ANSWERED Can't connect, Linux ip addr add failed: external program exited with error status: 2

[User26401 1]

Hi All,

I noticed my IP wasn't an AirVPN one and went to investigate on my Router (Asus RT-AC86U with Asuswrt-Merlin) in the logs I see this:

Nov 28 13:40:45 rc_service: httpd 1285:notify_rc start_vpnclient1
Nov 28 13:40:45 ovpn-client1[6359]: OpenVPN 2.6.12 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Nov 28 13:40:45 ovpn-client1[6359]: library versions: OpenSSL 1.1.1w  11 Sep 2023, LZO 2.08
Nov 28 13:40:45 ovpn-client1[6360]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 28 13:40:45 ovpn-client1[6360]: TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.195.29:443
Nov 28 13:40:45 ovpn-client1[6360]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Nov 28 13:40:45 ovpn-client1[6360]: UDPv4 link local: (not bound)
Nov 28 13:40:45 ovpn-client1[6360]: UDPv4 link remote: [AF_INET]217.138.195.29:443
Nov 28 13:40:45 ovpn-client1[6360]: TLS: Initial packet from [AF_INET]217.138.195.29:443, sid=a9e4ee30 6de459b1
Nov 28 13:40:45 ovpn-client1[6360]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Nov 28 13:40:45 ovpn-client1[6360]: VERIFY KU OK
Nov 28 13:40:45 ovpn-client1[6360]: Validating certificate extended key usage
Nov 28 13:40:45 ovpn-client1[6360]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 28 13:40:45 ovpn-client1[6360]: VERIFY EKU OK
Nov 28 13:40:45 ovpn-client1[6360]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Betelgeuse, emailAddress=info@airvpn.org
Nov 28 13:40:45 ovpn-client1[6360]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
Nov 28 13:40:45 ovpn-client1[6360]: [Betelgeuse] Peer Connection Initiated with [AF_INET]217.138.195.29:443
Nov 28 13:40:45 ovpn-client1[6360]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Nov 28 13:40:45 ovpn-client1[6360]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Nov 28 13:40:46 ovpn-client1[6360]: SENT CONTROL [Betelgeuse]: 'PUSH_REQUEST' (status=1)
Nov 28 13:40:46 ovpn-client1[6360]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.11.214.1,dhcp-option DNS6 fde6:7a:7d20:7d6::1,tun-ipv6,route-gateway 10.11.214.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:7d6::1015/64 fde6:7a:7d20:7d6::1,ifconfig 10.11.214.23 255.255.255.0,peer-id 2,cipher CHACHA20-POLY1305,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
Nov 28 13:40:46 ovpn-client1[6360]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 28 13:40:46 ovpn-client1[6360]: OPTIONS IMPORT: route options modified
Nov 28 13:40:46 ovpn-client1[6360]: OPTIONS IMPORT: route-related options modified
Nov 28 13:40:46 ovpn-client1[6360]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Nov 28 13:40:46 ovpn-client1[6360]: OPTIONS IMPORT: tun-mtu set to 1500
Nov 28 13:40:46 ovpn-client1[6360]: GDG6: remote_host_ipv6=n/a
Nov 28 13:40:46 ovpn-client1[6360]: net_route_v6_best_gw query: dst ::
Nov 28 13:40:46 ovpn-client1[6360]: net_route_v6_best_gw result: via :: dev lo
Nov 28 13:40:46 ovpn-client1[6360]: TUN/TAP device tun11 opened
Nov 28 13:40:46 ovpn-client1[6360]: TUN/TAP TX queue length set to 1000
Nov 28 13:40:46 ovpn-client1[6360]: /usr/sbin/ip link set dev tun11 up mtu 1500
Nov 28 13:40:46 ovpn-client1[6360]: /usr/sbin/ip link set dev tun11 up
Nov 28 13:40:46 ovpn-client1[6360]: /usr/sbin/ip addr add dev tun11 10.11.214.23/24
Nov 28 13:40:46 ovpn-client1[6360]: Linux ip addr add failed: external program exited with error status: 2
Nov 28 13:40:46 ovpn-client1[6360]: Exiting due to fatal error


When I ssh onto the router and issue that last ip addr command I get this

admin@RT-AC86U-44E0:/tmp/home/root# ip addr add dev tun11 10.11.214.23/24
RTNETLINK answers: File exists

ip addr show shows 21 entries but only 1 for tun11:

21: tun11: <NO-CARRIER,POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/none
    inet 10.11.214.23/24 scope global tun11
       valid_lft forever preferred_lft forever
admin@RT-AC86U-44E0:/tmp/home/root#

Strangely the pid of the openvpn process keeps ramping up as though it's constantly failing and restarting?

admin@RT-AC86U-44E0:/tmp/home/root# ps | grep openvpn
22350 admin     3332 S    grep openvpn
admin@RT-AC86U-44E0:/tmp/home/root# ps | grep openvpn
22456 admin     3332 S    grep openvpn
admin@RT-AC86U-44E0:/tmp/home/root#

Any ideas? I've not changed anything to cause this, I've just updated to the latest firmware. Rebooted loads of times etc.

Cheers!

 

[User26401 1]

Edit sorry I've just seen the other related post about IPv6, I added those lines and it now works. These are my options if it helps others!

resolv-retry infinite
auth-nocache
explicit-exit-notify 5
remote-cert-tls server
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC
block-ipv6
pull-filter ignore "dhcp-option DNS6"
pull-filter ignore "tun-ipv6"
pull-filter ignore "ifconfig-ipv6"