4. Client not able to connect - loop forever

Client not able to connect - loop forever

  • N

    Hi all,

    I have problems with the client connecting to the openvpn server. On the server side the logs logs are looking like this:
    After a restart it always works for a time…then disconnects again.

    Nov 13 10:23:21 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:23 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:24 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:24 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:24 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:25 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:28 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:28 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:28 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:29 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:29 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:30 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:30 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:31 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:33 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:34 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:37 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:37 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:38 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:39 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:39 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:43 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:43 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:44 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:44 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:45 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:45 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:45 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:46 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:47 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:48 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:49 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:50 openvpn 20754 mihai/58.146.138.174:53521 [mihai] Inactivity timeout (–ping-restart), restarting
    Nov 13 14:11:19 openvpn 20754 event_wait : Interrupted system call (code=4)
    Nov 13 14:11:19 openvpn 20754 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 13 14:11:19 openvpn 20754 SIGTERM[hard,] received, process exiting
    Nov 13 14:11:20 openvpn 96434 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016
    Nov 13 14:11:20 openvpn 96434 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 13 14:11:20 openvpn 96455 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Nov 13 14:11:20 openvpn 96455 Initializing OpenSSL support for engine 'rdrand'
    Nov 13 14:11:20 openvpn 96455 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Nov 13 14:11:20 openvpn 96455 TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 13 14:11:20 openvpn 96455 TUN/TAP device /dev/tun1 opened
    Nov 13 14:11:20 openvpn 96455 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Nov 13 14:11:20 openvpn 96455 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Nov 13 14:11:20 openvpn 96455 /usr/local/sbin/ovpn-linkup ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 13 14:11:20 openvpn 96455 UDPv4 link local (bound): [AF_INET]86.127.128.120:1194
    Nov 13 14:11:20 openvpn 96455 UDPv4 link remote: [undef]
    Nov 13 14:11:20 openvpn 96455 Initialization Sequence Completed
    Nov 14 18:59:44 openvpn 96455 event_wait : Interrupted system call (code=4)
    Nov 14 18:59:44 openvpn 96455 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 18:59:44 openvpn 96455 SIGTERM[hard,] received, process exiting
    Nov 14 18:59:44 openvpn 45954 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016
    Nov 14 18:59:44 openvpn 45954 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 14 18:59:44 openvpn 46083 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Nov 14 18:59:44 openvpn 46083 Initializing OpenSSL support for engine 'rdrand'
    Nov 14 18:59:44 openvpn 46083 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Nov 14 18:59:44 openvpn 46083 TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 14 18:59:44 openvpn 46083 TUN/TAP device /dev/tun1 opened
    Nov 14 18:59:44 openvpn 46083 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Nov 14 18:59:44 openvpn 46083 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Nov 14 18:59:44 openvpn 46083 /usr/local/sbin/ovpn-linkup ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 18:59:44 openvpn 46083 UDPv4 link local (bound): [AF_INET]86.127.128.120:1194
    Nov 14 18:59:44 openvpn 46083 UDPv4 link remote: [undef]
    Nov 14 18:59:44 openvpn 46083 Initialization Sequence Completed
    Nov 14 19:01:20 openvpn 46083 event_wait : Interrupted system call (code=4)
    Nov 14 19:01:20 openvpn 46083 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 19:01:20 openvpn 46083 SIGTERM[hard,] received, process exiting
    Nov 14 19:01:20 openvpn 89195 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016
    Nov 14 19:01:20 openvpn 89195 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 14 19:01:20 openvpn 89228 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Nov 14 19:01:20 openvpn 89228 Initializing OpenSSL support for engine 'rdrand'
    Nov 14 19:01:20 openvpn 89228 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Nov 14 19:01:20 openvpn 89228 TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 14 19:01:20 openvpn 89228 TUN/TAP device /dev/tun1 opened
    Nov 14 19:01:20 openvpn 89228 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Nov 14 19:01:20 openvpn 89228 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Nov 14 19:01:20 openvpn 89228 /usr/local/sbin/ovpn-linkup ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 19:01:20 openvpn 89228 UDPv4 link local (bound): [AF_INET]86.127.128.120:1194
    Nov 14 19:01:20 openvpn 89228 UDPv4 link remote: [undef]
    Nov 14 19:01:20 openvpn 89228 Initialization Sequence Completed
    Nov 14 19:09:14 openvpn user 'mihai' authenticated
    Nov 14 19:09:14 openvpn 89228 58.146.138.174:1194 [mihai] Peer Connection Initiated with [AF_INET]58.146.138.174:1194
    Nov 14 19:09:14 openvpn 89228 mihai/58.146.138.174:1194 MULTI_sva: pool returned IPv4=10.20.30.2, IPv6=(Not enabled)
    Nov 14 19:09:16 openvpn 89228 mihai/58.146.138.174:1194 send_push_reply(): safe_cap=940
    Nov 14 19:09:28 openvpn user 'mihai' authenticated
    Nov 14 19:09:46 openvpn 89228 mihai/58.146.138.174:1194 send_push_reply(): safe_cap=940

    any clue?

    Thank you

    0
  • N

    It seems Suricata was the problem
    for some reason it dropped the connection.

    0
  • T

    Im having the same issue. How were you able to conclude it was Suricata?

    0
  • N

    disabled suricata. can't make it work

    0
    R
     1 Reply
  • S

    I just recently switched from Snort to Suricata and am having this issue with my first OpenVPN instance.  The second one seems to remain active.

    0
  • R

    @nikkon How do I disable suricata?

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy