niyucozi 0 Posted ... (edited) My operating system is Debian 10.9 and I am experimenting on double-hop two different VPN servers. Some call it chaining or cascading two VPN servers. Attached is the script that I found on the internet. It is called updown.sh and I attach it to this post. The contents of the config file that I used were: client dev tun remote exit-ip-of-airvpn-server 443 resolv-retry infinite nobind persist-key persist-tun auth-nocache route-delay 5 verb 3 remote-cert-tls server data-ciphers-fallback AES-256-CBC comp-lzo no proto tcp auth SHA512 script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf <ca> -----BEGIN CERTIFICATE----- alphanumeric text -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- alphanumeric text -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- alphanumeric text -----END PRIVATE KEY----- </key> <tls-crypt> -----BEGIN OpenVPN Static key V1----- alphanumeric text -----END OpenVPN Static key V1----- </tls-crypt> I have the error message "RTNETLINK answers: Operation not supported" when AirVPN Server is the first hop. Below is the full log: username@localhost:~/test$ sudo openvpn --config AirVPN_TCP-443-Entry4.ovpn --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec [sudo] password for username: 2021-04-29 18:32:59 Multiple --up scripts defined. The previously configured script is overridden. 2021-04-29 18:32:59 Multiple --down scripts defined. The previously configured script is overridden. 2021-04-29 18:32:59 OpenVPN 2.5.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021 2021-04-29 18:32:59 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 2021-04-29 18:32:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2021-04-29 18:32:59 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 2021-04-29 18:32:59 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-04-29 18:32:59 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 2021-04-29 18:32:59 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-04-29 18:32:59 TCP/UDP: Preserving recently used remote address: [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 18:32:59 Socket Buffers: R=[131072->131072] S=[16384->16384] 2021-04-29 18:32:59 Attempting to establish TCP connection with [AF_INET]exit-ip-of-airvpn-server:443 [nonblock] 2021-04-29 18:32:59 TCP connection established with [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 18:32:59 TCP_CLIENT link local: (not bound) 2021-04-29 18:32:59 TCP_CLIENT link remote: [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 18:33:00 TLS: Initial packet from [AF_INET]exit-ip-of-airvpn-server:443, sid=8bb71dc6 7f1a32a5 2021-04-29 18:33:00 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-04-29 18:33:00 VERIFY KU OK 2021-04-29 18:33:00 Validating certificate extended key usage 2021-04-29 18:33:00 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-04-29 18:33:00 VERIFY EKU OK 2021-04-29 18:33:00 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn-server, emailAddress=info@airvpn.org 2021-04-29 18:33:01 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-04-29 18:33:01 [AirVPN-Server] Peer Connection Initiated with [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 18:33:01 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.21.207.1,route-gateway 10.21.207.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.21.207.18 255.255.255.0,peer-id 0,cipher AES-256-GCM' 2021-04-29 18:33:01 OPTIONS IMPORT: timers and/or timeouts modified 2021-04-29 18:33:01 OPTIONS IMPORT: compression parms modified 2021-04-29 18:33:01 OPTIONS IMPORT: --ifconfig/up options modified 2021-04-29 18:33:01 OPTIONS IMPORT: route options modified 2021-04-29 18:33:01 OPTIONS IMPORT: route-related options modified 2021-04-29 18:33:01 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2021-04-29 18:33:01 OPTIONS IMPORT: peer-id set 2021-04-29 18:33:01 OPTIONS IMPORT: adjusting link_mtu to 1627 2021-04-29 18:33:01 OPTIONS IMPORT: data channel crypto options modified 2021-04-29 18:33:01 Data Channel: using negotiated cipher 'AES-256-GCM' 2021-04-29 18:33:01 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-04-29 18:33:01 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-04-29 18:33:01 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enx000ec6ca331e HWADDR=11:1e:b7:de:00:2f 2021-04-29 18:33:01 TUN/TAP device tun0 opened 2021-04-29 18:33:01 /sbin/ip link set dev tun0 up mtu 1500 2021-04-29 18:33:01 /sbin/ip link set dev tun0 up 2021-04-29 18:33:01 /sbin/ip addr add dev tun0 10.21.207.18/24 2021-04-29 18:33:01 updown.sh tun0 1500 1555 10.21.207.18 255.255.255.0 init updown.sh: STARTED updown.sh: hop number: (default: 1) updown.sh: gateway of previous hop: (default: local gateway) updown.sh: local gateway: 192.168.1.1 updown.sh: VPN: int. IP address: 10.21.207.18 updown.sh: VPN: netmask: 255.255.255.0 updown.sh: VPN: gateway: 10.21.207.1 updown.sh: VPN: public IP address: exit-ip-of-airvpn-server updown.sh: Notice: You didn't set 'hopid'. Assuming this to be the first hop (hopid=1). updown.sh: Notice: You didn't set the previous gateway. The gateway of your local network ('192.168.1.1') will be used. updown.sh: executing: '/usr/sbin/ip route add exit-ip-of-airvpn-server via 192.168.1.1' updown.sh: executing: '/usr/sbin/ip route add 0.0.0.0/1 via 10.21.207.1' updown.sh: executing: '/usr/sbin/ip route add 128.0.0.0/1 via 10.21.207.1' updown.sh: executing: '/usr/sbin/ip -6 route add 2000::/4 dev tun0' RTNETLINK answers: Operation not supported updown.sh: executing: '/usr/sbin/ip -6 route add 3000::/4 dev tun0' RTNETLINK answers: Operation not supported updown.sh: HINT: For the next hop, start openvpn with the following options: updown.sh: HINT: openvpn --config <config.conf> --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 2 --setenv prevgw 10.21.207.1 updown.sh: execuding: '/etc/openvpn/update-resolv-conf' dhcp-option DNS 10.21.207.1 updown.sh: FINISHED 2021-04-29 18:33:06 Initialization Sequence Completed There were about four "RTNETLINK answers: Operation not supported" messages when AirVPN Server was the second hop. Below is the full log: sudo openvpn --config AirVPN_TCP-443-Entry4.ovpn --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 2 --setenv prevgw 10.10.101.9 [sudo] password for username: 2021-04-29 17:38:57 Multiple --up scripts defined. The previously configured script is overridden. 2021-04-29 17:38:57 Multiple --down scripts defined. The previously configured script is overridden. 2021-04-29 17:38:57 OpenVPN 2.5.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021 2021-04-29 17:38:57 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 2021-04-29 17:38:57 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2021-04-29 17:38:57 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 2021-04-29 17:38:57 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-04-29 17:38:57 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 2021-04-29 17:38:57 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 2021-04-29 17:38:57 TCP/UDP: Preserving recently used remote address: [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 17:38:57 Socket Buffers: R=[131072->131072] S=[16384->16384] 2021-04-29 17:38:57 Attempting to establish TCP connection with [AF_INET]exit-ip-of-airvpn-server:443 [nonblock] 2021-04-29 17:38:57 TCP connection established with [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 17:38:57 TCP_CLIENT link local: (not bound) 2021-04-29 17:38:57 TCP_CLIENT link remote: [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 17:38:58 TLS: Initial packet from [AF_INET]exit-ip-of-airvpn-server:443, sid=efab61d0 f267c3aa 2021-04-29 17:38:58 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-04-29 17:38:58 VERIFY KU OK 2021-04-29 17:38:58 Validating certificate extended key usage 2021-04-29 17:38:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-04-29 17:38:58 VERIFY EKU OK 2021-04-29 17:38:58 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn-server, emailAddress=info@airvpn.org 2021-04-29 17:38:59 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-04-29 17:38:59 [AirVPN-Server] Peer Connection Initiated with [AF_INET]exit-ip-of-airvpn-server:443 2021-04-29 17:39:00 SENT CONTROL [AirVPN-Server]: 'PUSH_REQUEST' (status=1) 2021-04-29 17:39:00 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.21.195.1,route-gateway 10.21.195.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.21.195.37 255.255.255.0,peer-id 0,cipher AES-256-GCM' 2021-04-29 17:39:00 OPTIONS IMPORT: timers and/or timeouts modified 2021-04-29 17:39:00 OPTIONS IMPORT: compression parms modified 2021-04-29 17:39:00 OPTIONS IMPORT: --ifconfig/up options modified 2021-04-29 17:39:00 OPTIONS IMPORT: route options modified 2021-04-29 17:39:00 OPTIONS IMPORT: route-related options modified 2021-04-29 17:39:00 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2021-04-29 17:39:00 OPTIONS IMPORT: peer-id set 2021-04-29 17:39:00 OPTIONS IMPORT: adjusting link_mtu to 1627 2021-04-29 17:39:00 OPTIONS IMPORT: data channel crypto options modified 2021-04-29 17:39:00 Data Channel: using negotiated cipher 'AES-256-GCM' 2021-04-29 17:39:00 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-04-29 17:39:00 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2021-04-29 17:39:00 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enx000ec6ca331e HWADDR=11:1e:b7:de:00:2f 2021-04-29 17:39:00 TUN/TAP device tun1 opened 2021-04-29 17:39:00 /sbin/ip link set dev tun1 up mtu 1500 2021-04-29 17:39:00 /sbin/ip link set dev tun1 up 2021-04-29 17:39:00 /sbin/ip addr add dev tun1 10.21.195.37/24 2021-04-29 17:39:00 updown.sh tun1 1500 1555 10.21.195.37 255.255.255.0 init updown.sh: STARTED updown.sh: hop number: 2 (default: 1) updown.sh: gateway of previous hop: 10.10.101.9 (default: local gateway) updown.sh: local gateway: 192.168.1.1 updown.sh: VPN: int. IP address: 10.21.195.37 updown.sh: VPN: netmask: 255.255.255.0 updown.sh: VPN: gateway: 10.21.195.1 updown.sh: VPN: public IP address: exit-ip-of-airvpn-server updown.sh: executing: '/usr/sbin/ip route add exit-ip-of-airvpn-server via 10.10.101.9' updown.sh: executing: '/usr/sbin/ip route add 0.0.0.0/2 via 10.21.195.1' updown.sh: executing: '/usr/sbin/ip route add 64.0.0.0/2 via 10.21.195.1' updown.sh: executing: '/usr/sbin/ip route add 128.0.0.0/2 via 10.21.195.1' updown.sh: executing: '/usr/sbin/ip route add 192.0.0.0/2 via 10.21.195.1' updown.sh: executing: '/usr/sbin/ip -6 route add 2000::/5 dev tun1' RTNETLINK answers: Operation not supported updown.sh: executing: '/usr/sbin/ip -6 route add 2800::/5 dev tun1' RTNETLINK answers: Operation not supported updown.sh: executing: '/usr/sbin/ip -6 route add 3000::/5 dev tun1' RTNETLINK answers: Operation not supported updown.sh: executing: '/usr/sbin/ip -6 route add 3800::/5 dev tun1' RTNETLINK answers: Operation not supported updown.sh: HINT: For the next hop, start openvpn with the following options: updown.sh: HINT: openvpn --config <config.conf> --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 3 --setenv prevgw 10.21.195.1 updown.sh: execuding: '/etc/openvpn/update-resolv-conf' dhcp-option DNS 10.21.195.1 updown.sh: FINISHED 2021-04-29 17:39:05 Initialization Sequence Completed How do I fix the "RTNETLINK: Operation not supported" issue? updown.sh Edited ... by niyucozi Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 18 hours ago, niyucozi said: How do I fix the "RTNETLINK: Operation not supported" issue? By not requesting IPv6 routes from the server. If you look closely, it only happens if OpenVPN wants to set -6 routes. Your system seems to have no support for that, or you disabled it intentionally. In the config, comment out or delete this line: # UV_IPV6 = yes . 1 niyucozi reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
niyucozi 0 Posted ... 8 minutes ago, OpenSourcerer said: By not requesting IPv6 routes from the server. If you look closely, it only happens if OpenVPN wants to set -6 routes. Your system seems to have no support for that, or you disabled it intentionally. In the config, comment out or delete this line: # UV_IPV6 = yes . Thanks for your help. You are right. I have disabled IPv6 in my Debian OS. A. What did you mean by "in the config"? Did you mean the server's config file or AirVPN's config file? I do not own the server; it belongs to AirVPN. B. Is it OK if I do not comment out or delete the line UV_IPV6=yes ? It means that I just have to live with the error messages in the log. Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 2 hours ago, niyucozi said: A. What did you mean by "in the config"? Did you mean the server's config file or AirVPN's config file? I do not own the server; it belongs to AirVPN. The OpenVPN config file, in your case AirVPN_TCP-443-Entry4.ovpn. 2 hours ago, niyucozi said: B. Is it OK if I do not comment out or delete the line UV_IPV6=yes ? It means that I just have to live with the error messages in the log. It's not ideal because OpenVPN will exit with a non-zero return code. If you've got some logic checking if OpenVPN exited cleanly, it will break that. If v6 is disabled anyway, there is no real reason to endure those errors. But it's your choice in the end, OpenVPN will work despite them. 1 niyucozi reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post