OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: davorin on March 03, 2019, 01:14:17 pm

Title: IPSec logs with "error writing to socket: Permission denied"
Post by: davorin on March 03, 2019, 01:14:17 pm

Good day

I am trying to migrate away a site2site VPN connection from a Fritzbox to a SRX240H.

Adding the IPsec tunnel phase1/2 and restarting IPSec I see in the logs of my 19.1.2 box:

Code: [Select]

Mar 3 13:10:14 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:14 charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:14 charon: 16[IKE] <con1|1> sending retransmit 2 of request message ID 0, seq 1
Mar 3 13:10:06 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:06 charon: 16[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:06 charon: 16[IKE] <con1|1> sending retransmit 1 of request message ID 0, seq 1
Mar 3 13:10:02 charon: 04[NET] error writing to socket: Permission denied
Mar 3 13:10:02 charon: 05[NET] <con1|1> sending packet: from y.y.90.159[500] to x.x.53.70[500] (176 bytes)
Mar 3 13:10:02 charon: 05[ENC] <con1|1> generating ID_PROT request 0 [ SA V V V V V ]
Mar 3 13:10:02 charon: 05[IKE] <con1|1> initiating Main Mode IKE_SA con1[1] to x.x.53.70

Any fw rule I missed here?

I just got the basic IPsec rule and the allow ESP rule towards WAN.

Title: Re: IPSec logs with "error writing to socket: Permission denied"
Post by: davorin on March 03, 2019, 01:34:05 pm

Hmm...also see this in the logs when restarting IPSec:

Code: [Select]

Mar 3 13:32:32 ipsec_starter[98955]: charon (43576) started after 60 ms
Mar 3 13:32:32 ipsec_starter[42182]: no known IPsec stack detected, ignoring!
Mar 3 13:32:32 ipsec_starter[42182]: no KLIPS IPsec stack detected
Mar 3 13:32:32 ipsec_starter[42182]: no netkey IPsec stack detected
Mar 3 13:32:32 ipsec_starter[42182]: Starting strongSwan 5.7.2 IPsec [starter]...
Is there some package missing?