1
18.1 Legacy Series / IPsec VPNs were working. Went down. Won't come back up. Socket write error
« on: June 26, 2018, 01:15:06 am »
A couple of weeks ago I established a site-to-site IPsec VPN to a client's network.
I am running OPNsense V18.110.
He is running SonicOS Enhanced 5.8.1.8-57
The initial configuration went very nicely and everything came up as expected.
The next morning the VPN was down. Restarting both side seemed to fix it. :-/
Now we can't get it to come up. We know of no changes that have been made to the settings on either side other than my upgrading to a newer version of OPNsense.
The IPsec log reports a socket error:
Here is a recent log after attempting to start the connection:
I've done lots of searching and come up with nothing so far.
Input appreciated.
TIA
I am running OPNsense V18.110.
He is running SonicOS Enhanced 5.8.1.8-57
The initial configuration went very nicely and everything came up as expected.
The next morning the VPN was down. Restarting both side seemed to fix it. :-/
Now we can't get it to come up. We know of no changes that have been made to the settings on either side other than my upgrading to a newer version of OPNsense.
The IPsec log reports a socket error:
Quote
charon: 04[NET] error writing to socket: Permission denied
Here is a recent log after attempting to start the connection:
Quote
Date Message
Jun 25 16:11:13 charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:11:13 charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:11:13 charon: 09[IKE] retransmit 3 of request with message ID 0
Jun 25 16:11:03 charon: 03[NET] received unsupported IKE version 14.12 from his.pub.ip.adr, sending INVALID_MAJOR_VERSION
Jun 25 16:11:03 charon: 03[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[4500] (36 bytes)
Jun 25 16:11:03 charon: 03[ENC] generating INFORMATIONAL response 0 [ N(INVAL_MAJOR) ]
Jun 25 16:11:00 charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:11:00 charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:11:00 charon: 09[IKE] retransmit 2 of request with message ID 0
Jun 25 16:10:53 charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:10:53 charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:10:53 charon: 09[IKE] retransmit 1 of request with message ID 0
Jun 25 16:10:49 charon: 04[NET] error writing to socket: Permission denied
Jun 25 16:10:49 charon: 09[NET] sending packet: from my.pub.ip.adr[500] to his.pub.ip.adr[500] (464 bytes)
Jun 25 16:10:49 charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jun 25 16:10:49 charon: 09[IKE] initiating IKE_SA con3[37320] to his.pub.ip.adr
Jun 25 16:10:49 charon: 09[IKE] initiating IKE_SA con3[37320] to his.pub.ip.adr
Jun 25 16:10:49 charon: 06[CFG] received stroke: initiate 'con3'
I've done lots of searching and come up with nothing so far.
Input appreciated.
TIA