When setting up an OpenVPN server with the following configuration:
local 192.168.0.250
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server-vpn.crt
key /etc/openvpn/easy-rsa/keys/server-vpn.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.250 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"During client connection attempts, we encounter these critical errors:
RTNETLINK answers: Invalid argument
ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File existsThe error occurs due to conflicting route definitions in the server configuration. The problematic line is:
ifconfig 10.8.0.1 10.8.0.2This creates ambiguity with the server directive that already defines the network range.
Modify your server configuration to:
server 10.8.0.0 255.255.255.0
# Remove the ifconfig line completely
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"After making these changes:
- Restart OpenVPN service:
sudo systemctl restart openvpn@server - Check routes:
ip route show - Verify tun interface:
ip addr show tun0
If issues persist, consider these additional checks:
# Check kernel IP forwarding
cat /proc/sys/net/ipv4/ip_forward
# Verify iptables rules
sudo iptables -t nat -L -n -v
# Test basic connectivity
ping 10.8.0.1
traceroute 10.8.0.1For more complex setups, consider using a bridge configuration:
dev tap
server-bridge 192.168.0.250 255.255.255.0 192.168.0.128 192.168.0.254
push "route 192.168.0.0 255.255.255.0"When setting up an OpenVPN server with the following configuration:
local 192.168.0.250
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server-vpn.crt
key /etc/openvpn/easy-rsa/keys/server-vpn.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.0.250 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
Clients may encounter routing errors during connection:
RTNETLINK answers: Invalid argument
ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
The two distinct error messages reveal different underlying issues:
1. "Invalid argument" - Typically occurs when there's a mismatch in IP address assignment
2. "File exists" - Indicates a route conflict where the same route is being added multiple times
Modify your server configuration to handle these cases:
# Replace ifconfig with topology subnet
topology subnet
# Use modern cipher
cipher AES-256-CBC
# Add explicit route management
route-nopull
route-noexec
For Linux clients, try these approaches:
# Solution 1: Pre-create the tun device
sudo ip tuntap add dev tun0 mode tun
sudo ip link set tun0 up
# Solution 2: Use route-up script
script-security 2
route-up /etc/openvpn/update-routes.sh
# Example update-routes.sh:
#!/bin/bash
ip route add 10.8.0.0/24 dev $dev || true
ip route add 192.168.0.0/24 via 10.8.0.1 || true
Enable verbose logging on both server and client:
# On server:
verb 4
# On client:
verb 4
log /var/log/openvpn-client.log
Check kernel routing table before and after connection:
ip route show table all
For complex setups, consider network namespaces:
# Create namespace
ip netns add vpnspace
# Move interface to namespace
ip link set tun0 netns vpnspace
# Configure routing within namespace
ip netns exec vpnspace ip route add default via 10.8.0.1