Write TCPv4_CLIENT: Operation not permitted (code=1)
-
I keep getting write TCPv4_CLIENT: Operation not permitted (code=1) on my router which is a client. I have about 12 other PCs connecting to the VPN server with no issues. I have tried adding keep alive. The vpn works great though the router otherwise.
Client Config:
Client Log:
Jul 10 13:19:13 openvpn[67859]: Initialization Sequence Completed Jul 10 13:19:13 openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1 Jul 10 13:19:11 openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 13:19:09 openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443 Jul 10 13:19:09 openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252 Jul 10 13:19:09 openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 13:19:08 openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock] Jul 10 13:19:08 openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 10 13:19:08 openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jul 10 13:19:03 openvpn[67859]: SIGUSR1[soft,ping-restart] received, process restarting Jul 10 13:19:03 openvpn[67859]: [VPSServer] Inactivity timeout (--ping-restart), restarting Jul 10 13:18:55 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:18:45 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:18:35 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:18:25 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:18:14 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:18:04 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:17:54 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:17:44 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:17:34 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:17:23 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:17:13 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:06:48 openvpn[67859]: Initialization Sequence Completed Jul 10 13:06:48 openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1 Jul 10 13:06:46 openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 13:06:44 openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443 Jul 10 13:06:44 openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252 Jul 10 13:06:44 openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 13:06:43 openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock] Jul 10 13:06:43 openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 10 13:06:43 openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jul 10 13:06:38 openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting Jul 10 13:06:38 openvpn[67859]: Connection reset, restarting [0] Jul 10 13:06:38 openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:06:30 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:06:20 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:06:10 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:06:00 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:05:50 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:05:39 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:05:29 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 13:05:19 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:56:47 openvpn[67859]: Initialization Sequence Completed Jul 10 12:56:47 openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1 Jul 10 12:56:44 openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:56:43 openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:56:43 openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252 Jul 10 12:56:43 openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:56:42 openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock] Jul 10 12:56:42 openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 10 12:56:42 openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jul 10 12:56:37 openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting Jul 10 12:56:37 openvpn[67859]: Connection reset, restarting [0] Jul 10 12:56:37 openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:56:29 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:56:18 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:56:08 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:55:58 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:55:48 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:55:38 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:55:27 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:55:17 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:50:20 openvpn[67859]: Initialization Sequence Completed Jul 10 12:50:20 openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1 Jul 10 12:50:18 openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:50:16 openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:50:16 openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252 Jul 10 12:50:16 openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:50:15 openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock] Jul 10 12:50:15 openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 10 12:50:15 openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Jul 10 12:50:10 openvpn[67859]: SIGUSR1[soft,connection-reset] received, process restarting Jul 10 12:50:10 openvpn[67859]: Connection reset, restarting [0] Jul 10 12:50:10 openvpn[67859]: read TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:50:01 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:49:51 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:49:41 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:49:31 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:49:21 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:49:11 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:49:01 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:48:51 openvpn[67859]: write TCPv4_CLIENT: Operation not permitted (code=1) Jul 10 12:33:15 openvpn[67859]: Initialization Sequence Completed Jul 10 12:33:15 openvpn[67859]: Preserving previous TUN/TAP instance: ovpnc1 Jul 10 12:33:13 openvpn[67859]: [VPSServer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:33:11 openvpn[67859]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:33:11 openvpn[67859]: TCPv4_CLIENT link local (bound): [AF_INET]xxx.xxx.xxx.252 Jul 10 12:33:11 openvpn[67859]: TCP connection established with [AF_INET]xxx.xxx.xxx.127:443 Jul 10 12:33:10 openvpn[67859]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.127:443 [nonblock] Jul 10 12:33:10 openvpn[67859]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Jul 10 12:33:10 openvpn[67859]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Server Config:
port 443 proto tcp dev tun ca ca.crt cert VPSServer.crt key VPSServer.key # This file should be kept secret dh dh1024.pem server 10.10.10.0 255.255.255.0 ifconfig-pool-persist ipptcp.txt route 10.0.0.0 255.255.255.0 push "route 10.0.0.0 255.255.255.0" tls-auth ta.key 0 # This file is secret cipher AES-128-CBC # AES client-config-dir clients client-to-client user nobody group nogroup keepalive 10 120 persist-key persist-tun status openvpn-status.log verb 3
-
It looks like it's OK for a while and then gets that. My guess is something is disturbing the tunnel (WAN IP changing or being refreshed by DHCP, etc) but it seems to recover on its own when it happens.
-
For others with this issue, be sure to add a pass rule on the OpenVPN interface.
-
@BradWaite:
For others with this issue, be sure to add a pass rule on the OpenVPN interface.
The firewall rules for traffic inside the VPN has no relation to the outside of the VPN, that would have been a coincidence or otherwise unrelated.