New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
openvpn: Error: Nexthop has invalid gateway.
Anyone know how to fix this please? its headless server with ssh, vpn ip is 5.6.7.8
On line where it print this:
/sbin/ip route add 5.6.7.8/32 via 1.2.3.4
the 1.2.3.4 is ip from
ip r
default via 1.2.3.4 dev eth0 proto static onlink
From log:
Tue Sep 14 16:59:35 2021 ROUTE_GATEWAY 1.2.3.4
Tue Sep 14 16:59:35 2021 TUN/TAP device tun0 opened
Tue Sep 14 16:59:35 2021 TUN/TAP TX queue length set to 100
Tue Sep 14 16:59:35 2021 /sbin/ip link set dev tun0 up mtu 1500
Tue Sep 14 16:59:35 2021 /sbin/ip addr add dev tun0 10.8.0.7/24 broadcast 10.8.0.255
Tue Sep 14 16:59:35 2021 /sbin/ip route add 5.6.7.8/32 via 1.2.3.4
Error: Nexthop has invalid gateway.
Thanks for help
Comments
I'm assuming this is a client since you're removing the default gateway.
The problem is what it says on the tin,
1.2.3.4isn't reachable via any networks on your machine.In that case, make the route to your VPN an on-link route via your upstream gateway and specify the device during route insertion.
ip route add 5.6.7.8/32 via 1.2.3.4 dev eth0 onlink.the client is server on hetzner
thx for helping me out still the same error
ip route show
default via 1.2.3.4 dev eth0 proto static onlink
5.6.7.8 via 1.2.3.4 dev eth0 onlink
Wed Sep 15 08:50:08 2021 TLS: Initial packet from [AF_INET]5.6.7.8:1194, sid=e22d1d41 9743b770Wed Sep 15 08:50:08 2021 VERIFY OK: depth=1, CN=cn_4z0ZAqjpzm5B8te2
Wed Sep 15 08:50:08 2021 VERIFY KU OK
Wed Sep 15 08:50:08 2021 Validating certificate extended key usage
Wed Sep 15 08:50:08 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Sep 15 08:50:08 2021 VERIFY EKU OK
Wed Sep 15 08:50:08 2021 VERIFY X509NAME OK: CN=server_412od4ljvUawrKKO
Wed Sep 15 08:50:08 2021 VERIFY OK: depth=0, CN=server_412od4ljvUawrKKO
Wed Sep 15 08:50:08 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Wed Sep 15 08:50:08 2021 [server_412od4ljvUawrKKO] Peer Connection Initiated with [AF_INET]5.6.7.8:1194
Wed Sep 15 08:50:09 2021 SENT CONTROL [server_412od4ljvUawrKKO]: 'PUSH_REQUEST' (status=1)
Wed Sep 15 08:50:09 2021 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 1.0.0.1,dhcp-option DNS 1.1.1.1,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.7 255.255.255.0,peer-id 2,cipher AES-128-GCM'
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: timers and/or timeouts modified
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: --ifconfig/up options modified
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: route options modified
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: route-related options modified
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: peer-id set
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: adjusting link_mtu to 1624
Wed Sep 15 08:50:09 2021 OPTIONS IMPORT: data channel crypto options modified
Wed Sep 15 08:50:09 2021 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Sep 15 08:50:09 2021 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Sep 15 08:50:09 2021 ROUTE_GATEWAY 1.2.3.4
Wed Sep 15 08:50:09 2021 TUN/TAP device tun0 opened
Wed Sep 15 08:50:09 2021 TUN/TAP TX queue length set to 100
Wed Sep 15 08:50:09 2021 /sbin/ip link set dev tun0 up mtu 1500
Wed Sep 15 08:50:09 2021 /sbin/ip addr add dev tun0 10.8.0.7/24 broadcast 10.8.0.255
Wed Sep 15 08:50:09 2021 /sbin/ip route add 5.6.7.8/32 via 1.2.3.4
Error: Nexthop has invalid gateway.
Wed Sep 15 08:50:09 2021 ERROR: Linux route add command failed: external program exited with error status: 2
Wed Sep 15 08:50:09 2021 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Wed Sep 15 08:50:09 2021 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Wed Sep 15 08:50:09 2021 Initialization Sequence Completed
Cmon man, it's right there. It's still doing the same shit as before, you need to change how OpenVPN sets up the routes not type them before you try to connect; OpenVPN should be doing that not you.
yes but how o.o?
route-nopullthen writing the routes yourself.Post your OpenVPN client config and maybe LET can help you better.
client
proto udp
explicit-exit-notify
remote 5.6.7.8 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_412od4ljvUawrKKO name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
#
2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
Oh we are getting there maybe
I tried add to config route-nopull as you said
the problem is not everything is going thru tun0 only what i choose like curl
curl -v --interface tun0 icanhazip.com
reporting vpn ip