Write TCPv4_CLIENT: Operation not permitted (code=1)

lewi3069

I keep getting write TCPv4_CLIENT: Operation not permitted (code=1) on my router which is a client. I have about 12 other PCs connecting to the VPN server with no issues. I have tried adding keep alive. The vpn works great though the router otherwise.

Client Config:

Client Log:

Jul 10 13:19:13	openvpn[67859]: Initialization Sequence Completed
Jul 10 13:19:13	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
Jul 10 13:19:11	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 13:19:09	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
Jul 10 13:19:09	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
Jul 10 13:19:09	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 13:19:08	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
Jul 10 13:19:08	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 13:19:08	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jul 10 13:19:03	openvpn[67859]: SIGUSR1[soft,ping-restart] received, process restarting
Jul 10 13:19:03	openvpn[67859]: [VPSServer] Inactivity timeout (--ping-restart), restarting
Jul 10 13:18:55	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:18:45	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:18:35	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:18:25	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:18:14	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:18:04	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:17:54	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:17:44	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:17:34	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:17:23	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:17:13	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:06:48	openvpn[67859]: Initialization Sequence Completed
Jul 10 13:06:48	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
Jul 10 13:06:46	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 13:06:44	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
Jul 10 13:06:44	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
Jul 10 13:06:44	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 13:06:43	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
Jul 10 13:06:43	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 13:06:43	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jul 10 13:06:38	openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting
Jul 10 13:06:38	openvpn[67859]: Connection reset, restarting [0]
Jul 10 13:06:38	openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:06:30	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:06:20	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:06:10	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:06:00	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:05:50	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:05:39	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:05:29	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 13:05:19	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:56:47	openvpn[67859]: Initialization Sequence Completed
Jul 10 12:56:47	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
Jul 10 12:56:44	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:56:43	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:56:43	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
Jul 10 12:56:43	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:56:42	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
Jul 10 12:56:42	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 12:56:42	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jul 10 12:56:37	openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting
Jul 10 12:56:37	openvpn[67859]: Connection reset, restarting [0]
Jul 10 12:56:37	openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:56:29	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:56:18	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:56:08	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:55:58	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:55:48	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:55:38	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:55:27	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:55:17	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:50:20	openvpn[67859]: Initialization Sequence Completed
Jul 10 12:50:20	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
Jul 10 12:50:18	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:50:16	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:50:16	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
Jul 10 12:50:16	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:50:15	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
Jul 10 12:50:15	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 12:50:15	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jul 10 12:50:10	openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting
Jul 10 12:50:10	openvpn[67859]: Connection reset, restarting [0]
Jul 10 12:50:10	openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:50:01	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:49:51	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:49:41	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:49:31	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:49:21	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:49:11	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:49:01	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:48:51	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
Jul 10 12:33:15	openvpn[67859]: Initialization Sequence Completed
Jul 10 12:33:15	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
Jul 10 12:33:13	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:33:11	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:33:11	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
Jul 10 12:33:11	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
Jul 10 12:33:10	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
Jul 10 12:33:10	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 10 12:33:10	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Server Config:

port 443
proto tcp
dev tun
ca ca.crt
cert VPSServer.crt
key VPSServer.key  # This file should be kept secret
dh dh1024.pem
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipptcp.txt
route 10.0.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
tls-auth ta.key 0 # This file is secret
cipher AES-128-CBC   # AES
client-config-dir clients
client-to-client
user nobody
group nogroup
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3

jimp

It looks like it's OK for a while and then gets that. My guess is something is disturbing the tunnel (WAN IP changing or being refreshed by DHCP, etc) but it seems to recover on its own when it happens.

Brad303

For others with this issue, be sure to add a pass rule on the OpenVPN interface.

cmb

@BradWaite:

For others with this issue, be sure to add a pass rule on the OpenVPN interface.

The firewall rules for traffic inside the VPN has no relation to the outside of the VPN, that would have been a coincidence or otherwise unrelated.