Client not able to connect - loop forever



  • Hi all,

    I have problems with the client connecting to the openvpn server. On the server side the logs logs are looking like this:
    After a restart it always works for a time…then disconnects again.

    Nov 13 10:23:21 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:22 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:23 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:24 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:24 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:24 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:25 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:27 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:28 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:28 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:28 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:29 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:29 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:30 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:30 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:31 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:33 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:34 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:37 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:37 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:38 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:39 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:39 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:41 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:43 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:43 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:44 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:44 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:45 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:45 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:45 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:46 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:47 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:48 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:49 openvpn 20754 mihai/58.146.138.174:53521 write UDPv4: Permission denied (code=13)
    Nov 13 10:23:50 openvpn 20754 mihai/58.146.138.174:53521 [mihai] Inactivity timeout (–ping-restart), restarting
    Nov 13 14:11:19 openvpn 20754 event_wait : Interrupted system call (code=4)
    Nov 13 14:11:19 openvpn 20754 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 13 14:11:19 openvpn 20754 SIGTERM[hard,] received, process exiting
    Nov 13 14:11:20 openvpn 96434 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016
    Nov 13 14:11:20 openvpn 96434 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 13 14:11:20 openvpn 96455 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Nov 13 14:11:20 openvpn 96455 Initializing OpenSSL support for engine 'rdrand'
    Nov 13 14:11:20 openvpn 96455 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Nov 13 14:11:20 openvpn 96455 TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 13 14:11:20 openvpn 96455 TUN/TAP device /dev/tun1 opened
    Nov 13 14:11:20 openvpn 96455 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Nov 13 14:11:20 openvpn 96455 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Nov 13 14:11:20 openvpn 96455 /usr/local/sbin/ovpn-linkup ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 13 14:11:20 openvpn 96455 UDPv4 link local (bound): [AF_INET]86.127.128.120:1194
    Nov 13 14:11:20 openvpn 96455 UDPv4 link remote: [undef]
    Nov 13 14:11:20 openvpn 96455 Initialization Sequence Completed
    Nov 14 18:59:44 openvpn 96455 event_wait : Interrupted system call (code=4)
    Nov 14 18:59:44 openvpn 96455 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 18:59:44 openvpn 96455 SIGTERM[hard,] received, process exiting
    Nov 14 18:59:44 openvpn 45954 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016
    Nov 14 18:59:44 openvpn 45954 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 14 18:59:44 openvpn 46083 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Nov 14 18:59:44 openvpn 46083 Initializing OpenSSL support for engine 'rdrand'
    Nov 14 18:59:44 openvpn 46083 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Nov 14 18:59:44 openvpn 46083 TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 14 18:59:44 openvpn 46083 TUN/TAP device /dev/tun1 opened
    Nov 14 18:59:44 openvpn 46083 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Nov 14 18:59:44 openvpn 46083 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Nov 14 18:59:44 openvpn 46083 /usr/local/sbin/ovpn-linkup ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 18:59:44 openvpn 46083 UDPv4 link local (bound): [AF_INET]86.127.128.120:1194
    Nov 14 18:59:44 openvpn 46083 UDPv4 link remote: [undef]
    Nov 14 18:59:44 openvpn 46083 Initialization Sequence Completed
    Nov 14 19:01:20 openvpn 46083 event_wait : Interrupted system call (code=4)
    Nov 14 19:01:20 openvpn 46083 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 19:01:20 openvpn 46083 SIGTERM[hard,] received, process exiting
    Nov 14 19:01:20 openvpn 89195 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul 19 2016
    Nov 14 19:01:20 openvpn 89195 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 14 19:01:20 openvpn 89228 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Nov 14 19:01:20 openvpn 89228 Initializing OpenSSL support for engine 'rdrand'
    Nov 14 19:01:20 openvpn 89228 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Nov 14 19:01:20 openvpn 89228 TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 14 19:01:20 openvpn 89228 TUN/TAP device /dev/tun1 opened
    Nov 14 19:01:20 openvpn 89228 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Nov 14 19:01:20 openvpn 89228 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Nov 14 19:01:20 openvpn 89228 /usr/local/sbin/ovpn-linkup ovpns1 1500 1570 10.20.30.1 255.255.255.0 init
    Nov 14 19:01:20 openvpn 89228 UDPv4 link local (bound): [AF_INET]86.127.128.120:1194
    Nov 14 19:01:20 openvpn 89228 UDPv4 link remote: [undef]
    Nov 14 19:01:20 openvpn 89228 Initialization Sequence Completed
    Nov 14 19:09:14 openvpn user 'mihai' authenticated
    Nov 14 19:09:14 openvpn 89228 58.146.138.174:1194 [mihai] Peer Connection Initiated with [AF_INET]58.146.138.174:1194
    Nov 14 19:09:14 openvpn 89228 mihai/58.146.138.174:1194 MULTI_sva: pool returned IPv4=10.20.30.2, IPv6=(Not enabled)
    Nov 14 19:09:16 openvpn 89228 mihai/58.146.138.174:1194 send_push_reply(): safe_cap=940
    Nov 14 19:09:28 openvpn user 'mihai' authenticated
    Nov 14 19:09:46 openvpn 89228 mihai/58.146.138.174:1194 send_push_reply(): safe_cap=940

    any clue?

    Thank you



  • It seems Suricata was the problem
    for some reason it dropped the connection.



  • Im having the same issue. How were you able to conclude it was Suricata?



  • disabled suricata. can't make it work



  • I just recently switched from Snort to Suricata and am having this issue with my first OpenVPN instance.  The second one seems to remain active.



  • @nikkon How do I disable suricata?