01 2014 us=465302   link_mtu_defined = DISABLED
Tue Nov 25 05:14:01 2014 us=465312   tun_mtu_extra = 0
Tue Nov 25 05:14:01 2014 us=465321   tun_mtu_extra_defined = DISABLED
Tue Nov 25 05:14:01 2014 us=465330   mtu_discover_type = -1
Tue Nov 25 05:14:01 2014 us=465339   fragment = 0
Tue Nov 25 05:14:01 2014 us=465349   mssfix = 1450
Tue Nov 25 05:14:01 2014 us=465358   explicit_exit_notification = 0
Tue Nov 25 05:14:01 2014 us=465367 Connection profiles END
Tue Nov 25 05:14:01 2014 us=465376   remote_random = DISABLED
Tue Nov 25 05:14:01 2014 us=465386   ipchange = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465395   dev = 'tun'
Tue Nov 25 05:14:01 2014 us=465404   dev_type = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465413   dev_node = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465422   lladdr = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465431   topology = 1
Tue Nov 25 05:14:01 2014 us=465441   tun_ipv6 = DISABLED
Tue Nov 25 05:14:01 2014 us=465450   ifconfig_local = '10.8.0.1'
Tue Nov 25 05:14:01 2014 us=465459   ifconfig_remote_netmask = '10.8.0.2'
Tue Nov 25 05:14:01 2014 us=465468   ifconfig_noexec = DISABLED
Tue Nov 25 05:14:01 2014 us=465477   ifconfig_nowarn = DISABLED
Tue Nov 25 05:14:01 2014 us=465486   ifconfig_ipv6_local = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465496   ifconfig_ipv6_netbits = 0
Tue Nov 25 05:14:01 2014 us=465505   ifconfig_ipv6_remote = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465514   shaper = 0
Tue Nov 25 05:14:01 2014 us=465523   mtu_test = 0
Tue Nov 25 05:14:01 2014 us=465532   mlock = DISABLED
Tue Nov 25 05:14:01 2014 us=465542   keepalive_ping = 10
Tue Nov 25 05:14:01 2014 us=465551   keepalive_timeout = 120
Tue Nov 25 05:14:01 2014 us=465560   inactivity_timeout = 0
Tue Nov 25 05:14:01 2014 us=465575   ping_send_timeout = 10
Tue Nov 25 05:14:01 2014 us=465586   ping_rec_timeout = 240
Tue Nov 25 05:14:01 2014 us=465595   ping_rec_timeout_action = 2
Tue Nov 25 05:14:01 2014 us=465604   ping_timer_remote = DISABLED
Tue Nov 25 05:14:01 2014 us=465613   remap_sigusr1 = 0
Tue Nov 25 05:14:01 2014 us=465623   persist_tun = ENABLED
Tue Nov 25 05:14:01 2014 us=465632   persist_local_ip = DISABLED
Tue Nov 25 05:14:01 2014 us=465641   persist_remote_ip = DISABLED
Tue Nov 25 05:14:01 2014 us=465650   persist_key = ENABLED
Tue Nov 25 05:14:01 2014 us=465659   passtos = DISABLED
Tue Nov 25 05:14:01 2014 us=465669   resolve_retry_seconds = 1000000000
Tue Nov 25 05:14:01 2014 us=465724   username = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465737   groupname = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465746   chroot_dir = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465755   cd_dir = '/etc/openvpn'
Tue Nov 25 05:14:01 2014 us=465764   writepid = '/run/openvpn/interconit.pid'
Tue Nov 25 05:14:01 2014 us=465774   up_script = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465783   down_script = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=465792   down_pre = DISABLED
Tue Nov 25 05:14:01 2014 us=465801   up_restart = DISABLED
Tue Nov 25 05:14:01 2014 us=465811   up_delay = DISABLED
Tue Nov 25 05:14:01 2014 us=465820   daemon = ENABLED
Tue Nov 25 05:14:01 2014 us=465829   inetd = 0
Tue Nov 25 05:14:01 2014 us=465839   log = ENABLED
Tue Nov 25 05:14:01 2014 us=465857   suppress_timestamps = DISABLED
Tue Nov 25 05:14:01 2014 us=465868   nice = 0
Tue Nov 25 05:14:01 2014 us=465878   verbosity = 4
Tue Nov 25 05:14:01 2014 us=465887   mute = 0
Tue Nov 25 05:14:01 2014 us=465896   gremlin = 0
Tue Nov 25 05:14:01 2014 us=465905   status_file = 'openvpn-status.log'
Tue Nov 25 05:14:01 2014 us=465914   status_file_version = 1
Tue Nov 25 05:14:01 2014 us=465923   status_file_update_freq = 60
Tue Nov 25 05:14:01 2014 us=465933   occ = ENABLED
Tue Nov 25 05:14:01 2014 us=465942   rcvbuf = 65536
Tue Nov 25 05:14:01 2014 us=465951   sndbuf = 65536
Tue Nov 25 05:14:01 2014 us=465960   mark = 0
Tue Nov 25 05:14:01 2014 us=465969   sockflags = 0
Tue Nov 25 05:14:01 2014 us=465978   fast_io = DISABLED
Tue Nov 25 05:14:01 2014 us=465988   lzo = 7
Tue Nov 25 05:14:01 2014 us=465997   route_script = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466006   route_default_gateway = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466016   route_default_metric = 0
Tue Nov 25 05:14:01 2014 us=466025   route_noexec = DISABLED
Tue Nov 25 05:14:01 2014 us=466034   route_delay = 0
Tue Nov 25 05:14:01 2014 us=466044   route_delay_window = 30
Tue Nov 25 05:14:01 2014 us=466053   route_delay_defined = DISABLED
Tue Nov 25 05:14:01 2014 us=466062   route_nopull = DISABLED
Tue Nov 25 05:14:01 2014 us=466072   route_gateway_via_dhcp = DISABLED
Tue Nov 25 05:14:01 2014 us=466081   max_routes = 100
Tue Nov 25 05:14:01 2014 us=466090   allow_pull_fqdn = DISABLED
Tue Nov 25 05:14:01 2014 us=466101   route x.x.210.130/255.255.255.0/nil/nil
Tue Nov 25 05:14:01 2014 us=466110   route 10.8.0.0/255.255.255.0/nil/nil
Tue Nov 25 05:14:01 2014 us=466119   management_addr = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466129   management_port = 0
Tue Nov 25 05:14:01 2014 us=466138   management_user_pass = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466147   management_log_history_cache = 250
Tue Nov 25 05:14:01 2014 us=466156   management_echo_buffer_size = 100
Tue Nov 25 05:14:01 2014 us=466166   management_write_peer_info_file =
'[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466175   management_client_user = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466184   management_client_group = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466193   management_flags = 0
Tue Nov 25 05:14:01 2014 us=466203   shared_secret_file = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466212   key_direction = 0
Tue Nov 25 05:14:01 2014 us=466221   ciphername_defined = ENABLED
Tue Nov 25 05:14:01 2014 us=466231   ciphername = 'BF-CBC'
Tue Nov 25 05:14:01 2014 us=466240   authname_defined = ENABLED
Tue Nov 25 05:14:01 2014 us=466249   authname = 'SHA1'
Tue Nov 25 05:14:01 2014 us=466258   prng_hash = 'SHA1'
Tue Nov 25 05:14:01 2014 us=466267   prng_nonce_secret_len = 16
Tue Nov 25 05:14:01 2014 us=466277   keysize = 0
Tue Nov 25 05:14:01 2014 us=466286   engine = DISABLED
Tue Nov 25 05:14:01 2014 us=466295   replay = ENABLED
Tue Nov 25 05:14:01 2014 us=466304   mute_replay_warnings = DISABLED
Tue Nov 25 05:14:01 2014 us=466313   replay_window = 64
Tue Nov 25 05:14:01 2014 us=466322   replay_time = 15
Tue Nov 25 05:14:01 2014 us=466331   packet_id_file = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466340   use_iv = ENABLED
Tue Nov 25 05:14:01 2014 us=466349   test_crypto = DISABLED
Tue Nov 25 05:14:01 2014 us=466358   tls_server = ENABLED
Tue Nov 25 05:14:01 2014 us=466374   tls_client = DISABLED
Tue Nov 25 05:14:01 2014 us=466384   key_method = 2
Tue Nov 25 05:14:01 2014 us=466393   ca_file = 'ca.crt'
Tue Nov 25 05:14:01 2014 us=466402   ca_path = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466412   dh_file = 'dh2048.pem'
Tue Nov 25 05:14:01 2014 us=466421   cert_file = 'interconit.crt'
Tue Nov 25 05:14:01 2014 us=466430   priv_key_file = 'interconit.key'
Tue Nov 25 05:14:01 2014 us=466440   pkcs12_file = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466449   cipher_list = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466458   tls_verify = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466467   tls_export_cert = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466476   verify_x509_type = 0
Tue Nov 25 05:14:01 2014 us=466485   verify_x509_name = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466495   crl_file = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466504   ns_cert_type = 0
Tue Nov 25 05:14:01 2014 us=466513   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466522   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466531   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466540   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466550   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466559   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466568   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466577   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466586   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466595   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466604   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466613   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466622   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466631   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466640   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466650   remote_cert_ku[i] = 0
Tue Nov 25 05:14:01 2014 us=466659   remote_cert_eku = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466668   ssl_flags = 0
Tue Nov 25 05:14:01 2014 us=466677   tls_timeout = 2
Tue Nov 25 05:14:01 2014 us=466686   renegotiate_bytes = 0
Tue Nov 25 05:14:01 2014 us=466695   renegotiate_packets = 0
Tue Nov 25 05:14:01 2014 us=466704   renegotiate_seconds = 3600
Tue Nov 25 05:14:01 2014 us=466713   handshake_window = 60
Tue Nov 25 05:14:01 2014 us=466722   transition_window = 3600
Tue Nov 25 05:14:01 2014 us=466731   single_session = DISABLED
Tue Nov 25 05:14:01 2014 us=466740   push_peer_info = DISABLED
Tue Nov 25 05:14:01 2014 us=466749   tls_exit = DISABLED
Tue Nov 25 05:14:01 2014 us=466758   tls_auth_file = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=466768   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466777   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466786   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466795   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466804   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466813   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466822   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466831   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466841   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466850   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466859   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466868   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466877   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466886   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466895   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466904   pkcs11_protected_authentication =
DISABLED
Tue Nov 25 05:14:01 2014 us=466914   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466923   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466932   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466942   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466956   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466966   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466976   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466985   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=466994   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467003   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467012   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467021   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467031   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467040   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467049   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467058   pkcs11_private_mode = 00000000
Tue Nov 25 05:14:01 2014 us=467068   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467077   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467086   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467095   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467105   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467114   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467123   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467132   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467142   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467151   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467160   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467169   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467178   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467187   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467196   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467205   pkcs11_cert_private = DISABLED
Tue Nov 25 05:14:01 2014 us=467214   pkcs11_pin_cache_period = -1
Tue Nov 25 05:14:01 2014 us=467223   pkcs11_id = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=467232   pkcs11_id_management = DISABLED
Tue Nov 25 05:14:01 2014 us=467242   server_network = 10.8.0.0
Tue Nov 25 05:14:01 2014 us=467252   server_netmask = 255.255.255.0
Tue Nov 25 05:14:01 2014 us=467264   server_network_ipv6 = ::
Tue Nov 25 05:14:01 2014 us=467274   server_netbits_ipv6 = 0
Tue Nov 25 05:14:01 2014 us=467284   server_bridge_ip = 0.0.0.0
Tue Nov 25 05:14:01 2014 us=467293   server_bridge_netmask = 0.0.0.0
Tue Nov 25 05:14:01 2014 us=467303   server_bridge_pool_start = 0.0.0.0
Tue Nov 25 05:14:01 2014 us=467313   server_bridge_pool_end = 0.0.0.0
Tue Nov 25 05:14:01 2014 us=467322   push_entry = 'redirect-gateway def1
bypass-dhcp'
Tue Nov 25 05:14:01 2014 us=467332   push_entry = 'dhcp-option DNS 10.8.0.1'
Tue Nov 25 05:14:01 2014 us=467341   push_entry = 'route 10.8.0.1'
Tue Nov 25 05:14:01 2014 us=467350   push_entry = 'topology net30'
Tue Nov 25 05:14:01 2014 us=467360   push_entry = 'ping 10'
Tue Nov 25 05:14:01 2014 us=467369   push_entry = 'ping-restart 120'
Tue Nov 25 05:14:01 2014 us=467378   ifconfig_pool_defined = ENABLED
Tue Nov 25 05:14:01 2014 us=467395   ifconfig_pool_start = 10.8.0.4
Tue Nov 25 05:14:01 2014 us=467407   ifconfig_pool_end = 10.8.0.251
Tue Nov 25 05:14:01 2014 us=467421   ifconfig_pool_netmask = 0.0.0.0
Tue Nov 25 05:14:01 2014 us=467431   ifconfig_pool_persist_filename =
'ipp.txt'
Tue Nov 25 05:14:01 2014 us=467441   ifconfig_pool_persist_refresh_freq = 600
Tue Nov 25 05:14:01 2014 us=467451   ifconfig_ipv6_pool_defined = DISABLED
Tue Nov 25 05:14:01 2014 us=467460   ifconfig_ipv6_pool_base = ::
Tue Nov 25 05:14:01 2014 us=467470   ifconfig_ipv6_pool_netbits = 0
Tue Nov 25 05:14:01 2014 us=467479   n_bcast_buf = 256
Tue Nov 25 05:14:01 2014 us=467488   tcp_queue_limit = 64
Tue Nov 25 05:14:01 2014 us=467498   real_hash_size = 256
Tue Nov 25 05:14:01 2014 us=467507   virtual_hash_size = 256
Tue Nov 25 05:14:01 2014 us=467516   client_connect_script = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=467525   learn_address_script = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=467540   client_disconnect_script = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=467550   client_config_dir = 'ccd'
Tue Nov 25 05:14:01 2014 us=467559   ccd_exclusive = DISABLED
Tue Nov 25 05:14:01 2014 us=467568   tmp_dir = '/tmp'
Tue Nov 25 05:14:01 2014 us=467578   push_ifconfig_defined = DISABLED
Tue Nov 25 05:14:01 2014 us=467588   push_ifconfig_local = 0.0.0.0
Tue Nov 25 05:14:01 2014 us=467598   push_ifconfig_remote_netmask = 0.0.0.0
Tue Nov 25 05:14:01 2014 us=467607   push_ifconfig_ipv6_defined = DISABLED
Tue Nov 25 05:14:01 2014 us=467617   push_ifconfig_ipv6_local = ::/0
Tue Nov 25 05:14:01 2014 us=467627   push_ifconfig_ipv6_remote = ::
Tue Nov 25 05:14:01 2014 us=467636   enable_c2c = DISABLED
Tue Nov 25 05:14:01 2014 us=467645   duplicate_cn = DISABLED
Tue Nov 25 05:14:01 2014 us=467655   cf_max = 0
Tue Nov 25 05:14:01 2014 us=467664   cf_per = 0
Tue Nov 25 05:14:01 2014 us=467673   max_clients = 1024
Tue Nov 25 05:14:01 2014 us=467682   max_routes_per_client = 256
Tue Nov 25 05:14:01 2014 us=467691   auth_user_pass_verify_script = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=467700   auth_user_pass_verify_script_via_file
= DISABLED
Tue Nov 25 05:14:01 2014 us=467710   port_share_host = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=467719   port_share_port = 0
Tue Nov 25 05:14:01 2014 us=467728   client = DISABLED
Tue Nov 25 05:14:01 2014 us=467737   pull = DISABLED
Tue Nov 25 05:14:01 2014 us=467746   auth_user_pass_file = '[UNDEF]'
Tue Nov 25 05:14:01 2014 us=467757 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL
(OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia]

[MH] [IPv6] built on Feb  4 2014
Tue Nov 25 05:14:01 2014 us=473506 Diffie-Hellman initialized with 2048
bit key
Tue Nov 25 05:14:01 2014 us=473858 TLS-Auth MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Tue Nov 25 05:14:01 2014 us=473888 Socket Buffers: R=[212992->131072]
S=[212992->131072]
Tue Nov 25 05:14:01 2014 us=474003 ROUTE_GATEWAY x.x.210.1/255.255.0.0
IFACE=eth0 HWADDR=f2:3c:91:89:ec:d9
Tue Nov 25 05:14:01 2014 us=477991 TUN/TAP device tun0 opened
Tue Nov 25 05:14:01 2014 us=478017 TUN/TAP TX queue length set to 100
Tue Nov 25 05:14:01 2014 us=478035 do_ifconfig, tt->ipv6=0,
tt->did_ifconfig_ipv6_setup=0
Tue Nov 25 05:14:01 2014 us=478057 /sbin/ip link set dev tun0 up mtu 1500
Tue Nov 25 05:14:01 2014 us=483105 /sbin/ip addr add dev tun0 local
10.8.0.1 peer 10.8.0.2
Tue Nov 25 05:14:01 2014 us=489261 /sbin/ip route add x.x.210.130/24 via
10.8.0.2
RTNETLINK answers: Invalid argument
Tue Nov 25 05:14:01 2014 us=493485 ERROR: Linux route add command failed:
external program exited with error status: 2
Tue Nov 25 05:14:01 2014 us=493537 /sbin/ip route add 10.8.0.0/24 via
10.8.0.2
Tue Nov 25 05:14:01 2014 us=498067 Data Channel MTU parms [ L:1542 D:1450
EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Nov 25 05:14:01 2014 us=501825 UDPv4 link local (bound): [undef]
Tue Nov 25 05:14:01 2014 us=501870 UDPv4 link remote: [undef]
Tue Nov 25 05:14:01 2014 us=501887 MULTI: multi_init called, r=256 v=256
Tue Nov 25 05:14:01 2014 us=501994 IFCONFIG POOL: base=10.8.0.4 size=62,
ipv6=0
Tue Nov 25 05:14:01 2014 us=502012 ifconfig_pool_read(),
in='ClientWeb,10.8.0.4', TODO: IPv6
Tue Nov 25 05:14:01 2014 us=502040 succeeded -> ifconfig_pool_set()
Tue Nov 25 05:14:01 2014 us=502052 IFCONFIG POOL LIST
Tue Nov 25 05:14:01 2014 us=502063 ClientWeb,10.8.0.4
Tue Nov 25 05:14:01 2014 us=502103 Initialization Sequence Completed
Tue Nov 25 05:14:03 2014 us=801888 MULTI: multi_create_instance called
Tue Nov 25 05:14:03 2014 us=801975 x.x.210.130:46876 Re-using SSL/TLS context
Tue Nov 25 05:14:03 2014 us=802065 x.x.210.130:46876 LZO compression
initialized
Tue Nov 25 05:14:03 2014 us=802420 x.x.210.130:46876 Control Channel MTU
parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Nov 25 05:14:03 2014 us=802438 x.x.210.130:46876 Data Channel MTU
parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1

]
Tue Nov 25 05:14:03 2014 us=802509 x.x.210.130:46876 Local Options String:
'V4,dev-type tun,link-mtu 1542,tun-mtu

1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-server'
Tue Nov 25 05:14:03 2014 us=802538 x.x.210.130:46876 Expected Remote
Options String: 'V4,dev-type tun,link-mtu 1542,tun-

mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize
128,key-method 2,tls-client'
Tue Nov 25 05:14:03 2014 us=802575 x.x.210.130:46876 Local Options hash
(VER=V4): '530fdded'
Tue Nov 25 05:14:03 2014 us=802589 x.x.210.130:46876 Expected Remote
Options hash (VER=V4): '41690919'
Tue Nov 25 05:14:03 2014 us=802630 x.x.210.130:46876 TLS: Initial packet
from [AF_INET]x.x.210.130:46876, sid=41b1effd

748cd072
Tue Nov 25 05:14:03 2014 us=830571 x.x.210.130:46876 VERIFY OK: depth=1,
C=US, ST=CA, L=SanFrancisco, O=Interconit,

OU=LLC, CN=interconit, name=John Smith, emailAddress=joh...@ex...
Tue Nov 25 05:14:03 2014 us=830742 x.x.210.130:46876 VERIFY OK: depth=0,
C=US, ST=CA, L=SanFrancisco, O=ClientWeb,

OU=MyOrganizationalUnit, CN=Clientweb, name=John Smith,
emailAddress=jo...@ex...
Tue Nov 25 05:14:03 2014 us=839138 x.x.210.130:46876 Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov 25 05:14:03 2014 us=839179 x.x.210.130:46876 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 25 05:14:03 2014 us=839229 x.x.210.130:46876 Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov 25 05:14:03 2014 us=839241 x.x.210.130:46876 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 25 05:14:03 2014 us=839929 x.x.210.130:46876 Control Channel:
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Nov 25 05:14:03 2014 us=839960 x.x.210.130:46876 [ClientWeb] Peer
Connection Initiated with [AF_INET]x.x.210.130:46876
Tue Nov 25 05:14:03 2014 us=840012 ClientWeb/x.x.210.130:46876 OPTIONS
IMPORT: reading client specific options from: ccd/ClientWeb
Tue Nov 25 05:14:03 2014 us=840088 ClientWeb/x.x.210.130:46876 Options
error: in --iroute x.x.210.130 255.255.255.0 : Bad network/subnet
specification
Tue Nov 25 05:14:03 2014 us=840126 ClientWeb/x.x.210.130:46876 MULTI_sva:
pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Nov 25 05:14:03 2014 us=840163 ClientWeb/x.x.210.130:46876 MULTI:
Learn: 10.8.0.6 -> ClientWeb/x.x.210.130:46876
Tue Nov 25 05:14:03 2014 us=840175 ClientWeb/x.x.210.130:46876 MULTI:
primary virtual IP for ClientWeb/x.x.210.130:46876: 10.8.0.6
Tue Nov 25 05:14:06 2014 us=198712 ClientWeb/x.x.210.130:46876 PUSH:
Received control message: 'PUSH_REQUEST'
Tue Nov 25 05:14:06 2014 us=198764 ClientWeb/x.x.210.130:46876
send_push_reply(): safe_cap=940
Tue Nov 25 05:14:06 2014 us=198794 ClientWeb/x.x.210.130:46876 SENT
CONTROL [ClientWeb]: 'PUSH_REPLY,redirect-gateway def1
bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping
10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

Please advise.  Where is my problem?

Errors:
Tue Nov 25 05:14:01 2014 us=489261 /sbin/ip route add x.x.210.130/24 via
10.8.0.2
RTNETLINK answers: Invalid argument
Tue Nov 25 05:14:01 2014 us=493485 ERROR: Linux route add command failed:
external program exited with error status: 2
Tue Nov 25 05:14:03 2014 us=840088 ClientWeb/x.x.210.130:46876 Options
error: in --iroute x.x.210.130 255.255.255.0 : Bad network/subnet
specification

[Openvpn-users] "redirect-gateway def1 bypass-dhcp" / Options error: in --iroute: Bad network/subne

Robust and flexible VPN network tunnelling

[Openvpn-users] "redirect-gateway def1 bypass-dhcp" / Options error: in --iroute: Bad network/subnet specification