Bug #7240
closedOpenVPN Client bug
Added by Zart Zurt almost 8 years ago. Updated almost 8 years ago.
0%
Description
Latest snapshot has led to the following log entry and failure to utilise the OpenVPN gateway:
Feb 9 17:13:24 openvpn 40490 write UDPv4: Permission denied (code=13)
This was a fully working connection for over a year until this snapshot.
Updated by Zart Zurt almost 8 years ago
Time Process PID Message
Feb 9 17:15:10 openvpn 40490 Initialization Sequence Completed
Feb 9 17:15:10 openvpn 40490 Preserving previous TUN/TAP instance: ovpnc2
Feb 9 17:15:10 openvpn 40490 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 9 17:15:10 openvpn 40490 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Feb 9 17:15:10 openvpn 40490 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 9 17:15:10 openvpn 40490 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Feb 9 17:15:10 openvpn 40490 OPTIONS IMPORT: route-related options modified
Feb 9 17:15:10 openvpn 40490 OPTIONS IMPORT: --ifconfig/up options modified
Feb 9 17:15:10 openvpn 40490 OPTIONS IMPORT: compression parms modified
Feb 9 17:15:10 openvpn 40490 OPTIONS IMPORT: timers and/or timeouts modified
Feb 9 17:15:10 openvpn 40490 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Feb 9 17:15:10 openvpn 40490 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Feb 9 17:15:08 openvpn 40490 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Feb 9 17:15:07 openvpn 40490 [server] Peer Connection Initiated with [AF_INET
Feb 9 17:15:07 openvpn 40490 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Feb 9 17:15:06 openvpn 40490 TLS: Initial packet from [AF_INET], sid=3fba9ef6 060a44f3
Feb 9 17:15:05 openvpn 40490 UDPv4 link remote: [AF_INET]
Feb 9 17:15:05 openvpn 40490 UDPv4 link local (bound): [AF_INET]
Feb 9 17:15:05 openvpn 40490 Socket Buffers: R=[42080->262144] S=[57344->262144]
Feb 9 17:15:05 openvpn 40490 TCP/UDP: Preserving recently used remote address:
Feb 9 17:15:00 openvpn 40490 Restart pause, 5 second(s)
Feb 9 17:15:00 openvpn 40490 SIGUSR1[soft,ping-restart] received, process restarting
Feb 9 17:15:00 openvpn 40490 [UNDEF] Inactivity timeout (--ping-restart), restarting
Feb 9 17:14:30 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:14:14 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:14:06 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:14:02 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:14:00 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:14:00 openvpn 40490 UDPv4 link remote: [AF_INET]
Feb 9 17:14:00 openvpn 40490 UDPv4 link local (bound): [AF_INET]
Feb 9 17:14:00 openvpn 40490 Socket Buffers: R=[42080->262144] S=[57344->262144]
Feb 9 17:14:00 openvpn 40490 TCP/UDP: Preserving recently used remote address: [AF_INET]
Feb 9 17:14:00 openvpn 40490 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 9 17:14:00 openvpn 40490 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Feb 9 17:13:55 openvpn 40490 Restart pause, 5 second(s)
Feb 9 17:13:55 openvpn 40490 SIGUSR1[soft,ping-restart] received, process restarting
Feb 9 17:13:55 openvpn 40490 [server] Inactivity timeout (--ping-restart), restarting
Feb 9 17:13:54 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:13:54 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:13:54 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:13:54 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:13:54 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:13:53 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:13:53 openvpn 40490 write UDPv4: Permission denied (code=13)
Feb 9 17:13:53 openvpn 40490 write UDPv4: Permission denied (code=13)
pfSense is © 2004 - 2017 by Rubicon Communications, LLC (Netgate). All Rights Reserved. [view license]
Updated by Jim Pingle almost 8 years ago
- Status changed from New to Not a Bug
I can't reproduce this with clients or servers. "Permission denied" implies that a firewall rule is blocking the traffic outbound, which isn't normally possible. Perhaps a package such as snort or pfblocker was interfering. Post on the forum for discussion and diagnosis.