Discussion:
[Openvpn-users] ...route addition failed using CreateIpForwardEntry...
Mark Puck
2007-02-27 19:33:53 UTC
Permalink
Hi,

I'm fairly new to networking software and was hoping someone can clue me in
to why I can connect to IPCop via OpenVPN and use the internet, but not
access the local network. Looks like it has something to do with the ROUTE
command in the log file below. Any ideas on how to fix this?



TIA,

Mark









Tue Feb 27 11:14:58 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct
1 2006

Tue Feb 27 11:14:58 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.

Tue Feb 27 11:15:05 2007 LZO compression initialized

Tue Feb 27 11:15:05 2007 WARNING: normally if you use --mssfix and/or
--fragment, you should also set --tun-mtu 1500 (currently it is 1400)

Tue Feb 27 11:15:05 2007 Control Channel MTU parms [ L:1442 D:138 EF:38 EB:0
ET:0 EL:0 ]

Tue Feb 27 11:15:06 2007 Data Channel MTU parms [ L:1442 D:1442 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]

Tue Feb 27 11:15:06 2007 Local Options hash (VER=V4): 'a6ae7d69'

Tue Feb 27 11:15:06 2007 Expected Remote Options hash (VER=V4): '006a55ce'

Tue Feb 27 11:15:06 2007 UDPv4 link local (bound): [undef]:1194

Tue Feb 27 11:15:06 2007 UDPv4 link remote: 24.148.9.227:1194

Tue Feb 27 11:15:07 2007 TLS: Initial packet from 24.148.9.227:1194,
sid=e70650d4 29ba21e3

Tue Feb 27 11:15:16 2007 VERIFY OK: depth=1,
/C=US/O=SBS/CN=SBS_CA/emailAddress=***@notjustariver.com

Tue Feb 27 11:15:16 2007 VERIFY OK: nsCertType=SERVER

Tue Feb 27 11:15:16 2007 VERIFY OK: depth=0,
/C=US/O=SBS/CN=morecowbell.no-ip.org

Tue Feb 27 11:15:29 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key

Tue Feb 27 11:15:29 2007 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication

Tue Feb 27 11:15:29 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key

Tue Feb 27 11:15:29 2007 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication

Tue Feb 27 11:15:29 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA

Tue Feb 27 11:15:29 2007 [morecowbell.no-ip.org] Peer Connection Initiated
with 24.148.9.227:1194

Tue Feb 27 11:15:30 2007 SENT CONTROL [morecowbell.no-ip.org]:
'PUSH_REQUEST' (status=1)

Tue Feb 27 11:15:31 2007 PUSH: Received control message: 'PUSH_REPLY,route
192.168.1.0 255.255.255.0,route 10.150.214.1,ifconfig 10.150.214.6
10.150.214.5'

Tue Feb 27 11:15:31 2007 OPTIONS IMPORT: --ifconfig/up options modified

Tue Feb 27 11:15:31 2007 OPTIONS IMPORT: route options modified

Tue Feb 27 11:15:31 2007 TAP-WIN32 device [Local Area Connection 2] opened:
\\.\Global\{C4CAF8B7-F9AC-453A-B781-ED808DA07CE1}.tap

Tue Feb 27 11:15:31 2007 TAP-Win32 Driver Version 8.4

Tue Feb 27 11:15:31 2007 TAP-Win32 MTU=1500

Tue Feb 27 11:15:31 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask
of 10.150.214.6/255.255.255.252 on interface
{C4CAF8B7-F9AC-453A-B781-ED808DA07CE1} [DHCP-serv: 10.150.214.5, lease-time:
31536000]

Tue Feb 27 11:15:31 2007 Successful ARP Flush on interface [12]
{C4CAF8B7-F9AC-453A-B781-ED808DA07CE1}

Tue Feb 27 11:15:31 2007 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

Tue Feb 27 11:15:31 2007 route ADD 192.168.1.0 MASK 255.255.255.0
10.150.214.5

Tue Feb 27 11:15:31 2007 ROUTE: route addition failed using
CreateIpForwardEntry: One or more arguments are not correct. [if_index=12]

Tue Feb 27 11:15:31 2007 Route addition via IPAPI failed

Tue Feb 27 11:15:31 2007 route ADD 10.150.214.1 MASK 255.255.255.255
10.150.214.5

Tue Feb 27 11:15:31 2007 ROUTE: route addition failed using
CreateIpForwardEntry: One or more arguments are not correct. [if_index=12]

Tue Feb 27 11:15:31 2007 Route addition via IPAPI failed

Tue Feb 27 11:15:31 2007 Initialization Sequence Completed
Denis Jedig
2007-02-27 20:11:05 UTC
Permalink
Tue Feb 27 11:15:31 2007 route ADD 10.150.214.1 MASK 255.255.255.255 10.150.214.5
Tue Feb 27 11:15:31 2007 ROUTE: route addition failed using CreateIpForwardEntry: One or more arguments are not correct.
[if_index=12]
You might have insufficient rights to change the local routing table. Are
you executing OpenVPN as a user who is member of the Administrators group?
--
Denis Jedig
syneticon networks GbR http://syneticon.net/service/
Tony
2007-02-27 22:42:56 UTC
Permalink
Are you executing OpenVPN as a user who is member of the Administrators
group?
It is absolutely enough to be just the "Network Operators" group member,
the "Admin" is an over-kill.
--
Tony.
Serge Wautier
2007-02-28 07:37:22 UTC
Permalink
In addition to the other replies, if you're on Vista, this failure always
occurs. You should use "route-method exe". I've found a MS KB article
explaining back compat issues with this API and how to solve it. I'll post
it to open-devel when I've made more tests with it.

HTH,

Serge.
http://www.apptranslator.com <http://www.apptranslator.com/>


_____

From: openvpn-users-***@lists.sourceforge.net
[mailto:openvpn-users-***@lists.sourceforge.net] On Behalf Of Mark Puck
Sent: mardi 27 fevrier 2007 20:34
To: openvpn-***@lists.sourceforge.net
Subject: [Openvpn-users] ...route addition failed
usingCreateIpForwardEntry...





Hi,

I'm fairly new to networking software and was hoping someone can clue me in
to why I can connect to IPCop via OpenVPN and use the internet, but not
access the local network. Looks like it has something to do with the ROUTE
command in the log file below. Any ideas on how to fix this?



TIA,

Mark









Tue Feb 27 11:14:58 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct
1 2006

Tue Feb 27 11:14:58 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.

Tue Feb 27 11:15:05 2007 LZO compression initialized

Tue Feb 27 11:15:05 2007 WARNING: normally if you use --mssfix and/or
--fragment, you should also set --tun-mtu 1500 (currently it is 1400)

Tue Feb 27 11:15:05 2007 Control Channel MTU parms [ L:1442 D:138 EF:38 EB:0
ET:0 EL:0 ]

Tue Feb 27 11:15:06 2007 Data Channel MTU parms [ L:1442 D:1442 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]

Tue Feb 27 11:15:06 2007 Local Options hash (VER=V4): 'a6ae7d69'

Tue Feb 27 11:15:06 2007 Expected Remote Options hash (VER=V4): '006a55ce'

Tue Feb 27 11:15:06 2007 UDPv4 link local (bound): [undef]:1194

Tue Feb 27 11:15:06 2007 UDPv4 link remote: 24.148.9.227:1194

Tue Feb 27 11:15:07 2007 TLS: Initial packet from 24.148.9.227:1194,
sid=e70650d4 29ba21e3

Tue Feb 27 11:15:16 2007 VERIFY OK: depth=1,
/C=US/O=SBS/CN=SBS_CA/emailAddress=***@notjustariver.com

Tue Feb 27 11:15:16 2007 VERIFY OK: nsCertType=SERVER

Tue Feb 27 11:15:16 2007 VERIFY OK: depth=0,
/C=US/O=SBS/CN=morecowbell.no-ip.org

Tue Feb 27 11:15:29 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key

Tue Feb 27 11:15:29 2007 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication

Tue Feb 27 11:15:29 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key

Tue Feb 27 11:15:29 2007 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication

Tue Feb 27 11:15:29 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA

Tue Feb 27 11:15:29 2007 [morecowbell.no-ip.org] Peer Connection Initiated
with 24.148.9.227:1194

Tue Feb 27 11:15:30 2007 SENT CONTROL [morecowbell.no-ip.org]:
'PUSH_REQUEST' (status=1)

Tue Feb 27 11:15:31 2007 PUSH: Received control message: 'PUSH_REPLY,route
192.168.1.0 255.255.255.0,route 10.150.214.1,ifconfig 10.150.214.6
10.150.214.5'

Tue Feb 27 11:15:31 2007 OPTIONS IMPORT: --ifconfig/up options modified

Tue Feb 27 11:15:31 2007 OPTIONS IMPORT: route options modified

Tue Feb 27 11:15:31 2007 TAP-WIN32 device [Local Area Connection 2] opened:
\\.\Global\{C4CAF8B7-F9AC-453A-B781-ED808DA07CE1}.tap

Tue Feb 27 11:15:31 2007 TAP-Win32 Driver Version 8.4

Tue Feb 27 11:15:31 2007 TAP-Win32 MTU=1500

Tue Feb 27 11:15:31 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask
of 10.150.214.6/255.255.255.252 on interface
{C4CAF8B7-F9AC-453A-B781-ED808DA07CE1} [DHCP-serv: 10.150.214.5, lease-time:
31536000]

Tue Feb 27 11:15:31 2007 Successful ARP Flush on interface [12]
{C4CAF8B7-F9AC-453A-B781-ED808DA07CE1}

Tue Feb 27 11:15:31 2007 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

Tue Feb 27 11:15:31 2007 route ADD 192.168.1.0 MASK 255.255.255.0
10.150.214.5

Tue Feb 27 11:15:31 2007 ROUTE: route addition failed using
CreateIpForwardEntry: One or more arguments are not correct. [if_index=12]

Tue Feb 27 11:15:31 2007 Route addition via IPAPI failed

Tue Feb 27 11:15:31 2007 route ADD 10.150.214.1 MASK 255.255.255.255
10.150.214.5

Tue Feb 27 11:15:31 2007 ROUTE: route addition failed using
CreateIpForwardEntry: One or more arguments are not correct. [if_index=12]

Tue Feb 27 11:15:31 2007 Route addition via IPAPI failed

Tue Feb 27 11:15:31 2007 Initialization Sequence Completed
James Yonan
2007-02-28 10:29:50 UTC
Permalink
Post by Serge Wautier
In addition to the other replies, if you're on Vista, this failure
always occurs. You should use "route-method exe". I've found a MS KB
article explaining back compat issues with this API and how to solve
it. I'll post it to open-devel when I've made more tests with it.
OpenVPN 2.1_rc2 (just released) has a fix for the "route addition failed
using CreateIpForwardEntry" error on Vista.

James

Loading...