netbird icon indicating copy to clipboard operation
netbird copied to clipboard

Published 20 hours ago verified publisher icon netbirdio

An attempt was made to access a socket in a way forbidden by its access permissions in Windows

Open wizpresso-steve-cy-fan opened this issue 1 year ago • 7 comments

Describe the problem

2024-02-22T11:30:15+08:00 INFO client/internal/login.go:130: peer has been successfully registered on Management Service
2024-02-22T11:30:15+08:00 INFO client/internal/connect.go:95: starting NetBird client version 0.25.8
2024-02-22T11:30:17+08:00 ERRO client/internal/engine.go:279: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-02-22T11:30:17+08:00 ERRO client/internal/connect.go:234: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-02-22T11:30:21+08:00 ERRO client/internal/engine.go:279: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-02-22T11:30:21+08:00 ERRO client/internal/connect.go:234: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

To Reproduce

Steps to reproduce the behavior:

  1. Download the latest Windows Client
  2. Install
  3. Expect to connect, but actual behavior is connection stuck.

Are you using NetBird Cloud?

Yes

NetBird version

0.25.8

NetBird status -d output:

Error: status failed: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

wizpresso-steve-cy-fan avatar Feb 22 '24 03:02 wizpresso-steve-cy-fan

Tried to stop the service then do foreground debug:

2024-02-22T11:39:00+08:00 ERRO client/internal/connect.go:187: error while starting Netbird Connection Engine: open \\.\pipe\ProtectedPrefix\Administrators\WireGuard\wt0: This security ID may not be assigned as the owner of this object.

wizpresso-steve-cy-fan avatar Feb 22 '24 03:02 wizpresso-steve-cy-fan

@wizpresso-steve-cy-fan to run the agent in the foreground on Windows, you can follow the guide documented here: https://docs.netbird.io/how-to/troubleshooting-client#windows

mlsmaycon avatar Feb 22 '24 07:02 mlsmaycon

I also encountered this problem. I collected some logs according to what you said, but there seems to be no more information. FYI,everything seems well until i turn on the hyper-v switch in system and use hyper-v recently, this creates some adapter named vEthernet(xxxxxx),i do not know this is matter or not.

OS version: win10 22H2

Netbird version: 0.26.3

2024-03-15T04:01:13+08:00 DEBG client/internal/login.go:93: connecting to the Management service https://example.domain:443
2024-03-15T04:01:13+08:00 DEBG client/internal/login.go:63: connected to the Management service https://example.domain:443
2024-03-15T04:01:16+08:00 DEBG client/internal/login.go:93: connecting to the Management service https://example.domain:443
2024-03-15T04:01:16+08:00 DEBG client/internal/login.go:63: connected to the Management service https://example.domain:443
2024-03-15T04:01:18+08:00 INFO client/internal/connect.go:96: starting NetBird client version 0.26.3
2024-03-15T04:01:18+08:00 DEBG client/internal/connect.go:157: connecting to the Management service example.domain:443
2024-03-15T04:01:19+08:00 DEBG client/internal/connect.go:165: connected to the Management service example.domain:443
2024-03-15T04:01:21+08:00 DEBG signal/client/grpc.go:90: connected to Signal Service: example.domain:443
2024/03/15 04:01:22 Using existing driver 0.14
2024/03/15 04:01:22 Creating adapter
2024-03-15T04:01:23+08:00 DEBG iface/tun_windows.go:153: adding address 100.65.237.7 to interface: wt0
2024-03-15T04:01:23+08:00 DEBG iface/wg_configurer_usp.go:35: adding Wireguard private key
2024/03/15 04:01:23 Removed orphaned adapter "wt0"
2024-03-15T04:01:36+08:00 ERRO client/internal/engine.go:287: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:36+08:00 DEBG client/internal/engine.go:1104: removing Netbird interface wt0
2024-03-15T04:01:38+08:00 ERRO client/internal/connect.go:235: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:38+08:00 DEBG client/internal/connect.go:157: connecting to the Management service example.domain:443
2024-03-15T04:01:39+08:00 DEBG client/internal/connect.go:165: connected to the Management service example.domain:443
2024-03-15T04:01:41+08:00 DEBG signal/client/grpc.go:90: connected to Signal Service: example.domain:443
2024/03/15 04:01:43 Using existing driver 0.14
2024/03/15 04:01:43 Creating adapter
2024-03-15T04:01:43+08:00 DEBG iface/tun_windows.go:153: adding address 100.65.237.7 to interface: wt0
2024-03-15T04:01:43+08:00 DEBG iface/wg_configurer_usp.go:35: adding Wireguard private key
2024-03-15T04:01:45+08:00 ERRO client/internal/engine.go:287: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:45+08:00 DEBG client/internal/engine.go:1104: removing Netbird interface wt0
2024-03-15T04:01:45+08:00 ERRO client/internal/connect.go:235: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:46+08:00 DEBG client/internal/connect.go:157: connecting to the Management service example.domain:443
2024-03-15T04:01:47+08:00 DEBG client/internal/connect.go:165: connected to the Management service example.domain:443
2024-03-15T04:01:49+08:00 DEBG signal/client/grpc.go:90: connected to Signal Service: example.domain:443

silencer404 avatar Mar 14 '24 20:03 silencer404

It might be related to: https://superuser.com/a/1610009

Can you check the output of:

netsh interface ipv4 show excludedportrange protocol=udp

mlsmaycon avatar Mar 14 '24 20:03 mlsmaycon

Thank you for your help,I solve this bug by reboot my PC one more time. I try to reproduce the problem and succeed,steps list as follows: 1.Create or delete virtual adapter.Netbird works well now. 2.Reboot PC and the issue comes.Run netsh interface ipv4 show excludedportrange protocol=udp ,logs are as follows. 3.Reboot PC one more time,the issue solved.

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
[...]
    51675       51774
    51775       51874   #include port 51820
    51875       51974
    51975       52074
[...]

silencer404 avatar Mar 15 '24 05:03 silencer404

In addition,net stop winnat can also solve this issue.

silencer404 avatar Mar 15 '24 05:03 silencer404

Thank you for your help,I solve this bug by reboot my PC one more time. I try to reproduce the problem and succeed,steps list as follows: 1.Create or delete virtual adapter.Netbird works well now. 2.Reboot PC and the issue comes.Run netsh interface ipv4 show excludedportrange protocol=udp ,logs are as follows. 3.Reboot PC one more time,the issue solved.

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
[...]
    51675       51774
    51775       51874   #include port 51820
    51875       51974
    51975       52074
[...]

Yes. I also noticed that if I reboot the PC to the initial state without any WG tunnels, it would work, but subsequent reconnections would fail (so you can't do any inadvertent disconnection like roaming)

wizpresso-steve-cy-fan avatar Mar 15 '24 07:03 wizpresso-steve-cy-fan

Also having this issue, Windows 10. Selhosted.

W1BTR avatar Jun 13 '24 18:06 W1BTR

Same issue with Windows 11 and netbird 0.28.6. Selfhosted.

timnis avatar Jul 29 '24 10:07 timnis