openvpn client misbehaving

strangegopher

Hey,

I recently switched to development snapshots and I have noticed that suricata and openvpn together give out spams error messages to openvpn log and then eventually connects to the vpn. Anyone else experience this?

I have 2 clients running over tcp and both produce this issue.

May 28 01:15:58	openvpn	1246	Preserving previous TUN/TAP instance: ovpnc1
May 28 01:15:57	openvpn	1246	[xxx2.xxx.xxxx] Peer Connection Initiated with [AF_INET]185.xxx.xxx.xxx:443
May 28 01:15:56	openvpn	1246	TCPv4_CLIENT link remote: [AF_INET]185.xxx.xxx.xxx:443
May 28 01:15:56	openvpn	1246	TCPv4_CLIENT link local (bound): [AF_INET]69.xxx.xxx.xxx:0
May 28 01:15:56	openvpn	1246	TCP connection established with [AF_INET]185.xxx.xxx.xxx:443
May 28 01:15:55	openvpn	1246	Attempting to establish TCP connection with [AF_INET]185.xxx.xxx.xxx:443 [nonblock]
May 28 01:15:55	openvpn	1246	TCP/UDP: Preserving recently used remote address: [AF_INET]185.xxx.xxx.xxx:443
May 28 01:15:55	openvpn	1246	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 28 01:15:45	openvpn	1246	SIGUSR1[soft,ping-restart] received, process restarting
May 28 01:15:45	openvpn	1246	[xxx2.xxx.xxx] Inactivity timeout (--ping-restart), restarting
May 28 01:15:43	openvpn	1246	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:14:43	openvpn	1246	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:58	openvpn	49709	Initialization Sequence Completed
May 28 01:13:58	openvpn	49709	Preserving previous TUN/TAP instance: ovpnc2
May 28 01:13:57	openvpn	49709	[xxx1.xxx.xxx] Peer Connection Initiated with [AF_INET]45.xxx.xxx.xxx:443
May 28 01:13:56	openvpn	49709	TCPv4_CLIENT link remote: [AF_INET]45.xxx.xxx.xxx:443
May 28 01:13:56	openvpn	49709	TCPv4_CLIENT link local (bound): [AF_INET]69.xxx.xxx.xxx:0
May 28 01:13:56	openvpn	49709	TCP connection established with [AF_INET]45.xxx.xxx.xxx:443
May 28 01:13:55	openvpn	49709	Attempting to establish TCP connection with [AF_INET]45.xxx.xxx.xxx:443 [nonblock]
May 28 01:13:55	openvpn	49709	TCP/UDP: Preserving recently used remote address: [AF_INET]45.xxx.xxx.xxx:443
May 28 01:13:55	openvpn	49709	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 28 01:13:45	openvpn	49709	SIGUSR1[soft,ping-restart] received, process restarting
May 28 01:13:45	openvpn	49709	[xxx1.xxx.xxxx] Inactivity timeout (--ping-restart), restarting
May 28 01:13:43	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:43	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:43	openvpn	1246	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:42	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:42	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:42	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:42	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:35	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:25	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:23	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:23	openvpn	1246	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:13	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:13	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:12	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:10	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:09	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:09	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:09	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:08	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:08	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:07	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:07	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:06	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:06	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:06	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)
May 28 01:13:06	openvpn	49709	write TCPv4_CLIENT: Permission denied (code=13)

Derelict

Is the client address being blocked for some reason by suricata? A permission denied error like that is generally caused by a block in the outbound direction of firewall-sourced packets.

strangegopher

@derelict not that I know of, unless you want me to delete rule that isolates vlans

Here are my rules:

Derelict

The only time I have seen a VPN just stop with permission denied was when the endpoint was blocked by IPS after the tunnel was established.

That wouldn't be a LAN rule, but a floating WAN rule in the outbound direction. I say WAN assuming that is the interface traffic to the OpenVPN server will be using.

Are there any firewall logs for that endpoint?

strangegopher

@derelict these are my floating rules, there are no alerts in suricata that I can see. Maybe its that ipv6 rule?

edit: nope its not the floating rule, everytime I restart suricata, I get those errors.

Derelict

More interested in firewall logs showing blocked traffic to that remote endpoint destination - they will identify the rule that did the blocking.

I can't see it being an IPv6 rule since it's an IPv4 OpenVPN connection.

strangegopher

@Derelict The firewall blocks line up with the time I had the permission errors.

Here is output of /cat/var/log/filter.log | grep '185.xxx.xxx.xxx|45.xxx.xxx.xxx'

May 28 10:05:22 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:22 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:22 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:23 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:23 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:25 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:27 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:30 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:30 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:30 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:31 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:31 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:35 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:39 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:05:40 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:48 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,206,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,166,PA,4290511445:4290511611,3832392387,4102,,
May 28 10:05:50 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,372,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,332,PA,4290511445:4290511777,3832392387,4102,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:06:04 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,372,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,332,PA,4290511445:4290511777,3832392387,4102,,
May 28 10:06:23 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52725,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:23 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52726,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:24 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52727,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:24 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52728,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:25 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52729,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:26 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:06:27 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52730,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:30 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52731,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:36 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,372,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,332,PA,4290511445:4290511777,3832392387,4102,,
May 28 10:06:37 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52732,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:50 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,490,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,450,PA,4290511445:4290511895,3832392387,4102,,
May 28 10:06:51 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52733,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:06:57 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:07:08 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,490,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,450,PA,4290511445:4290511895,3832392387,4102,,
May 28 10:07:18 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52734,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:07:28 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,FA,935304924,1942521764,4096,,
May 28 10:07:42 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,490,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,450,PA,4290511445:4290511895,3832392387,4102,,
May 28 10:07:51 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,608,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,568,PA,4290511445:4290512013,3832392387,4102,,
May 28 10:08:01 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,40,69.xxx.xxx.xxx,185.xxx.xxx.xxx,42804,443,0,RA,935304925,1942521764,4096,,
May 28 10:08:14 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,608,69.xxx.xxx.xxx,185.xxx.xxx.xxx,15817,443,568,RPA,4290511445:4290512013,3832392387,4102,,
May 28 10:08:14 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52735,0,DF,6,tcp,158,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,118,PA,3832392387:3832392505,4290511445,9229,,
May 28 10:08:25 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x28,,55,52736,0,DF,6,tcp,276,185.xxx.xxx.xxx,69.xxx.xxx.xxx,443,15817,236,FPA,3832392505:3832392741,4290511445,9229,,
May 28 10:05:22 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,276,69.xxx.xxx.xxx,45.xxx.xxx.xxx,64109,443,236,FPA,601582272:601582508,2616361110,4104,,
May 28 10:05:22 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,275,69.xxx.xxx.xxx,45.xxx.xxx.xxx,64109,443,235,FPA,601582273:601582508,2616361110,4104,,
May 28 10:05:25 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,512,69.xxx.xxx.xxx,45.xxx.xxx.xxx,64109,443,472,FPA,601582036:601582508,2616361110,4104,,
May 28 10:05:27 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,222,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,182,PA,2523096778:2523096960,1343684912,4104,,
May 28 10:05:28 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,222,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,182,PA,2523096778:2523096960,1343684912,4104,,
May 28 10:05:28 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,222,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,182,PA,2523096778:2523096960,1343684912,4104,,
May 28 10:05:29 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,222,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,182,PA,2523096778:2523096960,1343684912,4104,,
May 28 10:05:30 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,222,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,182,PA,2523096778:2523096960,1343684912,4104,,
May 28 10:05:31 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,356,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,316,PA,2523096778:2523097094,1343684912,4104,,
May 28 10:05:31 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,538,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,498,PA,2523096778:2523097276,1343684912,4104,,
May 28 10:05:31 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,896,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,856,PA,2523096778:2523097634,1343684912,4104,,
May 28 10:05:31 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1238,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1198,PA,2523096778:2523097976,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:32 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:33 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:34 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:34 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:35 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8327,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:35 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8328,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:35 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8329,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:35 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:35 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:36 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8330,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:36 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:36 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:36 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:37 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8331,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:39 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8332,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:41 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,512,69.xxx.xxx.xxx,45.xxx.xxx.xxx,64109,443,472,FPA,601582036:601582508,2616361110,4104,,
May 28 10:05:41 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:44 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8333,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:46 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:49 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:49 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:49 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:49 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:50 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:50 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:52 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:52 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:53 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8334,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:55 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,512,69.xxx.xxx.xxx,45.xxx.xxx.xxx,64109,443,472,FPA,601582036:601582508,2616361110,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:57 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:57 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:57 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:58 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:58 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:58 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:59 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:05:59 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:00 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:00 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:10 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:12 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,511,69.xxx.xxx.xxx,45.xxx.xxx.xxx,64109,443,471,RPA,601582037:601582508,2616361110,4104,,
May 28 10:06:12 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8335,0,DF,6,tcp,155,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,115,PA,1343684912:1343685027,2523096778,830,,
May 28 10:06:13 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:20 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:24 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:24 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:06:36 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8336,0,DF,6,tcp,730,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,690,FPA,1343685027:1343685717,2523096778,830,,
May 28 10:06:49 pfsense filterlog: 5,,,1000000103,igb3,match,block,in,4,0x0,,49,8337,0,DF,6,tcp,845,45.xxx.xxx.xxx,69.xxx.xxx.xxx,443,5943,805,FPA,1343684912:1343685717,2523096778,830,,
May 28 10:06:56 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:07:39 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:08:21 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,A,2523096778:2523098198,1343684912,4104,,
May 28 10:09:03 pfsense filterlog: 6,,,1000000104,igb3,match,block,out,4,0x0,,64,0,0,DF,6,tcp,1460,69.xxx.xxx.xxx,45.xxx.xxx.xxx,5943,443,1420,RA,2523096778:2523098198,1343684912,4104,,```

Derelict

Hmm. That's the default block rule. Something must be killing the state.

strangegopher

@Derelict you think it might be "Skip rules when gateway is down" option under System/Advanced/Miscellaneous?

Derelict

It would more likely be state killing on gateway failure. Are you having intermittent connectivity problems on that WAN?

Why did you mention suricata in the first place?

strangegopher

@Derelict I unchecked both "state killing on gateway failure" and “Skip rules when gateway is down” and created no_wan_egress tag for kill switch and I hope that will fix the issue. I mention suricata is because I saw other post here long time ago about it and I noticed it happen when I restarted suricata. Edit: It still happens without suricata enabled, so weird.

strangegopher

PF is still blocking openvpn but I have no idea what to do about this.

strangegopher

I created a bug report https://redmine.pfsense.org/issues/8541

Derelict

Not convinced it's a bug. Probably a misconfiguration somewhere. Just because it's a mystery right now does not mean it's a bug. Steps to reproduce from a plain install would be the first step.

strangegopher

@Derelict Should "Reset all states if WAN IP Address changes" be enabled?

Derelict

@strangegopher If that's what you want to have happen.

strangegopher

@Derelict Did a bit of reading about Asymmetric Routing https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules

I wonder if that is what is causing this.

Derelict

Could be. Do you have an asymmetric routing situation? Draw out the pieces involved and it's usually obvious. That can certainly be a cause of out-of-state blocks like you are seeing.

strangegopher

Finally figured out a workaround that limits the write TCPv4_CLIENT: Permission denied (code=13) message to 10 seconds max. I added keepalive 3 10; to custom options and I get this message for 10 seconds before ping-restart and then it connects. I have turned every setting I can think of on and off other than ramdisk and but for now I will live with this quirk.

strangegopher

fixed the error by changing to hostname instead of ip address, I compared the system logs and openvpn logs and noticed openvpn tried to connect before wan interface was up so I changed it to hostname, now it starts before wan is up but won't connect until it can resolve the hostname.

extra options:

remote-cert-tls server;
auth-nocache;
auth-retry nointeract;
tun-mtu 1500;
tun-mtu-extra 32;
mssfix 1400;
mlock;
pull-filter ignore "redirect-gateway";
pull-filter ignore "dhcp-option";