Permission denied when starting node service using systemd

Hi! i have a weird problem where when i start teleport daemon as a node it gives me permission denied but when i run the command that the systemd server runs it connects to the auth server

here’s my systemd file

[Unit]
Description=Teleport SSH Service
After=network.target

[Service]
Type=simple
Restart=on-failure
ExecStart=/etc/teleport/teleport start --roles=node --config=/etc/teleport/teleport.yaml --pid-file=/var/run/teleport.pid
ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/var/run/teleport.pid

[Install]
WantedBy=multi-user.target

This gives me the error of
ERRO [AUTH] Failed to dial auth server :3025: dial tcp :3025: connect: permission denied. auth/clt.go:150
ERRO [PROC:1] Node failed to establish connection to cluster: Get https://:3025/v1/webapi/find: dial tcp :3025: connect: permission denied. time/sleep.go:149

but when i run /etc/teleport/teleport start --roles=node --config=/etc/teleport/teleport.yaml the node connects just fine and i can see it in the clusters and tsh to it

Can you please show us the contents of /etc/teleport/teleport.yaml? Also the output of teleport version would be helpful. Thanks!

this is my node config

teleport:
  auth_token: "ixxxxxxxxxxx"
  ca_pin: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  auth_servers:
    - "tele-auth.domain.com:3025"
  data_dir: /var/lib/teleport
  nodename: tele-node.domain.com
  pid_file: /var/run/teleport.pid
  log:
    output: /var/lib/teleport/teleport.log
    severity: ERROR
ssh_service:
  enabled: "yes"
  commands:
  - name: hostname
    command: [/usr/bin/hostname]
    period: 1m0s
  - name: arch
    command: [/usr/bin/uname, -p]
    period: 1h0m0s
proxy_service:
  enabled: "no"
auth_service:
  enabled: "no"

this is my auth/proxy server config

teleport: 
  nodename: tele-auth.domain.com
  data_dir: /var/lib/teleport
  pid_file: /var/run/teleport.pid
  auth_token: xxxxxxxxxxxxxxxxxxxxx
  auth_servers:
  - tele-auth.domain.com:3025
  connection_limits:
    max_connections: 15000
    max_users: 250
  log:
    output: /var/lib/teleport/teleport.log
    severity: ERROR
  ca_pin: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
auth_service:
  enabled: "yes"
  listen_addr: 0.0.0.0:3025
  public_addr: tele-auth.domain.com:3025
  cluster_name: "prod"
  tokens:
    - node:xxxxxxxxxxxxxxxxxxxxx
    - proxy:xxxxxxxxxxxxxxxxxxxxx
    - trusted_cluster:xxxxxxxxxxxxxxxxxxxxx
  session_recording: ""
  public_addr: "tele-auth.domain.com"
  client_idle_timeout: 0s
  disconnect_expired_cert: false
  keep_alive_count_max: 0
ssh_service:
  enabled: "yes"
  commands:
  - name: hostname
    command: [/usr/bin/hostname]
    period: 1m0s
  - name: arch
    command: [/usr/bin/uname, -p]
    period: 1h0m0s
proxy_service:
  enabled: "yes"
  listen_addr: tele-auth.domain.com:3023
  tunnel_listen_addr: tele-auth.domain.com:3024
  web_listen_addr: tele-auth.domain.com:3080
  public_addr: "tele-auth.domain.com"
  https_cert_file: /etc/teleport/cert/teleport_cert.pem
  https_key_file: /etc/teleport/cert/teleport_key.pem

Thanks - let’s continue to discuss this on the Github issue you opened (https://github.com/gravitational/teleport/issues/4032)

I’ll close this topic for now.

Edit: The issue here turned out to be that SELinux was denying permission to the connect syscall.