Problems with openvpn client. openvpn[]: Linux ifconfig failed: could not execute external program

toverna · Nov 23, 2015

Hello everyone.

I am trying to use RT-N66U router's OpenVPN client with this .ovpn file http://antizapret.prostovpn.org/antizapret.ovpn: (same file on pastebin: http://pastebin.com/RRr0kLxa)
On PC (Windows) this .ovpn file works fine.

Firmware is latest by now (378.56_2).

That is what I got in system journal:

Code:

Nov 23 16:51:03 rc_service: httpd 250:notify_rc restart_vpnclient1
Nov 23 16:51:05 kernel: Interface tap11 doesn't exist
Nov 23 16:51:05 dnsmasq[581]: read /etc/hosts - 5 addresses
Nov 23 16:51:05 dnsmasq[581]: read /etc/hosts.dnsmasq - 2 addresses
Nov 23 16:51:05 dnsmasq-dhcp[581]: read /etc/ethers - 2 addresses
Nov 23 16:51:05 dnsmasq[581]: using nameserver 213.132.75.24#53 for domain beeline
Nov 23 16:51:05 dnsmasq[581]: using nameserver 213.132.75.23#53 for domain beeline
Nov 23 16:51:05 dnsmasq[581]: using nameserver 213.132.75.23#53
Nov 23 16:51:05 dnsmasq[581]: using nameserver 213.132.75.24#53
Nov 23 16:51:05 dnsmasq[581]: exiting on receipt of SIGTERM
Nov 23 16:51:05 dnsmasq[632]: started, version 2.75 cachesize 1500
Nov 23 16:51:05 dnsmasq[632]: warning: interface ppp1* does not currently exist
Nov 23 16:51:05 dnsmasq[632]: asynchronous logging enabled, queue limit is 5 messages
Nov 23 16:51:05 dnsmasq-dhcp[632]: DHCP, IP range 192.168.0.2 -- 192.168.0.254, lease time 1d
Nov 23 16:51:05 dnsmasq[632]: read /etc/hosts - 5 addresses
Nov 23 16:51:05 dnsmasq[632]: read /etc/hosts.dnsmasq - 2 addresses
Nov 23 16:51:05 dnsmasq-dhcp[632]: read /etc/ethers - 2 addresses
Nov 23 16:51:05 dnsmasq[632]: using nameserver 213.132.75.24#53 for domain beeline
Nov 23 16:51:05 dnsmasq[632]: using nameserver 213.132.75.23#53 for domain beeline
Nov 23 16:51:05 dnsmasq[632]: using nameserver 213.132.75.23#53
Nov 23 16:51:05 dnsmasq[632]: using nameserver 213.132.75.24#53
Nov 23 16:51:05 kernel: Interface tun11 doesn't exist
Nov 23 16:51:05 kernel: tun: Universal TUN/TAP device driver, 1.6
Nov 23 16:51:05 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Nov 23 16:51:05 openvpn[640]: OpenVPN 2.3.8 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  3 2015
Nov 23 16:51:05 openvpn[640]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Nov 23 16:51:05 openvpn[642]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 23 16:51:05 openvpn[642]: Socket Buffers: R=[118784->131072] S=[118784->131072]
Nov 23 16:51:05 openvpn[642]: UDPv4 link local: [undef]
Nov 23 16:51:05 openvpn[642]: UDPv4 link remote: [AF_INET]107.150.11.192:1194
Nov 23 16:51:05 openvpn[642]: TLS: Initial packet from [AF_INET]107.150.11.192:1194, sid=4fc7a044 99ba5792
Nov 23 16:51:05 openvpn[642]: VERIFY OK: depth=1, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=ProstoVPN.AntiZapret CA, name=ProstoVPN.AntiZapret CA, emailAddress=admin@prostovpn.ru
Nov 23 16:51:05 openvpn[642]: Validating certificate key usage
Nov 23 16:51:05 openvpn[642]: ++ Certificate has key usage  00a0, expects 00a0
Nov 23 16:51:05 openvpn[642]: VERIFY KU OK
Nov 23 16:51:05 openvpn[642]: Validating certificate extended key usage
Nov 23 16:51:05 openvpn[642]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 23 16:51:05 openvpn[642]: VERIFY EKU OK
Nov 23 16:51:05 openvpn[642]: VERIFY OK: depth=0, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=AntiZapret-UK, name=AntiZapret-UK, emailAddress=admin@prostovpn.ru
Nov 23 16:51:07 openvpn[642]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 23 16:51:07 openvpn[642]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 23 16:51:07 openvpn[642]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 23 16:51:07 openvpn[642]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 23 16:51:07 openvpn[642]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov 23 16:51:07 openvpn[642]: [AntiZapret-UK] Peer Connection Initiated with [AF_INET]107.150.11.192:1194
Nov 23 16:51:09 openvpn[642]: SENT CONTROL [AntiZapret-UK]: 'PUSH_REQUEST' (status=1)
Nov 23 16:51:10 openvpn[642]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 74.207.232.103,dhcp-option DNS 74.82.42.42,route 74.207.232.103,route 74.82.42.42,sndbuf 393216,rcvbuf 393216,comp-lzo,route-gateway 192.168.100.1,topology subnet,ping 35,ping-restart 360,route 2.16.10.33 255.255.255.255,route 2.16.10.34 255.255.255.255,route 2.16.10.51 255.255.255.255,route 2.16.10.74 255.255.255.255,route 2.16.10.80 255.255.255.254,route 2.16.10.97 255.255.255.255,route 2.16.10.98 255.255.255.25
                        ... skipped many of similar PUSH messages
Nov 23 16:51:23 openvpn[642]: [truncated] PUSH: Received control message: 'PUSH_REPLY,route 213.52.252.250 255.255.255.255,route 213.52.253.41 255.255.255.255,route 213.52.253.75 255.255.255.255,route 213.52.253.81 255.255.255.255,route 213.52.253.82 255.255.255.255,route 213.128.138.236 255.255.255.255,route 213.133.164.98 255.255.255.255,route 213.136.72.169 255.255.255.255,route 213.136.78.23 255.255.255.255,route 213.136.84.204 255.255.255.255,route 213.152.182.12 255.255.255.254,route 213.171.221.
Nov 23 16:51:23 openvpn[642]: event_wait : Interrupted system call (code=4)
Nov 23 16:51:23 openvpn[642]: OpenVPN STATISTICS
Nov 23 16:51:23 openvpn[642]: Updated,Mon Nov 23 16:51:23 2015
Nov 23 16:51:23 openvpn[642]: TUN/TAP read bytes,0
Nov 23 16:51:23 openvpn[642]: TUN/TAP write bytes,0
Nov 23 16:51:23 openvpn[642]: TCP/UDP read bytes,369980
Nov 23 16:51:23 openvpn[642]: TCP/UDP write bytes,10720
Nov 23 16:51:23 openvpn[642]: Auth read bytes,0
Nov 23 16:51:23 openvpn[642]: pre-compress bytes,0
Nov 23 16:51:23 openvpn[642]: post-compress bytes,0
Nov 23 16:51:24 openvpn[642]: [truncated] PUSH: Received control message: 'PUSH_REPLY,route 213.175.199.238 255.255.255.255,route 213.175.204.8 255.255.255.255,route 213.175.204.54 255.255.255.255,route 213.175.204.71 255.255.255.255,route 213.175.214.61 255.255.255.255,route 213.175.215.110 255.255.255.255,route 213.175.219.177 255.255.255.255,route 213.179.207.240 255.255.255.255,route 213.186.33.40 255.255.255.255,route 213.186.33.151 255.255.255.255,route 213.190.55.34 255.255.255.255,route 213.202
Nov 23 16:51:24 openvpn[642]: [truncated] PUSH: Received control message: 'PUSH_REPLY,route 216.17.107.155 255.255.255.255,route 216.17.111.116 255.255.255.255,route 216.47.75.159 255.255.255.255,route 216.70.104.252 255.255.255.255,route 216.92.111.41 255.255.255.255,route 216.108.234.35 255.255.255.255,route 216.120.237.103 255.255.255.255,route 216.120.237.104 255.255.255.255,route 216.139.222.187 255.255.255.255,route 216.154.222.182 255.255.255.255,route 216.158.230.117 255.255.255.255,route 216.1
Nov 23 16:51:24 openvpn[642]: PUSH: Received control message: 'PUSH_REPLY,route 217.12.201.53 255.255.255.255,route 217.12.201.56 255.255.255.255,route 217.12.201.73 255.255.255.255,route 217.12.201.80 255.255.255.255,route 217.12.201.91 255.255.255.255,route 217.12.201.107 255.255.255.255,route 217.12.203.60 255.255.255.255,route 217.12.203.116 255.255.255.255,route 217.12.203.129 255.255.255.255,route 217.12.203.135 255.255.255.255,route 217.12.203.151 255.255.255.255,route 217.12.204.88 255.255.255.
Nov 23 16:51:24 openvpn[642]: PUSH: Received control message: 'PUSH_REPLY,route 217.12.214.193 255.255.255.255,route 217.12.215.206 255.255.255.255,route 217.12.221.64 255.255.255.255,route 217.19.248.132 255.255.255.255,route 217.23.2.236 255.255.255.255,route 217.23.9.131 255.255.255.255,route 217.23.11.54 255.255.255.255,route 217.23.11.57 255.255.255.255,route 217.23.11.61 255.255.255.255,route 217.23.12.127 255.255.255.255,route 217.26.52.35 255.255.255.255,route 217.26.54.10 255.255.255.255,route
Nov 23 16:51:24 openvpn[642]: PUSH: Received control message: 'PUSH_REPLY,route 217.146.69.7 255.255.255.255,route 217.146.75.49 255.255.255.255,route 217.147.90.198 255.255.255.255,route 217.160.125.26 255.255.255.255,route 217.160.209.199 255.255.255.255,route 217.168.172.229 255.255.255.255,route 217.172.172.18 255.255.255.255,route 217.172.186.6 255.255.255.255,route 217.172.190.222 255.255.255.255,route 217.174.152.28 255.255.255.255,route 217.195.115.146 255.255.255.255,route 217.195.124.248 255.
Nov 23 16:51:24 openvpn[642]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 23 16:51:24 openvpn[642]: OPTIONS IMPORT: LZO parms modified
Nov 23 16:51:24 openvpn[642]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Nov 23 16:51:24 openvpn[642]: Socket Buffers: R=[131072->237568] S=[131072->237568]
Nov 23 16:51:24 openvpn[642]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 23 16:51:24 openvpn[642]: OPTIONS IMPORT: route options modified
Nov 23 16:51:24 openvpn[642]: OPTIONS IMPORT: route-related options modified
Nov 23 16:51:24 openvpn[642]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Nov 23 16:54:19 openvpn[642]: TUN/TAP device tun11 opened
Nov 23 16:54:19 openvpn[642]: TUN/TAP TX queue length set to 100
Nov 23 16:54:19 openvpn[642]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 23 16:54:19 openvpn[642]: /sbin/ifconfig tun11 192.168.100.31 netmask 255.255.252.0 mtu 1500 broadcast 192.168.103.255
Nov 23 16:54:19 openvpn[642]: Linux ifconfig failed: could not execute external program
Nov 23 16:54:19 openvpn[642]: Exiting due to fatal error

It looks like everything is fine until last few lines.

Any suggestions to make it work?

Thank you.

joegreat · Nov 23, 2015

toverna said:
It looks like everything is fine until last few lines.

Did you try to execute ifconfig manually (via telnet/putty)?

Code:

chief@RT-N66U:/tmp/home/root# /sbin/ifconfig

br0        Link encap:Ethernet  HWaddr 08:60:11:22:33:44
           inet addr:192.168.0.253  Bcast:192.168.0.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:386805 errors:0 dropped:0 overruns:0 frame:0
           TX packets:66162 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:64701240 (61.7 MiB)  TX bytes:48829438 (46.5 MiB)

eth0       Link encap:Ethernet  HWaddr 08:60:11:22:33:44
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:704426 errors:0 dropped:0 overruns:0 frame:0
           TX packets:216555 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:50
           RX bytes:540837814 (515.7 MiB)  TX bytes:62389930 (59.4 MiB)
           Interrupt:4 Base address:0x2000

eth1       Link encap:Ethernet  HWaddr 08:60:11:22:33:44
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:14054 errors:0 dropped:0 overruns:0 frame:671330
           TX packets:136201 errors:29 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:1586857 (1.5 MiB)  TX bytes:46131298 (43.9 MiB)
           Interrupt:3 Base address:0x8000

eth2       Link encap:Ethernet  HWaddr 08:60:11:22:33:44
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:69995 errors:0 dropped:0 overruns:0 frame:20238
           TX packets:258941 errors:7 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:10
           RX bytes:5809199 (5.5 MiB)  TX bytes:287561289 (274.2 MiB)
           Interrupt:5 Base address:0x8000

lo         Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:992 errors:0 dropped:0 overruns:0 frame:0
           TX packets:992 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:154228 (150.6 KiB)  TX bytes:154228 (150.6 KiB)

vlan1      Link encap:Ethernet  HWaddr 08:60:11:22:33:44
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:704426 errors:0 dropped:0 overruns:0 frame:0
           TX packets:216555 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:532567518 (507.8 MiB)  TX bytes:61810118 (58.9 MiB)

toverna · Nov 23, 2015

joegreat said:
Did you try to execute ifconfig manually (via telnet/putty)?

Yes. It gives me almost same output as yours.
Even exact same as in log`/sbin/ifconfig tun11 192.168.100.31 netmask 255.255.252.0 mtu 1500 broadcast 192.168.103.255` command gives no error (but also no positive reaction, just empty output).

toverna · Nov 25, 2015

Hello again.

Just tried to establish vpn connection using console commands. It doesn't print as much text as web version, but in the end result was same:

Code:

admin@RT-N66U-xxxx:/tmp/mnt/sda1/temp# modprobe tun
admin@RT-N66U-xxxx:/tmp/mnt/sda1/temp# lsmod | grep tun
tun  8512  0
admin@RT-N66U-xxxx:/tmp/mnt/sda1/temp# openvpn antizapret.ovpn
Wed Nov 25 13:03:04 2015 OpenVPN 2.3.8 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  3 2015
Wed Nov 25 13:03:04 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Wed Nov 25 13:03:04 2015 UDPv4 link local: [undef]
Wed Nov 25 13:03:04 2015 UDPv4 link remote: [AF_INET]107.150.11.192:1194
Wed Nov 25 13:03:06 2015 [AntiZapret-UK] Peer Connection Initiated with [AF_INET]107.150.11.192:1194
Wed Nov 25 13:06:20 2015 TUN/TAP device tun0 opened
Wed Nov 25 13:06:20 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Nov 25 13:06:20 2015 /sbin/ifconfig tun0 192.168.100.18 netmask 255.255.252.0 mtu 1500 broadcast 192.168.103.255
Wed Nov 25 13:06:20 2015 Linux ifconfig failed: could not execute external program
Wed Nov 25 13:06:20 2015 Exiting due to fatal error

My only idea is that not `/sbin/ifconfig` not found, but something that called by it.

Any ideas? Someone from development team may be?

Thank you.

ryzhov_al · Nov 25, 2015

Code:

insmod tun
openvpn --mktun --dev tun0
openvpn antizapret.ovpn

toverna · Nov 26, 2015

ryzhov_al said:
Code:

insmod tun openvpn --mktun --dev tun0 openvpn antizapret.ovpn

Thank you for reply.

Tried these commands. Same results:

Code:

admin@RT-N66U-xxxx:/tmp/mnt/sda1/temp# insmod tun
admin@RT-N66U-xxxx:/tmp/mnt/sda1/temp# openvpn --mktun --dev tun0
Thu Nov 26 16:09:34 2015 TUN/TAP device tun0 opened
Thu Nov 26 16:09:34 2015 Persist state set to: ON
admin@RT-N66U-xxxx:/tmp/mnt/sda1/temp# openvpn antizapret.ovpn
Thu Nov 26 16:09:40 2015 OpenVPN 2.3.8 mipsel-unknown-linux-gnu [SSL (OpenSSL)]  [LZO] [EPOLL] [MH] [IPv6] built on Nov  3 2015
Thu Nov 26 16:09:40 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Thu Nov 26 16:09:40 2015 UDPv4 link local: [undef]
Thu Nov 26 16:09:40 2015 UDPv4 link remote: [AF_INET]107.150.11.192:1194
Thu Nov 26 16:09:42 2015 [AntiZapret-UK] Peer Connection Initiated with [AF_INET  ]107.150.11.192:1194
Thu Nov 26 16:13:05 2015 TUN/TAP device tun1 opened
Thu Nov 26 16:13:05 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Nov 26 16:13:05 2015 /sbin/ifconfig tun1 192.168.100.25 netmask 255.255.252.  0 mtu 1500 broadcast 192.168.103.255
Thu Nov 26 16:13:05 2015 Linux ifconfig failed: could not execute external progr  am
Thu Nov 26 16:13:06 2015 Exiting due to fatal error

I found that openvpn trying to use "free" tun device. If tun0 already created (as above) it will use tun1. If I create tun1 it will use tun2. But for me it does not seem as thing producing error.

Really stuck here.

RMerlin · Nov 26, 2015

Try one of these test builds:

https://www.mediafire.com/folder/bj94sbhrh7e49//Test Builds

There was a change in them in how OpenVPN interfaces with the routing tables.

toverna · Nov 27, 2015

RMerlin said:
Try one of these test builds:

https://www.mediafire.com/folder/bj94sbhrh7e49//Test Builds

There was a change in them in how OpenVPN interfaces with the routing tables.

Hello. Results from test build 380.57_alpha3

From system log page:

Code:

Nov 27 12:35:19 rc_service: httpd 253:notify_rc start_vpnclient1
Nov 27 12:35:19 kernel: tun: Universal TUN/TAP device driver, 1.6
Nov 27 12:35:19 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Nov 27 12:35:20 openvpn[578]: OpenVPN 2.3.8 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 24 2015
Nov 27 12:35:20 openvpn[578]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Nov 27 12:35:20 openvpn[580]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 27 12:35:20 openvpn[580]: Socket Buffers: R=[118784->131072] S=[118784->131072]
Nov 27 12:35:20 openvpn[580]: UDPv4 link local: [undef]
Nov 27 12:35:20 openvpn[580]: UDPv4 link remote: [AF_INET]107.150.11.192:1194
Nov 27 12:35:20 openvpn[580]: TLS: Initial packet from [AF_INET]107.150.11.192:1194, sid=a8762f38 a091ef38
Nov 27 12:35:21 openvpn[580]: VERIFY OK: depth=1, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=ProstoVPN.AntiZapret CA, name=ProstoVPN.AntiZapret CA, emailAddress=admin@prostovpn.ru
Nov 27 12:35:21 openvpn[580]: Validating certificate key usage
Nov 27 12:35:21 openvpn[580]: ++ Certificate has key usage  00a0, expects 00a0
Nov 27 12:35:21 openvpn[580]: VERIFY KU OK
Nov 27 12:35:21 openvpn[580]: Validating certificate extended key usage
Nov 27 12:35:21 openvpn[580]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 27 12:35:21 openvpn[580]: VERIFY EKU OK
Nov 27 12:35:21 openvpn[580]: VERIFY OK: depth=0, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=AntiZapret-UK, name=AntiZapret-UK, emailAddress=admin@prostovpn.ru
Nov 27 12:35:22 openvpn[580]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 27 12:35:22 openvpn[580]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 27 12:35:22 openvpn[580]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Nov 27 12:35:22 openvpn[580]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 27 12:35:22 openvpn[580]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Nov 27 12:35:22 openvpn[580]: [AntiZapret-UK] Peer Connection Initiated with [AF_INET]107.150.11.192:1194
Nov 27 12:35:25 openvpn[580]: SENT CONTROL [AntiZapret-UK]: 'PUSH_REQUEST' (status=1)
Nov 27 12:35:25 openvpn[580]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 74.207.232.103,dhcp-option DNS 74.82.42.42,route 74.207.232.103,route 74.82.42.42,sndbuf 393216,rcvbuf 393216,comp-lzo,route-gateway 192.168.100.1,topology subnet,ping 35,ping-restart 360,route 2.16.10.33 255.255.255.255,route 2.16.10.34 255.255.255.255,route 2.16.10.51 255.255.255.255,route 2.16.10.74 255.255.255.255,route 2.16.10.80 255.255.255.254,route 2.16.10.97 255.255.255.255,route 2.16.10.98 255.255.255.25
          ...skipped similar PUSH commands (lots of them)
Nov 27 12:35:40 openvpn[580]: PUSH: Received control message: 'PUSH_REPLY,route 217.116.232.250 255.255.255.255,route 217.146.69.5 255.255.255.255,route 217.146.69.7 255.255.255.255,route 217.146.75.49 255.255.255.255,route 217.147.90.198 255.255.255.255,route 217.160.125.26 255.255.255.255,route 217.160.209.199 255.255.255.255,route 217.168.172.229 255.255.255.255,route 217.172.172.18 255.255.255.255,route 217.172.186.6 255.255.255.255,route 217.172.190.222 255.255.255.255,route 217.174.152.28 255.255
Nov 27 12:35:40 openvpn[580]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 27 12:35:40 openvpn[580]: OPTIONS IMPORT: LZO parms modified
Nov 27 12:35:40 openvpn[580]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Nov 27 12:35:40 openvpn[580]: Socket Buffers: R=[131072->237568] S=[131072->237568]
Nov 27 12:35:40 openvpn[580]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 27 12:35:40 openvpn[580]: OPTIONS IMPORT: route options modified
Nov 27 12:35:40 openvpn[580]: OPTIONS IMPORT: route-related options modified
Nov 27 12:35:40 openvpn[580]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Nov 27 12:38:37 openvpn[580]: TUN/TAP device tun11 opened
Nov 27 12:38:37 openvpn[580]: TUN/TAP TX queue length set to 100
Nov 27 12:38:37 openvpn[580]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 27 12:38:37 openvpn[580]: /usr/sbin/ip link set dev tun11 up mtu 1500
Nov 27 12:38:37 openvpn[580]: Linux ip link set failed: could not execute external program
Nov 27 12:38:37 openvpn[580]: Exiting due to fatal error

From console:

Code:

admin@RT-N66U-xxxx:/tmp/mnt/sda1/temp# openvpn antizapret.ovpn
Fri Nov 27 12:44:37 2015 OpenVPN 2.3.8 mipsel-unknown-linux-gnu [SSL (OpenSSL)]                                        [LZO] [EPOLL] [MH] [IPv6] built on Nov 24 2015
Fri Nov 27 12:44:37 2015 library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Fri Nov 27 12:44:37 2015 UDPv4 link local: [undef]
Fri Nov 27 12:44:37 2015 UDPv4 link remote: [AF_INET]107.150.11.192:1194
Fri Nov 27 12:44:39 2015 [AntiZapret-UK] Peer Connection Initiated with [AF_INET                                       ]107.150.11.192:1194
Fri Nov 27 12:47:54 2015 TUN/TAP device tun1 opened
Fri Nov 27 12:47:54 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Nov 27 12:47:54 2015 /usr/sbin/ip link set dev tun1 up mtu 1500
Fri Nov 27 12:47:54 2015 Linux ip link set failed: could not execute external program
Fri Nov 27 12:47:54 2015 Exiting due to fatal error

RMerlin · Nov 27, 2015

Something else in your setup is failing, but I have no idea what it is then, sorry. My guess is it's something that gets pushed by the remote server.

toverna · Nov 27, 2015

RMerlin said:
Something else in your setup is failing, but I have no idea what it is then, sorry. My guess is it's something that gets pushed by the remote server.

Thanks for helping anyway!

I'll try to investigate other side of connection and post update. But it may not be very soon.

Anilexis · Jan 22, 2016

Hello. It seems I've got the same prblem with antizapret.ovpn.
I have ASUS RT-AC68U with Merlin 380.57

Jan 22 22:40:29 openvpn[2986]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 22 22:40:29 openvpn[2986]: Linux ip link set failed: could not execute external program
Jan 22 22:40:29 openvpn[2986]: Exiting due to fatal error

I found some similar problems in the net:
https://forum.porteus.org/viewtopic.php?f=81&t=2785
https://www.privateinternetaccess.com/forum/discussion/345/setting-up-dd-wrt-openvpn-client/p4
https://www.dd-wrt.com/phpBB2/viewtopic.php?t=162947
It must be a problem with a /usr/sbin/ip command

toverna · Jan 22, 2016

Hello Anilexis.
Some time ago I wrote to prostovpn (antizapret) support. In short, they said that problem may occur due to long connection process. Firmware thinks that the connection failed to establish, or freezes, because it usually sets within a minute or even longer, and by the time when OpenVPN tries to assign an address, the firmware removes the tun interface. Long time is due to the large number of routes that the server sends to the client (>9500 addresses).

Under spoiler are full letters (in Russian) in case you want to see original.:

Здравствуйте!
Я предполагаю, что прошивка думает, что соединение не удалось установить, или что оно просто зависло, т.к. обычно оно устанавливается в течение минуты или даже
дольше, и к тому моменту, когда OpenVPN пытается уже назначить адрес, прошивка убирает tun-интерфейс. На сервере совершенно типичная, ничем не примечательная
конфигурация.

Я уже разговаривал с одним из разработчиков asuswrt-merlin, но по поводу простовпн, а не антизапрета. Простовпн тоже не работает, вероятно, из-за IPv6, но у
меня нет возможности тестировать где-либо, и желания мне помочь никто не изъявил.

Соединение долго устанавливается из-за большого количества маршрутов, которые передает сервер клиенту. Заблокированных IP уже больше 9500.
Если вы на своем сервере поднимите антизапрет, соединение может устанавливаться быстрее. Все зависит от версии OpenVPN и от пинга до сервера.

basketball · Feb 12, 2016

Same trouble with Tomato firmware.
I guess it must be some option to simply increase this timeout manually, but I have absolutely no idea in which direction I should dig.
But there is at least one success story (in Russian) from some user that have forced her router to work with prostovpn.org VPN service trough openvpn with Tomato firmware router.

Ache · Mar 31, 2016

The same trouble with 380.58:

Code:

Mar 31 16:23:02 openvpn[652]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 31 16:23:02 openvpn[652]: /usr/sbin/ip link set dev tun11 up mtu 1500
Mar 31 16:23:02 openvpn[652]: Linux ip link set failed: could not execute external program
Mar 31 16:23:02 openvpn[652]: Exiting due to fatal error

tun11 exists in the ifconfig list and exit status of

Code:

/usr/sbin/ip link set dev tun11 up mtu 1500

entered manually is 0, so even speaking Russian I don't understand the whole talk about delays and what command openvpn dislike and why.

octopus · Mar 31, 2016

Anilexis said:
Hello. It seems I've got the same prblem with antizapret.ovpn.
I have ASUS RT-AC68U with Merlin 380.57

Jan 22 22:40:29 openvpn[2986]: /usr/sbin/ip link set dev tun11 up mtu 1500
Jan 22 22:40:29 openvpn[2986]: Linux ip link set failed: could not execute external program
Jan 22 22:40:29 openvpn[2986]: Exiting due to fatal error

I found some similar problems in the net:
https://forum.porteus.org/viewtopic.php?f=81&t=2785
https://www.privateinternetaccess.com/forum/discussion/345/setting-up-dd-wrt-openvpn-client/p4
https://www.dd-wrt.com/phpBB2/viewtopic.php?t=162947
It must be a problem with a /usr/sbin/ip command

seems your config routes whole internet throw you. That is abnormal amount of pushed routes.
try with route-nopull in custom config to get rid of that.
This makes me wondet what -----ell "max-routes 10000 "

############################################## # ProstoVPN.AntiZapret # # http://antizapret.prostovpn.org # ##############################################
nobind client
# Remote server here remote vpn.antizapret.prostovpn.org
# Uncomment this is you are not on Windows
;fast-io
# Windows route method
;route-method exe
remote-cert-tls server
dev tun proto udp
resolv-retry infinite
persist-key persist-tun
explicit-exit-notify
comp-lzo
max-routes 10000
# Keys <ca> -----BEGIN CERTIFICATE----- MIIEKzCCA5SgAwIBAgIJAJuJfmHjR7wuMA0GCSqGSIb3DQEBBQUAMIHAMQswCQYD VQQGEwJSVTELMAkGA1UECBMCUlUxETAPBgNVBAcTCEludGVybmV0MRUwEwYDVQQK EwxQcm9zdG9WUE4ucnUxEzARBgNVBAsTCkFudGlaYXByZXQxIDAeBgNVBAMTF1By b3N0b1ZQTi5BbnRpWmFwcmV0IENBMSAwHgYDVQQpExdQcm9zdG9WUE4uQW50aVph cHJldCBDQTEhMB8GCSqGSIb3DQEJARYSYWRtaW5AcHJvc3RvdnBuLnJ1MB4XDTEz MDMyMjEzNDYzMFoXDTIzMDMyMDEzNDYzMFowgcAxCzAJBgNVBAYTAlJVMQswCQYD VQQIEwJSVTERMA8GA1UEBxMISW50ZXJuZXQxFTATBgNVBAoTDFByb3N0b1ZQTi5y dTETMBEGA1UECxMKQW50aVphcHJldDEgMB4GA1UEAxMXUHJvc3RvVlBOLkFudGla YXByZXQgQ0ExIDAeBgNVBCkTF1Byb3N0b1ZQTi5BbnRpWmFwcmV0IENBMSEwHwYJ KoZIhvcNAQkBFhJhZG1pbkBwcm9zdG92cG4ucnUwgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBALD87/nnrvAvOv3GDSpmYUgdDy34rVjFtlKmigu24qyFKp4dGlfx x+JWurQcxzMZSBUajNgIqwb0ltJgK2fYtnIMZwRFX3aOdm7n6U0ec0rEotWx09ZY 15dGLwy3KYIRlom+CKjc9I8h95peI9CRBeKnIPLk76figBos8qU/jk9bAgMBAAGj ggEpMIIBJTAdBgNVHQ4EFgQUa1zT3sc+JvPmjh9Cq3pVA0m++GwwgfUGA1UdIwSB 7TCB6oAUa1zT3sc+JvPmjh9Cq3pVA0m++GyhgcakgcMwgcAxCzAJBgNVBAYTAlJV MQswCQYDVQQIEwJSVTERMA8GA1UEBxMISW50ZXJuZXQxFTATBgNVBAoTDFByb3N0 b1ZQTi5ydTETMBEGA1UECxMKQW50aVphcHJldDEgMB4GA1UEAxMXUHJvc3RvVlBO LkFudGlaYXByZXQgQ0ExIDAeBgNVBCkTF1Byb3N0b1ZQTi5BbnRpWmFwcmV0IENB MSEwHwYJKoZIhvcNAQkBFhJhZG1pbkBwcm9zdG92cG4ucnWCCQCbiX5h40e8LjAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKMzBQ9qWk+eAFz4WrcIsVqA Mgh9Vu1BTvDLH0vKJkFdL23yH7DHnXPs8UqkLHQtzAswaFAMNrINJAYP10MpQx8K M0orrNKF/Jv+jnuu0yq16UoBFxJCKsdmetoCZz1HuK+5Sop140BRBu1bNOdQ9uNK Ou4wOSFpotTP2gVFxctw -----END CERTIFICATE----- </ca>
<cert> -----BEGIN CERTIFICATE----- MIIEbTCCA9agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBwDELMAkGA1UEBhMCUlUx CzAJBgNVBAgTAlJVMREwDwYDVQQHEwhJbnRlcm5ldDEVMBMGA1UEChMMUHJvc3Rv VlBOLnJ1MRMwEQYDVQQLEwpBbnRpWmFwcmV0MSAwHgYDVQQDExdQcm9zdG9WUE4u QW50aVphcHJldCBDQTEgMB4GA1UEKRMXUHJvc3RvVlBOLkFudGlaYXByZXQgQ0Ex ITAfBgkqhkiG9w0BCQEWEmFkbWluQHByb3N0b3Zwbi5ydTAeFw0xMzAzMjIxMzQ4 NTZaFw0yMzAzMjAxMzQ4NTZaMIG8MQswCQYDVQQGEwJSVTELMAkGA1UECBMCUlUx ETAPBgNVBAcTCEludGVybmV0MRUwEwYDVQQKEwxQcm9zdG9WUE4ucnUxEzARBgNV BAsTCkFudGlaYXByZXQxHjAcBgNVBAMTFWFudGl6YXByZXQtdXNlcmFjY2VzczEe MBwGA1UEKRMVYW50aXphcHJldC11c2VyYWNjZXNzMSEwHwYJKoZIhvcNAQkBFhJh ZG1pbkBwcm9zdG92cG4ucnUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANbF dQnMVSfaJ9iIM1XcUNxFR5cmRsJhowmHZ8c0kWd0xGJKO0G3ciO3FCUO/skASsSx llhrpG7fLj3Aq77lIF5ucWfWcnxaV9wlA74qaSW61Nr+4E1A+/I2DWHCDt6f2htx +vTYm2+1B6mzukuz0h1/lNxIecOpKyXAKAkS9QPPAgMBAAGjggF3MIIBczAJBgNV HRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlm aWNhdGUwHQYDVR0OBBYEFJ5F3hOxXPhlCGi3URm+yengDYglMIH1BgNVHSMEge0w geqAFGtc097HPibz5o4fQqt6VQNJvvhsoYHGpIHDMIHAMQswCQYDVQQGEwJSVTEL MAkGA1UECBMCUlUxETAPBgNVBAcTCEludGVybmV0MRUwEwYDVQQKEwxQcm9zdG9W UE4ucnUxEzARBgNVBAsTCkFudGlaYXByZXQxIDAeBgNVBAMTF1Byb3N0b1ZQTi5B bnRpWmFwcmV0IENBMSAwHgYDVQQpExdQcm9zdG9WUE4uQW50aVphcHJldCBDQTEh MB8GCSqGSIb3DQEJARYSYWRtaW5AcHJvc3RvdnBuLnJ1ggkAm4l+YeNHvC4wEwYD VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBBQUAA4GB AD+iiNqbUSkHSwMm95dwGenUTB5EscZiWgISP9J98+ndplenWNX3Q4XDPtDFNkZN TBiHSJ9K1IvbF3VcUpzrVgGunBUmm4I0tW5J24XxCNsT1EANxvrDfuWcRzFt+BXo rHeYGDd49Y7rMKI8eBRCUGS9cV+N1Noa7VnB1AC9Ekgm -----END CERTIFICATE----- </cert>
<key> -----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANbFdQnMVSfaJ9iI M1XcUNxFR5cmRsJhowmHZ8c0kWd0xGJKO0G3ciO3FCUO/skASsSxllhrpG7fLj3A q77lIF5ucWfWcnxaV9wlA74qaSW61Nr+4E1A+/I2DWHCDt6f2htx+vTYm2+1B6mz ukuz0h1/lNxIecOpKyXAKAkS9QPPAgMBAAECgYEAubhGXRK1EKE1k6kzuyupQNEn 9yzCQ5Tqx3Kv6zMqCayPpe9LDqjzqq7GXMV6zZXTEgP/Xra2mqmj8wKJganhMjGl MHNhZG3mAVoWYMJ54fOppWOoRPkIF7aDpSULHhU180ga/h9fn2msevhn8+Sz65Xj NoTacw6jWEV1alU0pQECQQD028hyAPTBRbe7CY6MAT32PNcLqTECw46IUsBRgbZR n3jl+2WrNThvVR4TiWJtAFuVbT/NduL6+Hcl+NKw+RdLAkEA4Is0mkfKmb8Z3H/G Rfb9rbPM9eZpbW3xM1CxvBQCboSbU/4V7KaL7+zHTaOhFqYHi0MqGqne56DMfA5T 975fDQJAO73cHCSrkvRlrZbZVsN+0LNrbIbtVFVOU2iNT9WsHCIip0o9NhaYHGHS IsYkY5/wuHadWI4nN0CkIXmiPleoHQJBAI9y3ywg6SHHoDHpvzU7UV0DHNGLXZb3 QbxStPk+nz8ToFfMXx1MWOHyFnFXM7ZQY0looyFdnHXFmF04mhQPnpECQEC8TIP7 4/nunJ8Jms6yfKHjIeViP4Ltid5zJpEBtdh5kcBNrRjBPIZ4szEFC+3oq0nt2CRp 7h1jlUC7CgiLE54= -----END PRIVATE KEY----- </key>

Ache · Mar 31, 2016

octopus said:
seems your config routes whole internet throw you. That is abnormal amount of pushed routes.
try with route-nopull in custom config to get rid of that.
This makes me wondet what -----ell "max-routes 10000 "

This is not abnormal, it is nearly equal (with the future gap) to the blocked IPs in Russia, and antizapret whole reason is to ublock them, leaving the rest of the traffic as is, bypassing VPN. In the latest antizapret.ovpn it is even increased: max-routes 30000 And --route-nopull kills the whole reason of this VPN.
I check memory consumption of my router and it is low enough.

basketball · Jun 3, 2017

Now I can confirm that this service works as it should.
The problem was in server timeout, developer confirmed.
The service owner has changed his algorithm, so now only dozens of routes are established, not thousands.
Second, OpenVPN now ignores "max-routes" option.
Please don't forget to set "Accept DNS Configuration" as "Strict" to use antizapret DNS server before your ISP's.

Thread starter	Title	Forum	Replies	Date
V	Two VPN connections from home network at the same time -> problems	Asuswrt-Merlin	6	Mar 1, 2024
	Solved My radio problems with the latest Merlin fw 386.12_4 seem to be over	Asuswrt-Merlin	1	Feb 7, 2024
	Solved bash executable script problems when executed through a cron job	Asuswrt-Merlin	20	Jan 26, 2024
G	Miracast problems solved by router reboot -RT-AC86U 386.12_4	Asuswrt-Merlin	0	Jan 10, 2024
A	Entware iptables no chain/target/match and tcpdump problems	Asuswrt-Merlin	3	Nov 25, 2023
	XT8 wireless backhaul problems, DFS channels, local regulations and "recent" firmwares	Asuswrt-Merlin	2	Aug 22, 2023
B	What settings can be tried without causing problems?	Asuswrt-Merlin	8	Jun 19, 2023
M	OpenVPN / site to site with special security/routing constraints	Asuswrt-Merlin	7	Apr 8, 2024
R	OpenVPN keeps on turning itself off	Asuswrt-Merlin	37	Apr 1, 2024
M	Best router for wireguard or openVPN	Asuswrt-Merlin	1	Feb 27, 2024

Problems with openvpn client. openvpn[]: Linux ifconfig failed: could not execute external program

New Around Here

Very Senior Member

New Around Here

New Around Here

Very Senior Member

New Around Here

Asuswrt-Merlin dev

New Around Here

Asuswrt-Merlin dev

New Around Here

New Around Here

Attachments

New Around Here

New Around Here

Occasional Visitor

Part of the Furniture

Occasional Visitor

New Around Here

Similar threads

Similar threads

Sign Up For SNBForums Daily Digest