-
Ok so that's probably a symptom not a cause then.
Permission denied like that pretty much MUST be a local firewall rule blocking it.
If you have no dynamic packages adding rules and no custom block rules I have to go back the Interface Binding state change in 24.03.
But you didn't see any blocked traffic in the firewall logs?
-
10.59.74.X, -> VPN Interface
I don't have any custom block rules; only the default deny rules. I have changed back the Firewall State Policy to Interface Bound States.
-
On 23.09.1 too, the WAN IPs are flapping the same way.
-
Hmm, still the openvpn clients changing address every minute? That sounds like it would be unusable if so.
-
I deleted the TCP clients as I couldn't get rid of the errors. Looks okay now w/o the TCP clients.
-
Posting here because I found this thread when troubleshooting the same error message, so maybe this helps someone else:
In my case it was due to an asymmetric routing situation that had developed because of static routes defined within the OpenVPN "remote network" settings. I have a multiple WAN situation with failover gateway and failover VPNs defined through policy routing groups. The behavior I experienced was very similar to what you describe, which in my case was caused by return packets flowing across a different interface than the origin packets. The firewall couldn't see the return packets, and closed the state. I couldn't figure out why traffic was coming in on one interface but going out on another, despite setting up policy routing in the firewall. In my case the "aha" moment came from reading https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html -- I removed the non-obvious static route in the OpenVPN settings and instantly resolved multiple issues.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.