Jippy

OpenVpn Newbie
Posts: 3
Joined: Wed Oct 28, 2020 2:54 am

OpenVPN W10 socket protect error

Hi everyone

I have a strange one where I can’t get one computer out of 6 or 7 machines so far to connect to my VPN hosted through my Synology NAS. All the machines run Windows 10 Home and are either a desktop machine I custom assembled, or a variant of a Lenovo Yoga or Thinkpad laptop. I was also able to connect my Android phone without issue, there is just this one machine (one of the Lenovo’s) that just won’t connect.

I have tried allowing an exception to the firewall, disabling the firewall altogether, disabling the anti-virus, checking all the settings against the other machines, flushing the DNS, disabling IPv6 and short of throwing the computer in the bin and buying a new one, tried just about all else.

The log is showing a “socket_protect error (UDP)” and it just attempts to reconnect, brings this error, disconnects, attempts again, rinse and repeat. It has declining so quickly that it feels like it is a firewall issue, however as I mentioned, I disabled that and it did not change anything. The log on the server end is not even showing an attempt by this username to log in which helps cement the suspiction it is being blocked at the local machine end.

It is frustrating that it is just this one machine so far in isolation doing this.

Does anyone have any ideas as to what is causing this?

My configuration (although I doubt this is the issue as it is working on all the other machines):

VPN Config

dev tun
tls-client

Remote was here and removed

# The “float” tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the –remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it’s
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

# If you want to connect by Server’s IPv6 address, you should use
# “proto udp6” in UDP mode or “proto tcp6-client” in TCP mode
proto udp

script-security 2

comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass
<ca>
—–BEGIN CERTIFICATE—–
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
—–END CERTIFICATE—–

</ca>

[oconf=][/oconf]


makiavelli

OpenVpn Newbie
Posts: 1
Joined: Fri Oct 30, 2020 8:01 am

Re: OpenVPN W10 socket protect error

Post

by makiavelli » Fri Oct 30, 2020 8:06 am

Hello,

I have exactly the same issue on my home network as well. I have OpenVPN server configured on EC2 instance, and only 1 out of 3 machines can’t connect to it. All 3 machines are running macOS Catalina 10.15.3 OS and all 3 machines are using native OpenVPN Connect client software

Here is the log from the client side software:
Transport error: socket_protect error

There are no logs falling on server side


Jippy

OpenVpn Newbie
Posts: 3
Joined: Wed Oct 28, 2020 2:54 am

Re: OpenVPN W10 socket protect error

Post

by Jippy » Fri Oct 30, 2020 11:49 pm

I have sorted my machine out, I don’t know what went wrong. I just uninstalled and reinstalled OpenVPN, nothing different about how it installed, used the same certificate and config file, it connected. Very strange! Have you tried that makiavella? It seems very basic “turn it off and on again” type stuff but surprisingly, it actually worked this time!!!


cika8

OpenVpn Newbie
Posts: 2
Joined: Mon Dec 28, 2020 10:35 am

Re: OpenVPN W10 socket protect error

Post

by cika8 » Mon Dec 28, 2020 10:57 am

Hi there. :)
I had the same problem. It’s OpenVPN on Synology server, and we have 10 clients on it. We configured VPN on all 10 clients, and everything was perfect, no drops, disconnects, etc…
After few days I wanted to connect to VPN – it stucks (trying to connect)… Checked everything, Firewall, router, asked IT on workplace, asked ISP, even tried to make hotspot from another ISP, installed ProtonVPN to give me another IP and the result is that I couldn’t connect to VPN with 4 different IPs (even I tried with another OpenVPN account).
After that I installed OpenVPN on Android and successfully connects from Mobile? With same ISP, same IP which PC uses (I mean dynamic IP, not private) and same config file, same account.
When I went to log it says: “Transport Error: socket_protect error (UDP)” and spent 2h on Google what is that and how to solve.
Finally, I uninstalled OpenVPN and installed again, loaded config file and everything is working now… How?
After me, 2 clients experienced the same problem, but they could connect via hotspot or another ISP.
Can someone check is there any problem with UDP protocol or driver or VPN or something else?

Client config

dev tun
tls-client

remote X.X.X.X 1194

pull

proto udp

script-security 2

comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass

client-cert-not-required

<ca>
—–BEGIN CERTIFICATE—–

—–END CERTIFICATE—–

</ca>

Thanks & Regrads. :)

Edit: The last version of OpenVPN connect is used, 3.2.2 (1455)
OS is Windows 10 (20H2), with latest updates.

Last edited by Pippin on Mon Dec 28, 2020 12:55 pm, edited 1 time in total.

Reason: Formatting


User avatar

stipa

OpenVPN Inc.
Posts: 17
Joined: Mon Nov 03, 2014 10:17 am

Re: OpenVPN W10 socket protect error

Post

by stipa » Tue Dec 29, 2020 1:27 pm

It seems that product in question is OpenVPN Connect, which is a proprietary product by OpenVPN Inc and not a community project. Please contact OpenVPN Connect support.


cika8

OpenVpn Newbie
Posts: 2
Joined: Mon Dec 28, 2020 10:35 am

Re: OpenVPN W10 socket protect error

Post

by cika8 » Tue Jan 05, 2021 10:03 pm

Thanks!
It seems that problem is fixed by switching to fiber optic cable (instead of previous satellite, same ISP) in workplace. Everything is now working good (on every client).
I know that this is not related to topic, but maybe it will be useful for someone.

Wish you happy New year! :)


Titiviking

OpenVpn Newbie
Posts: 2
Joined: Mon Mar 14, 2022 9:17 am

Re: OpenVPN W10 socket protect error

Post

by Titiviking » Mon Mar 14, 2022 9:26 am

Check if the service is disabled or not.
Newer installations of the OpenVPN client rely on an agent installed as a service.
By default it is set to Automatic. However when putting it to manual and rebooting, I faced the same errors.

Reinstall would remove the service and reinstall it with automatic startup. That is why reboot seems to ‘fix’ it.

Service:

Code: Select all

OpenVPN Agent agent_ovpnconnect                          Running             Automatic           Local System
OpenVPN Connect Helper Service                                               Manual              Local System


axsdenied

OpenVpn Newbie
Posts: 1
Joined: Fri Jun 17, 2022 5:40 pm

Re: OpenVPN W10 socket protect error

Post

by axsdenied » Fri Jun 17, 2022 5:43 pm

Good tip on checking the service, that worked for me. That said, the service was already set to automatic so why wasn’t it running? Did the service crash?


DesertShadow

OpenVpn Newbie
Posts: 1
Joined: Tue Apr 11, 2023 4:16 am

Re: OpenVPN W10 socket protect error

Post

by DesertShadow » Tue Apr 11, 2023 4:18 am

I get the socket protect error AND the service is running… Any other ideas?


wesowens13

OpenVpn Newbie
Posts: 1
Joined: Mon Jun 26, 2023 10:13 pm

Re: OpenVPN W10 socket protect error

Post

by wesowens13 » Mon Jun 26, 2023 10:20 pm

I had the same problem on my MacOS with the M1 running Ventura.
It ended up being that a service was set to run at startup by OpenVPN Connect that was required in order to connect. I normally disable startup services by default on my MAC, and this was causing the issue.
Fix:
1. Go to “Login Items” in the Settings for the Mac.
2. Enable the OpenVPN Client Option in the Menu.
3. Restart

I now can run OpenVPN without errors and I’ve tested it over multiple restarts. Much better than uninstalling and reinstalling the App everytime.

I tried starting the service manually and running the program, but I have not found a manual way to fix the issue. I’m sure there is a way to start the service through a terminal and then set it up as a script. I was able to get it to work if I don’t use OpenVPN Connect and instead run the openvpn command installed through homebrew, which is easier than writing a new script to start the service.



I’m seeing the same problem on an M1 Mac.
OpenVPN Connect 3.3.6 (4368): Error calling protect () method on socket. Here’s my log:

[Sep 15, 2022, 07:17:13] EVENT: RESOLVE
[Sep 15, 2022, 07:17:13] Contacting
XXX.XXX.XXX.XXX:1194 via UDP
[Sep 15, 2022, 07:17:13] EVENT: WAIT
[Sep 15, 2022, 07:17:13] UnixCommandAgent:
transmitting bypass route to
/var/run/agent_ovpnconnect.sock
"host": "XXX.XXX.XXX.XXX"
"ipv6": false,
"pid": 11202
[Sep 15, 2022, 07:17:13] Transport Error:
socket_protect error (UDP)
[Sep 15, 2022, 07:17:13] Client terminated
restarting in 2000 ms...

Hello,

I am having trouble connecting to my OpenVPN Cloud service using OpenVPN Connect 3.3.6 on MacOS 12.4

I have done extensive googling and tried the following steps several times:

  • uninstall client, reinstall client

  • uninstall client, reboot, reinstall client

  • install client on top of existing client

Basically, I have followed the prevailing wisdom several times, and it doesn’t seem to work, at least for me.

I have narrowed it down to this Macbook Pro. My windows box and android phone are able to connect to the VPN just fine.

I am unable to downgrade to OpenVPN Connect v2 because the VPN requires SAML authentication, which is not supported in the older versions.

Im not looking for a silver bullet, but if you have one that would be great. I’m looking for guidance on where to go from here, all of the public information is just “install the new version of the client” which has been done several times.

Hi lev,

that explains it on the level which I need and understand.

This has actually come up before but in a different way:

On a PC using `--redirect-gateway def1` the host route to the server is 
added in order that VPN packets are not routed back into the tunnel but 
sent directly to the server.

The downside of this being that a client cannot connect to the server 
public IP via the VPN using telnet, for example (Unless they take extra 
steps).

However, the explanation below shows how it is that a smartphone can 
connect to the server public IP via the VPN.

Thanks for your help.



On 29/12/2020 17:36, Lev Stipakov wrote:
> This concept is originally from Android VPN API, which provides a way to
> "protect" socket so that data sent through this socket will go directly to the
> network and will not be forwarded through the VPN.
> 
> OpenVPN3 has been influenced by Android VPN API. It also has a mechanism
> to ensure that data sent through the socket or to specific IP address
> is not routed
> to the VPN. The API method is also named "socket_protect".
> 
> The "protection" implementation is OS-specific and outside of OpenVPN3
> core library.
> Android client (at least ics-openvpn, likely Connect too) indeed calls
> VpnService.protect(). Windows and Mac Connect clients modify routing table and
> add bypass route. Linux client either uses SO_MARK, bind to dev or host route.
> 


This issue is related to https://github.com/OpenVPN/openvpn3/issues/139 which was unfortunately closed without anyone attempting to solve it.

I’m seeing this problem on an M1 Mac.
OpenVPN Connect 3.3.6 (4368): Error calling protect () method on socket. Here’s my log:

[Sep 15, 2022, 07:17:13] EVENT: RESOLVE
[Sep 15, 2022, 07:17:13] Contacting
XXX.XXX.XXX.XXX:1194 via UDP
[Sep 15, 2022, 07:17:13] EVENT: WAIT
[Sep 15, 2022, 07:17:13] UnixCommandAgent:
transmitting bypass route to
/var/run/agent_ovpnconnect.sock
"host": "XXX.XXX.XXX.XXX"
"ipv6": false,
"pid": 11202
[Sep 15, 2022, 07:17:13] Transport Error:
socket_protect error (UDP)
[Sep 15, 2022, 07:17:13] Client terminated
restarting in 2000 ms...

Screen Shot 2022-09-15 at 7 50 46 AM

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *