Opened 5 years ago

Last modified 4 years ago

#1146 new Bug / Defect

Error in add_block_dns_filters(): FwpEngineOpen: open fwp session failed : In der Endpunktzuordnung sind keine weiteren Endpunkte verfügbar. [status=0x6d9]

Reported by: hildeb Owned by:
Priority: major Milestone:
Component: Networking Version: OpenVPN 2.4.6 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

One of my users cannot log-in using opevpn, since the activation of the firewall/DNS blocking is failing (log is attached).

Wed Dec 05 20:44:40 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Wed Dec 05 20:44:40 2018 Windows version 6.1 (Windows 7) 64bit
Wed Dec 05 20:44:40 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
...
Wed Dec 05 20:46:03 2018 Error in add_block_dns_filters(): FwpEngineOpen?: open fwp session failed : In der Endpunktzuordnung sind keine weiteren Endpunkte verfügbar. [status=0x6d9]
Wed Dec 05 20:46:03 2018 MANAGEMENT: Client disconnected
Wed Dec 05 20:46:03 2018 Blocking DNS failed!
Wed Dec 05 20:46:03 2018 Exiting due to fatal error

I found several mentions of "Block_DNS: adding block dns filters using service failed: There are no more endpoints available from the endpoint mapper. [status=0x6d9]"

Like here:
https://forum.netgate.com/topic/122516/openvpn-blocking-dns-failed-unable-to-connect-to-vpn

Attachments (1)

charite-schenkc.log (5.7 KB) - added by hildeb 5 years ago.

Download all attachments as: .zip

Change History (4)

Changed 5 years ago by hildeb

Attachment: charite-schenkc.log added

comment:1 Changed 5 years ago by Selva Nair

As "no end points available from endpoint mapper" is RPC related and opening the WFP engine itself seems to fail (which doesn't require any extra privileges), I suspect some required firewall related services are not running on the host or some other security software is interfering with it.

The more verbose log linked to at https://community.openvpn.net/openvpn/attachment/ticket/1146/charite-schenkc.log is with interactive service not running (or GUI run as admin?). Please start the GUI as limited user, ensure interactive service is running, set verb=4 and post the logs. Also check the eventviewer to see any additional errors logged there by the service.

The log linked to through forum.netgate.com is using the service but not verbose enough (use verb=4).

comment:2 Changed 4 years ago by Gert Döring

11 months with no reply - @hildeb: what shall we do about this?

comment:3 Changed 4 years ago by tct

Reminder #1238

Note: See TracTickets for help on using tickets.