Since the last 4.4.5 update I performed today, I have an error when connecting OpenVPN client to NordVPN.
Curiously, after restarting the system, there is no error and it works fine on the first VPN connection. But as soon as I cut the VPN connection, unable to reconnect without error on all other attempts
In the logs, the error is as follows:
daemon.err ovpnclient[ā¦]: write UDP: Operation not permitted (code=1)
Looking on the internet I think the problem could come from the firewall rules: I opened UDP ports 500 and 1194 from the interface but there is still the error
So there is something in the update that caused this.
Can I just say that Iāve got this error, still in 4.5 and 4.5.16 on a MT2500
My OVPN connections to PureVPN just stop working with the above firmware, the only way I can fix it is to roll back to 4.4.6 when it was fixed last.
It connects, then multiple write UDP errors, then it disconnects and canāt connect any more with āunable to resolve hostā errors which continue till the client is stopped and restarted.
Perhaps the devs need to incorporate the fix from 4.4.6 into 4.5 and above?
So for sake of anyone else with the issue, the fix above didnāt fix the issue of the VPN not working, it did stop the DNS error but the VPN doesnāt route traffic.
Iām still working with support, hopefully we get to the bottom of it.
After debugging, we found the workaround for āPureVPN dedicated IPā connection failure, by patching the code:
(Only applies to 4.5.x firmware, mt2500/mt3000/mt6000)
# fixed dns not correct when vpn connection drops
sed -i 's_^\t\[ -f "/tmp/resolv.conf.d_\[ -z "$ACTION" -a -f "/tmp/resolv.conf.d_' /usr/bin/route_policy
# fixed route loop(remote server is routed through ovpnclient interface) when the tunnel ip is a public ip address
sed -i '/trusted_ip/a proto_add_host_dependency "${interface}" "${trusted_ip}"' /etc/openvpn/scripts/ovpnclient-up
Thereās patch will be merged into later firmware version 4.6.
Much appreciated for help debug.@Biffa
Can confirm, all seems good now. Glad to help, and glad it was caught, donāt like running old firmware on something on the edge of my network like that.