OpenVPN show me "Cannot read current default gateway from system" error
by Jason.nix from LinuxQuestions.org on (#6E04X)
Hello,
I have an OpenVPN server and a client and each one have a NIC:
Code:OpenVPN Server: 10.0.2.15
Client: 10.0.2.16I set the IP addresses for both of them manually.
The OpenVPN server network configuration is as below and has access to the Internet:
Code:# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:feed:b47c prefixlen 64 scopeid 0x20<link>
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
RX packets 7353 bytes 1384926 (1.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6012 bytes 993559 (970.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#
# ping google.com
PING google.com (216.239.38.120) 56(84) bytes of data.
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=1 ttl=48 time=49.5 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=2 ttl=48 time=41.8 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=3 ttl=48 time=48.5 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2011ms
rtt min/avg/max/mdev = 41.776/46.577/49.490/3.420 ms
#The client does not have access to the Internet.
Both Server and client see each other:
Code:# ping 10.0.2.16
PING 10.0.2.16 (10.0.2.16) 56(84) bytes of data.
64 bytes from 10.0.2.16: icmp_seq=1 ttl=128 time=0.856 ms
64 bytes from 10.0.2.16: icmp_seq=2 ttl=128 time=0.827 ms
64 bytes from 10.0.2.16: icmp_seq=3 ttl=128 time=0.884 ms
^C
--- 10.0.2.16 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.827/0.855/0.884/0.023 ms
#And:
Code:C:\>ping 10.0.2.15
Pinging 10.0.2.15 with 32 bytes of data:
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Ping statistics for 10.0.2.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>The server.conf is as below:
Code:port 3000
proto udp
dev tun30
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 20.1.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tunI strated the OpenVPN server:
Code:tun30: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 20.1.0.1 netmask 255.255.255.255 destination 20.1.0.2
inet6 fe80::8a00:a85f:217:6609 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 432 (432.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0It is worked.
After it, I executed the following iptables rules:
Code:# IF_MAIN=enp0s3
# IF_TUNNEL=tun30
# YOUR_OPENVPN_SUBNET=20.1.0.0/16
# iptables -I INPUT -p udp --dport 3000 -j ACCEPT
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE
# iptables-saveMy client.ovpn file is as below:
Code:client
dev tun30
proto udp
remote 10.0.2.15 3000
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-256-CBC
verb 3I want to connect to my OpenVPN server. Client connected, but:
1- It showed me the following errors:
Code:Sat Aug 19 18:23:53 2023 NOTE: unable to redirect IPv4 default gateway -- Cannot read current default gateway from system
Sat Aug 19 18:23:53 2023 MANAGEMENT: >STATE:1692453233,ADD_ROUTES,,,,,,
Sat Aug 19 18:23:53 2023 C:\Windows\system32\route.exe ADD 20.1.0.1 MASK 255.255.255.255 20.1.0.5
Sat Aug 19 18:23:53 2023 Route addition via service succeeded
Sat Aug 19 18:23:53 2023 Initialization Sequence Completed
Sat Aug 19 18:23:53 2023 MANAGEMENT: >STATE:1692453233,CONNECTED,ROUTE_ERROR,20.1.0.6,10.0.2.15,3000,,
Sat Aug 19 18:23:52 2023 ERROR: Some routes were not successfully added. The connection may not function correctly2- The client does not have access to the Internet:
Code:C:\>ping google.com
Ping request could not find host google.com. Please check the name and try again.
C:\>
C:\>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>What is my problem?
Thank you.
I have an OpenVPN server and a client and each one have a NIC:
Code:OpenVPN Server: 10.0.2.15
Client: 10.0.2.16I set the IP addresses for both of them manually.
The OpenVPN server network configuration is as below and has access to the Internet:
Code:# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:feed:b47c prefixlen 64 scopeid 0x20<link>
ether 08:00:27:ed:b4:7c txqueuelen 1000 (Ethernet)
RX packets 7353 bytes 1384926 (1.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6012 bytes 993559 (970.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#
# ping google.com
PING google.com (216.239.38.120) 56(84) bytes of data.
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=1 ttl=48 time=49.5 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=2 ttl=48 time=41.8 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=3 ttl=48 time=48.5 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2011ms
rtt min/avg/max/mdev = 41.776/46.577/49.490/3.420 ms
#The client does not have access to the Internet.
Both Server and client see each other:
Code:# ping 10.0.2.16
PING 10.0.2.16 (10.0.2.16) 56(84) bytes of data.
64 bytes from 10.0.2.16: icmp_seq=1 ttl=128 time=0.856 ms
64 bytes from 10.0.2.16: icmp_seq=2 ttl=128 time=0.827 ms
64 bytes from 10.0.2.16: icmp_seq=3 ttl=128 time=0.884 ms
^C
--- 10.0.2.16 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.827/0.855/0.884/0.023 ms
#And:
Code:C:\>ping 10.0.2.15
Pinging 10.0.2.15 with 32 bytes of data:
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Reply from 10.0.2.15: bytes=32 time<1ms TTL=64
Ping statistics for 10.0.2.15:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>The server.conf is as below:
Code:port 3000
proto udp
dev tun30
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 20.1.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth ta.key 0
data-ciphers AES-256-CBC
user nobody
group nogroup
persist-key
persist-tunI strated the OpenVPN server:
Code:tun30: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 20.1.0.1 netmask 255.255.255.255 destination 20.1.0.2
inet6 fe80::8a00:a85f:217:6609 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 432 (432.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0It is worked.
After it, I executed the following iptables rules:
Code:# IF_MAIN=enp0s3
# IF_TUNNEL=tun30
# YOUR_OPENVPN_SUBNET=20.1.0.0/16
# iptables -I INPUT -p udp --dport 3000 -j ACCEPT
# iptables -A FORWARD -i $IF_MAIN -o $IF_TUNNEL -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j ACCEPT
# iptables -t nat -A POSTROUTING -s $YOUR_OPENVPN_SUBNET -o $IF_MAIN -j MASQUERADE
# iptables-saveMy client.ovpn file is as below:
Code:client
dev tun30
proto udp
remote 10.0.2.15 3000
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-256-CBC
verb 3I want to connect to my OpenVPN server. Client connected, but:
1- It showed me the following errors:
Code:Sat Aug 19 18:23:53 2023 NOTE: unable to redirect IPv4 default gateway -- Cannot read current default gateway from system
Sat Aug 19 18:23:53 2023 MANAGEMENT: >STATE:1692453233,ADD_ROUTES,,,,,,
Sat Aug 19 18:23:53 2023 C:\Windows\system32\route.exe ADD 20.1.0.1 MASK 255.255.255.255 20.1.0.5
Sat Aug 19 18:23:53 2023 Route addition via service succeeded
Sat Aug 19 18:23:53 2023 Initialization Sequence Completed
Sat Aug 19 18:23:53 2023 MANAGEMENT: >STATE:1692453233,CONNECTED,ROUTE_ERROR,20.1.0.6,10.0.2.15,3000,,
Sat Aug 19 18:23:52 2023 ERROR: Some routes were not successfully added. The connection may not function correctly2- The client does not have access to the Internet:
Code:C:\>ping google.com
Ping request could not find host google.com. Please check the name and try again.
C:\>
C:\>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>What is my problem?
Thank you.