Write TCPv4_CLIENT: Operation not permitted (code=1)



  • I keep getting write TCPv4_CLIENT: Operation not permitted (code=1) on my router which is a client. I have about 12 other PCs connecting to the VPN server with no issues. I have tried adding keep alive. The vpn works great though the router otherwise.

    Client Config:

    Client Log:

    Jul 10 13:19:13	openvpn[67859]: Initialization Sequence Completed
    Jul 10 13:19:13	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
    Jul 10 13:19:11	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 13:19:09	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 13:19:09	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
    Jul 10 13:19:09	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 13:19:08	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
    Jul 10 13:19:08	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul 10 13:19:08	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jul 10 13:19:03	openvpn[67859]: SIGUSR1[soft,ping-restart] received, process restarting
    Jul 10 13:19:03	openvpn[67859]: [VPSServer] Inactivity timeout (--ping-restart), restarting
    Jul 10 13:18:55	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:18:45	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:18:35	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:18:25	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:18:14	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:18:04	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:17:54	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:17:44	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:17:34	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:17:23	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:17:13	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:06:48	openvpn[67859]: Initialization Sequence Completed
    Jul 10 13:06:48	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
    Jul 10 13:06:46	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 13:06:44	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 13:06:44	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
    Jul 10 13:06:44	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 13:06:43	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
    Jul 10 13:06:43	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul 10 13:06:43	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jul 10 13:06:38	openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting
    Jul 10 13:06:38	openvpn[67859]: Connection reset, restarting [0]
    Jul 10 13:06:38	openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:06:30	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:06:20	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:06:10	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:06:00	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:05:50	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:05:39	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:05:29	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 13:05:19	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:56:47	openvpn[67859]: Initialization Sequence Completed
    Jul 10 12:56:47	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
    Jul 10 12:56:44	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:56:43	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:56:43	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
    Jul 10 12:56:43	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:56:42	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
    Jul 10 12:56:42	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul 10 12:56:42	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jul 10 12:56:37	openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting
    Jul 10 12:56:37	openvpn[67859]: Connection reset, restarting [0]
    Jul 10 12:56:37	openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:56:29	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:56:18	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:56:08	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:55:58	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:55:48	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:55:38	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:55:27	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:55:17	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:50:20	openvpn[67859]: Initialization Sequence Completed
    Jul 10 12:50:20	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
    Jul 10 12:50:18	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:50:16	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:50:16	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
    Jul 10 12:50:16	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:50:15	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
    Jul 10 12:50:15	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul 10 12:50:15	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jul 10 12:50:10	openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting
    Jul 10 12:50:10	openvpn[67859]: Connection reset, restarting [0]
    Jul 10 12:50:10	openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:50:01	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:49:51	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:49:41	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:49:31	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:49:21	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:49:11	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:49:01	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:48:51	openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1)
    Jul 10 12:33:15	openvpn[67859]: Initialization Sequence Completed
    Jul 10 12:33:15	openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1
    Jul 10 12:33:13	openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:33:11	openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:33:11	openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252
    Jul 10 12:33:11	openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443
    Jul 10 12:33:10	openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock]
    Jul 10 12:33:10	openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jul 10 12:33:10	openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    

    Server Config:

    port 443
    proto tcp
    dev tun
    ca ca.crt
    cert VPSServer.crt
    key VPSServer.key  # This file should be kept secret
    dh dh1024.pem
    server 10.10.10.0 255.255.255.0
    ifconfig-pool-persist ipptcp.txt
    route 10.0.0.0 255.255.255.0
    push "route 10.0.0.0 255.255.255.0"
    tls-auth ta.key 0 # This file is secret
    cipher AES-128-CBC   # AES
    client-config-dir clients
    client-to-client
    user nobody
    group nogroup
    keepalive 10 120
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
    
    

  • Rebel Alliance Developer Netgate

    It looks like it's OK for a while and then gets that. My guess is something is disturbing the tunnel (WAN IP changing or being refreshed by DHCP, etc) but it seems to recover on its own when it happens.



  • For others with this issue, be sure to add a pass rule on the OpenVPN interface.



  • @BradWaite:

    For others with this issue, be sure to add a pass rule on the OpenVPN interface.

    The firewall rules for traffic inside the VPN has no relation to the outside of the VPN, that would have been a coincidence or otherwise unrelated.


Log in to reply