(connections.c.1692) SSL (error): 5 -1 1 Operation not permitted



  • Im getting this error message in the openvpn logs:
    lighttpd[99704]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted.

    What is this, and how do I fix it?



  • I am having this issue as well any insight would be much appreciated

    Feb 20 13:07:48 lighttpd[65607]: (network_openssl.c.118) SSL: 5 -1 1 Operation not permitted
    Feb 20 13:07:48 lighttpd[65607]: (connections.c.619) connection closed: write failed on fd 16
    Feb 20 13:07:48 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:10:15 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:10:20 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:12:20 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:12:21 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:14:19 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:17:26 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:17:27 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:20:00 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:21:55 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    Feb 20 13:22:03 lighttpd[65607]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted


  • Banned

    Useless noise. Disable the lighttpd logging.



  • Well my connection to it from other devices on my lan keeps dropping ans has to reconnect every 2 minutes it looks to be taking place

    EDIT:

    okay here is my log
    attachment

    log.txt


  • Banned

    @acegreen:

    Well my connection to it from other devices on my lan keeps dropping ans has to reconnect every 2 minutes it looks to be taking place

    What's IT?



  • I am also seeing this error message (along with a number of other equally confusing messages).  My scenario sounds similar…

    I have two pfSense boxes both running 2.2.2-RELEASE and are configured for HA via CARP (we will call them fw1 and fw2).  A few weeks ago, fw1 (primary) started exhibiting weird issues that match acegreen's issue.

    Setup:

    
    fw1-lagg0 -> LACP Trunk (passive) -> Cisco 2960X FlexStack (LACP Active) (External VLAN)
    fw1-lagg1 -> LACP Trunk (passive) -> Cisco 2960X FlexStack (LACP Active) (Internal VLANs)
    fw1-en0 -> fw2-en0 (Pfsync)
    
    fw2-lagg0 -> LACP Trunk (passive) -> Cisco 2960X FlexStack (LACP Active) (External VLAN)
    fw2-lagg1 -> LACP Trunk (passive) -> Cisco 2960X FlexStack (LACP Active) (Internal VLANs)
    fw1-en0 -> fw2-en0 (Pfsync)
    
    

    I have checked the Cisco's and verified that the Port-Channel interface is not showing that the interfaces are flapping

    Upstream (fw1-lagg0)

    
    sw-master#show etherchannel 1 port-channel
                    Port-channels in the group:
                    ---------------------------
    
    Port-channel: Po1    (Primary Aggregator)
    
    ------------
    
    Age of the Port-channel   = 18d:02h:51m:24s
    Logical slot/port   = 9/1          Number of ports = 2
    HotStandBy port = null
    Port state          = Port-channel Ag-Inuse
    Protocol            =   LACP
    Port security       = Disabled
    
    Ports in the Port-channel:
    
    Index   Load   Port     EC state        No of bits
    ------+------+------+------------------+-----------
      0     00     Gi1/0/37 Active             0
      0     00     Gi2/0/37 Active             0
    
    Time since last port bundled:    1d:03h:31m:30s    Gi2/0/37
    Time since last port Un-bundled: 1d:03h:33m:03s    Gi2/0/37
    
    

    Downstream (fw1-lagg1)

    
    sw-master#show etherchannel 2 port-channel
                    Port-channels in the group:
                    ---------------------------
    
    Port-channel: Po2    (Primary Aggregator)
    
    ------------
    
    Age of the Port-channel   = 18d:02h:52m:16s
    Logical slot/port   = 9/2          Number of ports = 2
    HotStandBy port = null
    Port state          = Port-channel Ag-Inuse
    Protocol            =   LACP
    Port security       = Disabled
    
    Ports in the Port-channel:
    
    Index   Load   Port     EC state        No of bits
    ------+------+------+------------------+-----------
      0     00     Gi1/0/38 Active             0
      0     00     Gi2/0/38 Active             0
    
    Time since last port bundled:    1d:03h:32m:24s    Gi2/0/38
    Time since last port Un-bundled: 1d:03h:33m:59s    Gi2/0/38
    
    

    Any HTTP conversation I attempt to have it results in a response from the pfsense device, followed by a browser timeout, and the below log message:

    
    lighttpd[91121]: (connections.c.1692) SSL (error): 5 -1 1 Operation not permitted
    
    

    Any OpenVPN connection that occurs results in an establishment of the session, then the session is dropped.  In the logs it is followed by:

    
    openvpn[93326]: write TCPv4_SERVER: Operation not permitted (code=1)
    
    

    Any SSH sessions I attempt to start allow me to login, then timeout with a Write failed: Broken pipe message. And a log on the server of

    
    sshd[10183]: fatal: Write failed: Operation not permitted
    
    

    I assumed this may have been due to a failure of a NIC, however, a continuous ICMP check (during the failure times) never registers any packet loss.

    What usually resolves this is a forced power off, let it set for a minute, then power back on… however that did not solve it this time.  Since i have failed over to fw2, I have been able to leave fw1 in this state. It is ripe for analysis.

    Any help would be appreciated.



  • Those logs are all indicative of the state table being wiped, or at least the HTTPS and SSH states in particular where that's being logged.

    In OP's case, I'm guessing that's a different issue than yours effgra. Yours is likely somehow pfsync-related. I'd like to check out that system with you if possible, if you can PM me to arrange something.



  • I am facing a similar issue - it started Sunday afternoon, seemingly out of nowhere.  Similar install - 2 CARP systems, Master and Slave (both on 2.2.2-Release, master on 64-bit, slave on 32-bit).  The problem seems to only be affecting my Master - we have been running fine on the Slave since Monday morning.  Since Sunday afternoon, very slow performance with the Master, even just with it's web interface.  I originally thought a hardware failure of some sort (memory, NIC, CPU, etc), but after multiple tests, and rebuilds from scratch (with both 32- and 64-bit), the trouble appears only when I enable the very top check box in High Availability Sync - Synchronize States.

    After a scratch build of the interfaces, I slowly synced each section that I needed, looking and waiting for performance drop.  The last section was the firewall rules, which had no issue, and then turning on sync states, it immediately slowed down.  CPU and memory usage show no changes.  The reason I found this thread was the OP's error showed up in my general logs when I enabled sync states.

    cmb, you may recall my troubles with BGP a couple years ago, and you guys were great in getting that going, no issues since.  BGP runs fine, along with everything else, until that sync states box is checked, and it all poops the bed.  But, as soon as I uncheck that box and save, it all seems fine.  I'm a little hesitant about trying it live like this (I know the changeover will cause interruptions).  I believe the system in question was originally running v2.2.

    Aaron



  • Sorry for the hijack.  After more reading through other threads in the CARP section, I think I will try a downgrade to something like 2.2 on each box.


Log in to reply