Jump to content
Not connected, Your IP: 3.235.236.13
niyucozi

ANSWERED Issue: RTNETLINK answers: Operation not supported

Recommended Posts

Posted ... (edited)

My operating system is Debian 10.9 and I am experimenting on double-hop two different VPN servers. Some call it chaining or cascading two VPN servers.

Attached is the script that I found on the internet. It is called updown.sh and I attach it to this post.

The contents of the config file that I used were:

client
dev tun
remote exit-ip-of-airvpn-server 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
remote-cert-tls server
data-ciphers-fallback AES-256-CBC
comp-lzo no
proto tcp
auth SHA512
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
alphanumeric text
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
alphanumeric text
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
alphanumeric text
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
alphanumeric text
-----END OpenVPN Static key V1-----
</tls-crypt>


I have the error message "RTNETLINK answers: Operation not supported" when AirVPN Server is the first hop. Below is the full log:
 

username@localhost:~/test$ sudo openvpn --config AirVPN_TCP-443-Entry4.ovpn --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec
[sudo] password for username:
2021-04-29 18:32:59 Multiple --up scripts defined.  The previously configured script is overridden.
2021-04-29 18:32:59 Multiple --down scripts defined.  The previously configured script is overridden.
2021-04-29 18:32:59 OpenVPN 2.5.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
2021-04-29 18:32:59 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
2021-04-29 18:32:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-04-29 18:32:59 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-04-29 18:32:59 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-04-29 18:32:59 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-04-29 18:32:59 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-04-29 18:32:59 TCP/UDP: Preserving recently used remote address: [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 18:32:59 Socket Buffers: R=[131072->131072] S=[16384->16384]
2021-04-29 18:32:59 Attempting to establish TCP connection with [AF_INET]exit-ip-of-airvpn-server:443 [nonblock]
2021-04-29 18:32:59 TCP connection established with [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 18:32:59 TCP_CLIENT link local: (not bound)
2021-04-29 18:32:59 TCP_CLIENT link remote: [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 18:33:00 TLS: Initial packet from [AF_INET]exit-ip-of-airvpn-server:443, sid=8bb71dc6 7f1a32a5
2021-04-29 18:33:00 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
2021-04-29 18:33:00 VERIFY KU OK
2021-04-29 18:33:00 Validating certificate extended key usage
2021-04-29 18:33:00 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-04-29 18:33:00 VERIFY EKU OK
2021-04-29 18:33:00 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn-server, emailAddress=info@airvpn.org
2021-04-29 18:33:01 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-04-29 18:33:01 [AirVPN-Server] Peer Connection Initiated with [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 18:33:01 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway  def1 bypass-dhcp,dhcp-option DNS 10.21.207.1,route-gateway 10.21.207.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.21.207.18 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2021-04-29 18:33:01 OPTIONS IMPORT: timers and/or timeouts modified
2021-04-29 18:33:01 OPTIONS IMPORT: compression parms modified
2021-04-29 18:33:01 OPTIONS IMPORT: --ifconfig/up options modified
2021-04-29 18:33:01 OPTIONS IMPORT: route options modified
2021-04-29 18:33:01 OPTIONS IMPORT: route-related options modified
2021-04-29 18:33:01 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-04-29 18:33:01 OPTIONS IMPORT: peer-id set
2021-04-29 18:33:01 OPTIONS IMPORT: adjusting link_mtu to 1627
2021-04-29 18:33:01 OPTIONS IMPORT: data channel crypto options modified
2021-04-29 18:33:01 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-04-29 18:33:01 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-04-29 18:33:01 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-04-29 18:33:01 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enx000ec6ca331e HWADDR=11:1e:b7:de:00:2f
2021-04-29 18:33:01 TUN/TAP device tun0 opened
2021-04-29 18:33:01 /sbin/ip link set dev tun0 up mtu 1500
2021-04-29 18:33:01 /sbin/ip link set dev tun0 up
2021-04-29 18:33:01 /sbin/ip addr add dev tun0 10.21.207.18/24
2021-04-29 18:33:01 updown.sh tun0 1500 1555 10.21.207.18 255.255.255.0 init
updown.sh: STARTED
updown.sh: hop number:               (default: 1)
updown.sh: gateway of previous hop:  (default: local gateway)
updown.sh: local gateway:           192.168.1.1
updown.sh: VPN: int. IP address:    10.21.207.18
updown.sh: VPN: netmask:            255.255.255.0
updown.sh: VPN: gateway:            10.21.207.1
updown.sh: VPN: public IP address:  exit-ip-of-airvpn-server
updown.sh: Notice: You didn't set 'hopid'. Assuming this to be the first hop (hopid=1).
updown.sh: Notice: You didn't set the previous gateway. The gateway of your local network ('192.168.1.1') will be used.
updown.sh: executing: '/usr/sbin/ip route add exit-ip-of-airvpn-server via 192.168.1.1'
updown.sh: executing: '/usr/sbin/ip route add 0.0.0.0/1 via 10.21.207.1'
updown.sh: executing: '/usr/sbin/ip route add 128.0.0.0/1 via 10.21.207.1'
updown.sh: executing: '/usr/sbin/ip -6 route add 2000::/4 dev tun0'
RTNETLINK answers: Operation not supported
updown.sh: executing: '/usr/sbin/ip -6 route add 3000::/4 dev tun0'
RTNETLINK answers: Operation not supported
updown.sh: HINT: For the next hop, start openvpn with the following options:
updown.sh: HINT: openvpn --config <config.conf> --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 2 --setenv prevgw 10.21.207.1
updown.sh: execuding: '/etc/openvpn/update-resolv-conf'
dhcp-option DNS 10.21.207.1
updown.sh: FINISHED
2021-04-29 18:33:06 Initialization Sequence Completed



There were about four "RTNETLINK answers: Operation not supported" messages when AirVPN Server was the second hop. Below is the full log:
 

sudo openvpn --config AirVPN_TCP-443-Entry4.ovpn --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 2 --setenv prevgw 10.10.101.9
[sudo] password for username:
2021-04-29 17:38:57 Multiple --up scripts defined.  The previously configured script is overridden.
2021-04-29 17:38:57 Multiple --down scripts defined.  The previously configured script is overridden.
2021-04-29 17:38:57 OpenVPN 2.5.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
2021-04-29 17:38:57 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
2021-04-29 17:38:57 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-04-29 17:38:57 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-04-29 17:38:57 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-04-29 17:38:57 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-04-29 17:38:57 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-04-29 17:38:57 TCP/UDP: Preserving recently used remote address: [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 17:38:57 Socket Buffers: R=[131072->131072] S=[16384->16384]
2021-04-29 17:38:57 Attempting to establish TCP connection with [AF_INET]exit-ip-of-airvpn-server:443 [nonblock]
2021-04-29 17:38:57 TCP connection established with [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 17:38:57 TCP_CLIENT link local: (not bound)
2021-04-29 17:38:57 TCP_CLIENT link remote: [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 17:38:58 TLS: Initial packet from [AF_INET]exit-ip-of-airvpn-server:443, sid=efab61d0 f267c3aa
2021-04-29 17:38:58 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
2021-04-29 17:38:58 VERIFY KU OK
2021-04-29 17:38:58 Validating certificate extended key usage
2021-04-29 17:38:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-04-29 17:38:58 VERIFY EKU OK
2021-04-29 17:38:58 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn-server, emailAddress=info@airvpn.org
2021-04-29 17:38:59 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021-04-29 17:38:59 [AirVPN-Server] Peer Connection Initiated with [AF_INET]exit-ip-of-airvpn-server:443
2021-04-29 17:39:00 SENT CONTROL [AirVPN-Server]: 'PUSH_REQUEST' (status=1)
2021-04-29 17:39:00 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway  def1 bypass-dhcp,dhcp-option DNS 10.21.195.1,route-gateway 10.21.195.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.21.195.37 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2021-04-29 17:39:00 OPTIONS IMPORT: timers and/or timeouts modified
2021-04-29 17:39:00 OPTIONS IMPORT: compression parms modified
2021-04-29 17:39:00 OPTIONS IMPORT: --ifconfig/up options modified
2021-04-29 17:39:00 OPTIONS IMPORT: route options modified
2021-04-29 17:39:00 OPTIONS IMPORT: route-related options modified
2021-04-29 17:39:00 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-04-29 17:39:00 OPTIONS IMPORT: peer-id set
2021-04-29 17:39:00 OPTIONS IMPORT: adjusting link_mtu to 1627
2021-04-29 17:39:00 OPTIONS IMPORT: data channel crypto options modified
2021-04-29 17:39:00 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-04-29 17:39:00 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-04-29 17:39:00 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-04-29 17:39:00 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enx000ec6ca331e HWADDR=11:1e:b7:de:00:2f
2021-04-29 17:39:00 TUN/TAP device tun1 opened
2021-04-29 17:39:00 /sbin/ip link set dev tun1 up mtu 1500
2021-04-29 17:39:00 /sbin/ip link set dev tun1 up
2021-04-29 17:39:00 /sbin/ip addr add dev tun1 10.21.195.37/24
2021-04-29 17:39:00 updown.sh tun1 1500 1555 10.21.195.37 255.255.255.0 init
updown.sh: STARTED
updown.sh: hop number:              2 (default: 1)
updown.sh: gateway of previous hop: 10.10.101.9 (default: local gateway)
updown.sh: local gateway:           192.168.1.1
updown.sh: VPN: int. IP address:    10.21.195.37
updown.sh: VPN: netmask:            255.255.255.0
updown.sh: VPN: gateway:            10.21.195.1
updown.sh: VPN: public IP address:  exit-ip-of-airvpn-server
updown.sh: executing: '/usr/sbin/ip route add exit-ip-of-airvpn-server via 10.10.101.9'
updown.sh: executing: '/usr/sbin/ip route add 0.0.0.0/2 via 10.21.195.1'
updown.sh: executing: '/usr/sbin/ip route add 64.0.0.0/2 via 10.21.195.1'
updown.sh: executing: '/usr/sbin/ip route add 128.0.0.0/2 via 10.21.195.1'
updown.sh: executing: '/usr/sbin/ip route add 192.0.0.0/2 via 10.21.195.1'
updown.sh: executing: '/usr/sbin/ip -6 route add 2000::/5 dev tun1'
RTNETLINK answers: Operation not supported
updown.sh: executing: '/usr/sbin/ip -6 route add 2800::/5 dev tun1'
RTNETLINK answers: Operation not supported
updown.sh: executing: '/usr/sbin/ip -6 route add 3000::/5 dev tun1'
RTNETLINK answers: Operation not supported
updown.sh: executing: '/usr/sbin/ip -6 route add 3800::/5 dev tun1'
RTNETLINK answers: Operation not supported
updown.sh: HINT: For the next hop, start openvpn with the following options:
updown.sh: HINT: openvpn --config <config.conf> --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 3 --setenv prevgw 10.21.195.1
updown.sh: execuding: '/etc/openvpn/update-resolv-conf'
dhcp-option DNS 10.21.195.1
updown.sh: FINISHED
2021-04-29 17:39:05 Initialization Sequence Completed


How do I fix the "RTNETLINK: Operation not supported" issue?

 

updown.sh

Edited ... by niyucozi

Share this post


Link to post
18 hours ago, niyucozi said:

How do I fix the "RTNETLINK: Operation not supported" issue?


By not requesting IPv6 routes from the server. If you look closely, it only happens if OpenVPN wants to set -6 routes. Your system seems to have no support for that, or you disabled it intentionally. In the config, comment out or delete this line:

# UV_IPV6 = yes

.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
8 minutes ago, OpenSourcerer said:

By not requesting IPv6 routes from the server. If you look closely, it only happens if OpenVPN wants to set -6 routes. Your system seems to have no support for that, or you disabled it intentionally. In the config, comment out or delete this line:

# UV_IPV6 = yes

.

Thanks for your help.

You are right. I have disabled IPv6 in my Debian OS.

A. What did you mean by "in the config"? Did you mean the server's config file or AirVPN's config file? I do not own the server; it belongs to AirVPN.

B. Is it OK if I do not comment out or delete the line UV_IPV6=yes ? It means that I just have to live with the error messages in the log.



 

Share this post


Link to post
2 hours ago, niyucozi said:

A. What did you mean by "in the config"? Did you mean the server's config file or AirVPN's config file? I do not own the server; it belongs to AirVPN.


The OpenVPN config file, in your case AirVPN_TCP-443-Entry4.ovpn.
 
2 hours ago, niyucozi said:

B. Is it OK if I do not comment out or delete the line UV_IPV6=yes ? It means that I just have to live with the error messages in the log.


It's not ideal because OpenVPN will exit with a non-zero return code. If you've got some logic checking if OpenVPN exited cleanly, it will break that. If v6 is disabled anyway, there is no real reason to endure those errors. :D But it's your choice in the end, OpenVPN will work despite them.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...