search

netbirdio / netbird

Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
9.87k stars 428 forks source link

An attempt was made to access a socket in a way forbidden by its access permissions in Windows #1607

Open wizpresso-steve-cy-fan opened 4 months ago

wizpresso-steve-cy-fan commented 4 months ago

Describe the problem

2024-02-22T11:30:15+08:00 INFO client/internal/login.go:130: peer has been successfully registered on Management Service
2024-02-22T11:30:15+08:00 INFO client/internal/connect.go:95: starting NetBird client version 0.25.8
2024-02-22T11:30:17+08:00 ERRO client/internal/engine.go:279: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-02-22T11:30:17+08:00 ERRO client/internal/connect.go:234: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-02-22T11:30:21+08:00 ERRO client/internal/engine.go:279: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-02-22T11:30:21+08:00 ERRO client/internal/connect.go:234: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.

To Reproduce

Steps to reproduce the behavior:

  1. Download the latest Windows Client
  2. Install
  3. Expect to connect, but actual behavior is connection stuck.

Are you using NetBird Cloud?

Yes

NetBird version

0.25.8

NetBird status -d output:

Error: status failed: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
wizpresso-steve-cy-fan commented 4 months ago

Tried to stop the service then do foreground debug:

2024-02-22T11:39:00+08:00 ERRO client/internal/connect.go:187: error while starting Netbird Connection Engine: open \\.\pipe\ProtectedPrefix\Administrators\WireGuard\wt0: This security ID may not be assigned as the owner of this object.
mlsmaycon commented 4 months ago

@wizpresso-steve-cy-fan to run the agent in the foreground on Windows, you can follow the guide documented here: https://docs.netbird.io/how-to/troubleshooting-client#windows

silencer404 commented 3 months ago

I also encountered this problem. I collected some logs according to what you said, but there seems to be no more information. FYI,everything seems well until i turn on the hyper-v switch in system and use hyper-v recently, this creates some adapter named vEthernet(xxxxxx),i do not know this is matter or not.

OS version: win10 22H2

Netbird version: 0.26.3

2024-03-15T04:01:13+08:00 DEBG client/internal/login.go:93: connecting to the Management service https://example.domain:443
2024-03-15T04:01:13+08:00 DEBG client/internal/login.go:63: connected to the Management service https://example.domain:443
2024-03-15T04:01:16+08:00 DEBG client/internal/login.go:93: connecting to the Management service https://example.domain:443
2024-03-15T04:01:16+08:00 DEBG client/internal/login.go:63: connected to the Management service https://example.domain:443
2024-03-15T04:01:18+08:00 INFO client/internal/connect.go:96: starting NetBird client version 0.26.3
2024-03-15T04:01:18+08:00 DEBG client/internal/connect.go:157: connecting to the Management service example.domain:443
2024-03-15T04:01:19+08:00 DEBG client/internal/connect.go:165: connected to the Management service example.domain:443
2024-03-15T04:01:21+08:00 DEBG signal/client/grpc.go:90: connected to Signal Service: example.domain:443
2024/03/15 04:01:22 Using existing driver 0.14
2024/03/15 04:01:22 Creating adapter
2024-03-15T04:01:23+08:00 DEBG iface/tun_windows.go:153: adding address 100.65.237.7 to interface: wt0
2024-03-15T04:01:23+08:00 DEBG iface/wg_configurer_usp.go:35: adding Wireguard private key
2024/03/15 04:01:23 Removed orphaned adapter "wt0"
2024-03-15T04:01:36+08:00 ERRO client/internal/engine.go:287: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:36+08:00 DEBG client/internal/engine.go:1104: removing Netbird interface wt0
2024-03-15T04:01:38+08:00 ERRO client/internal/connect.go:235: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:38+08:00 DEBG client/internal/connect.go:157: connecting to the Management service example.domain:443
2024-03-15T04:01:39+08:00 DEBG client/internal/connect.go:165: connected to the Management service example.domain:443
2024-03-15T04:01:41+08:00 DEBG signal/client/grpc.go:90: connected to Signal Service: example.domain:443
2024/03/15 04:01:43 Using existing driver 0.14
2024/03/15 04:01:43 Creating adapter
2024-03-15T04:01:43+08:00 DEBG iface/tun_windows.go:153: adding address 100.65.237.7 to interface: wt0
2024-03-15T04:01:43+08:00 DEBG iface/wg_configurer_usp.go:35: adding Wireguard private key
2024-03-15T04:01:45+08:00 ERRO client/internal/engine.go:287: failed to pull up wgInterface [wt0]: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:45+08:00 DEBG client/internal/engine.go:1104: removing Netbird interface wt0
2024-03-15T04:01:45+08:00 ERRO client/internal/connect.go:235: error while starting Netbird Connection Engine: listen udp4 :51820: bind: An attempt was made to access a socket in a way forbidden by its access permissions.
2024-03-15T04:01:46+08:00 DEBG client/internal/connect.go:157: connecting to the Management service example.domain:443
2024-03-15T04:01:47+08:00 DEBG client/internal/connect.go:165: connected to the Management service example.domain:443
2024-03-15T04:01:49+08:00 DEBG signal/client/grpc.go:90: connected to Signal Service: example.domain:443
mlsmaycon commented 3 months ago

It might be related to: https://superuser.com/a/1610009

Can you check the output of:

netsh interface ipv4 show excludedportrange protocol=udp
silencer404 commented 3 months ago

Thank you for your help,I solve this bug by reboot my PC one more time. I try to reproduce the problem and succeed,steps list as follows: 1.Create or delete virtual adapter.Netbird works well now. 2.Reboot PC and the issue comes.Run netsh interface ipv4 show excludedportrange protocol=udp ,logs are as follows. 3.Reboot PC one more time,the issue solved.

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
[...]
    51675       51774
    51775       51874   #include port 51820
    51875       51974
    51975       52074
[...]
silencer404 commented 3 months ago

In addition,net stop winnat can also solve this issue.

wizpresso-steve-cy-fan commented 3 months ago

Thank you for your help,I solve this bug by reboot my PC one more time. I try to reproduce the problem and succeed,steps list as follows: 1.Create or delete virtual adapter.Netbird works well now. 2.Reboot PC and the issue comes.Run netsh interface ipv4 show excludedportrange protocol=udp ,logs are as follows. 3.Reboot PC one more time,the issue solved.

Protocol tcp Port Exclusion Ranges

Start Port    End Port
----------    --------
[...]
    51675       51774
    51775       51874   #include port 51820
    51875       51974
    51975       52074
[...]

Yes. I also noticed that if I reboot the PC to the initial state without any WG tunnels, it would work, but subsequent reconnections would fail (so you can't do any inadvertent disconnection like roaming)

W1BTR commented 3 weeks ago

Also having this issue, Windows 10. Selhosted.