Error after update to 2.5.1
-
After update to 2.5.1 in log:
Apr 26 09:40:20 openvpn 62955 [remote-vpn-srv1] Inactivity timeout (--ping-restart), restarting
Apr 26 09:40:19 openvpn 62955 write TCPv4_CLIENT: Permission denied (code=13)
...
Apr 26 09:40:13 openvpn 62955 write TCPv4_CLIENT: Permission denied (code=13)
Apr 26 09:37:30 openvpn 62955 Initialization Sequence Completed
Apr 26 09:37:30 openvpn 62955 Preserving previous TUN/TAP instance: ovpnc16This error persist for any tcp openvpn connection only with another pfSense router. Versions of remote pfSense - 2.5 and 2.4.5. TCP connection with OpenWRT openwpn work fine.
If I change proto from TCP v4 to UDP v4 - all work, but I need exactly tcp protocol.
Before upgrading to 2.5.1 everything worked. -
Compare your issue with an "OpenVPN https://forum.netgate.com/topic/131336/openvpn-client-misbehaving" in the past :
https://forum.netgate.com/topic/131336/openvpn-client-misbehaving -
I have exactly same issues. All went to hell after upgrade from 2.5.0 to 2.5.1. Any ideas ? I see similar messages even in nginx logs for web configurator. So should be some SSL issue..
-
If I disable SSL from webconfigurator, it works flowlessly. However it is not an option for OpenVPN. SO it has something to do with OpenSSL. It happens(for both OpenVPN and Webconfigurator) only on one of the WANs. Any hints ?
-
@peterzy said in Error after update to 2.5.1:
only on one of the WANs
Because the suject from @igsbox has an hidden subject : Multiple WANs ?
-
@gertjan
Yes, I have multiple wans in my setup.I read old post and it's similar, but in my case I have and server and client on my and remote sides. And both cause error on both sides with tcp-proto connection.
-
@igsbox You've seen the other forum messages that mention issues with pfSense CE when are is more then one WAN ?
-
Guys, can you point me also the correct answers. I confirm second router with the same problem(different hardware, multiwan again). The only workaround I have found so far(in case someone needs it)
System >> Advanced >> Firewall & NATBypass firewall rules for traffic on the same interfaceThis is workaround but definitely a bug in 2.5.1
-
@peterzy It seems that the pre release "2.6.0"corrects the Mult iWAN bug.
See the forum post related to that issue.