服务器 Gind.cn
  1. 服务器 Gind.cn
  3. OpenVPN隧道突然停止工作
Intereting Posts
需要MS SQL SAN磁盘arraysconfiguration方面的帮助 HP DL180和外部SAS磁带备份驱动器 Web服务器设置高丢包连接 如何/何时在新的Subversion版本库中创build主干,分支和标签目录? 邮件循环回到我自己 用cp复制大目录填充内存 Strongswan(IKEv2)中的OCSPvalidation失败 网站备份和下载 我的VPS的CPU负载几乎不超过0.2。 我浪费我的钱在未使用的资源? 键盘快捷键来存储input的命令并清理线 Droid的Exchange连接器如何工作? 如何在Microsoft AD CS的自动证书注册中包含服务器的所有dnslogging和IP地址? 在安装操作系统之前testing服务器 我的内存在linux上(没有cache / slab / shm / ipcs) 几个池的zfs快照-rprimefaces?

OpenVPN隧道突然停止工作

我build立了OpenVPN隧道。 它突然停下来推动数据通过它。 连接正常build立,但是我没有ping任何一方(第二个客户端工作正常)。 我已经检查了防火墙(他们closures),并重新启动VPN服务(双方)。

我100%确定设置没有改变时出现问题(我login在服务器上,没有人除了我有访问客户端)。 什么会导致这个问题? 客户端通过GSMnetworking上网,但似乎没问题。

客户端日志(你可以看到,它获取路由等,但在VPN和服务器networking上ping [反之亦然]以超时结束)。 没有尝试重新连接,看起来keepalive通过。 

Fri Apr 17 15:57:00 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014 Fri Apr 17 15:57:00 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08 Fri Apr 17 15:57:00 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] Fri Apr 17 15:57:00 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock] Fri Apr 17 15:57:01 2015 TCP connection established with [AF_INET]xx:1194 Fri Apr 17 15:57:01 2015 TCPv4_CLIENT link local: [undef] Fri Apr 17 15:57:01 2015 TCPv4_CLIENT link remote: [AF_INET]xx:1194 Fri Apr 17 15:57:02 2015 TLS: Initial packet from [AF_INET]xx1194, sid=6b7a62a1 728d49a8 Fri Apr 17 15:57:03 2015 VERIFY OK: depth=1, C=PL, ST=xx, L=xx, O=xx, OU=xx, CN=ca, name=xx, emailAddress=xx Fri Apr 17 15:57:03 2015 VERIFY OK: nsCertType=SERVER Fri Apr 17 15:57:03 2015 VERIFY OK: depth=0, C=PL, ST=xx, L=xx, O=xx, OU=xx, CN=server, name=xx, emailAddress=xx Fri Apr 17 15:57:05 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Apr 17 15:57:05 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 17 15:57:05 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Apr 17 15:57:05 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 17 15:57:05 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Fri Apr 17 15:57:05 2015 [server] Peer Connection Initiated with [AF_INET]xx:1194 Fri Apr 17 15:57:07 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Fri Apr 17 15:57:07 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.80.0 255.255.255.0,route 10.9.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.9.0.6 10.9.0.5' Fri Apr 17 15:57:07 2015 OPTIONS IMPORT: timers and/or timeouts modified Fri Apr 17 15:57:07 2015 OPTIONS IMPORT: --ifconfig/up options modified Fri Apr 17 15:57:07 2015 OPTIONS IMPORT: route options modified Fri Apr 17 15:57:07 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Fri Apr 17 15:57:07 2015 open_tun, tt->ipv6=0 Fri Apr 17 15:57:07 2015 TAP-WIN32 device [Połączenie lokalne 2] opened: \\.\Global\{D7C7226F-B0C5-4344-AA02-F0B6A92BE128}.tap Fri Apr 17 15:57:07 2015 TAP-Windows Driver Version 9.21 Fri Apr 17 15:57:07 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.0.6/255.255.255.252 on interface {D7C7226F-B0C5-4344-AA02-F0B6A92BE128} [DHCP-serv: 10.9.0.5, lease-time: 31536000] Fri Apr 17 15:57:07 2015 Successful ARP Flush on interface [21] {D7C7226F-B0C5-4344-AA02-F0B6A92BE128} Fri Apr 17 15:57:12 2015 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up Fri Apr 17 15:57:12 2015 C:\Windows\system32\route.exe ADD 192.168.80.0 MASK 255.255.255.0 10.9.0.5 Fri Apr 17 15:57:12 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Apr 17 15:57:12 2015 Route addition via IPAPI succeeded [adaptive] Fri Apr 17 15:57:12 2015 C:\Windows\system32\route.exe ADD 10.9.0.1 MASK 255.255.255.255 10.9.0.5 Fri Apr 17 15:57:12 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Apr 17 15:57:12 2015 Route addition via IPAPI succeeded [adaptive] Fri Apr 17 15:57:12 2015 Initialization Sequence Completed

编辑:一段时间后,连接重新启动。 其余的客户端日志如下: 

 Fri Apr 17 16:18:01 2015 Connection reset, restarting [-1] Fri Apr 17 16:18:01 2015 C:\Windows\system32\route.exe DELETE 10.9.0.1 MASK 255.255.255.255 10.9.0.5 Fri Apr 17 16:18:01 2015 Route deletion via IPAPI succeeded [adaptive] Fri Apr 17 16:18:01 2015 C:\Windows\system32\route.exe DELETE 192.168.80.0 MASK 255.255.255.0 10.9.0.5 Fri Apr 17 16:18:01 2015 Route deletion via IPAPI succeeded [adaptive] Fri Apr 17 16:18:01 2015 Closing TUN/TAP interface Fri Apr 17 16:18:01 2015 SIGUSR1[soft,connection-reset] received, process restarting Fri Apr 17 16:18:01 2015 Restart pause, 5 second(s) Fri Apr 17 16:18:06 2015 Socket Buffers: R=[8192->8192] S=[8192->8192] Fri Apr 17 16:18:06 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock] Fri Apr 17 16:18:07 2015 TCP connection established with [AF_INET]xx:1194 Fri Apr 17 16:18:07 2015 TCPv4_CLIENT link local: [undef] Fri Apr 17 16:18:07 2015 TCPv4_CLIENT link remote: [AF_INET]1xx:1194 Fri Apr 17 16:18:07 2015 TLS: Initial packet from [AF_INET]xx1194, sid=fb80fb3e 13452b0e Fri Apr 17 16:18:08 2015 VERIFY OK: depth=1, C=PL, ST=Pxx, L=xx, O=xx, OU=xx, CN=ca, name=xx, emailAddress=xx Fri Apr 17 16:18:08 2015 VERIFY OK: nsCertType=SERVER Fri Apr 17 16:18:08 2015 VERIFY OK: depth=0, C=PL, ST=xx, L=xx, O=xx, OU=xx, CN=server, name=xx, emailAddress=xx Fri Apr 17 16:18:11 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Apr 17 16:18:11 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 17 16:18:11 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Fri Apr 17 16:18:11 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 17 16:18:11 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Fri Apr 17 16:18:11 2015 [server] Peer Connection Initiated with [AF_INET]xx:1194 Fri Apr 17 16:18:13 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Fri Apr 17 16:18:13 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.80.0 255.255.255.0,route 10.9.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.9.0.6 10.9.0.5' Fri Apr 17 16:18:13 2015 OPTIONS IMPORT: timers and/or timeouts modified Fri Apr 17 16:18:13 2015 OPTIONS IMPORT: --ifconfig/up options modified Fri Apr 17 16:18:13 2015 OPTIONS IMPORT: route options modified Fri Apr 17 16:18:13 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Fri Apr 17 16:18:13 2015 open_tun, tt->ipv6=0 Fri Apr 17 16:18:13 2015 TAP-WIN32 device [Połączenie lokalne 2] opened: \\.\Global\{D7C7226F-B0C5-4344-AA02-F0B6A92BE128}.tap Fri Apr 17 16:18:13 2015 TAP-Windows Driver Version 9.21 Fri Apr 17 16:18:13 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.0.6/255.255.255.252 on interface {D7C7226F-B0C5-4344-AA02-F0B6A92BE128} [DHCP-serv: 10.9.0.5, lease-time: 31536000] Fri Apr 17 16:18:13 2015 Successful ARP Flush on interface [21] {D7C7226F-B0C5-4344-AA02-F0B6A92BE128} Fri Apr 17 16:18:18 2015 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down Fri Apr 17 16:18:18 2015 Route: Waiting for TUN/TAP interface to come up... Fri Apr 17 16:18:23 2015 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up Fri Apr 17 16:18:23 2015 C:\Windows\system32\route.exe ADD 192.168.80.0 MASK 255.255.255.0 10.9.0.5 Fri Apr 17 16:18:23 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Apr 17 16:18:23 2015 Route addition via IPAPI succeeded [adaptive] Fri Apr 17 16:18:23 2015 C:\Windows\system32\route.exe ADD 10.9.0.1 MASK 255.255.255.255 10.9.0.5 Fri Apr 17 16:18:23 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Apr 17 16:18:23 2015 Route addition via IPAPI succeeded [adaptive] Fri Apr 17 16:18:23 2015 Initialization Sequence Completed

然后再次。 重新启动,但这次有精确的评论。 星期五Apr 17 16:39:41 2015写TCPv4_CLIENT:由对等方重置连接 

 > (WSAECONNRESET) (code=10054) Fri Apr 17 16:39:43 2015 write > TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054) > Fri Apr 17 16:39:46 2015 write TCPv4_CLIENT: Connection reset by peer > (...) > TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054) > Fri Apr 17 16:40:01 2015 write TCPv4_CLIENT: Connection reset by peer > (WSAECONNRESET) (code=10054) Fri Apr 17 16:40:01 2015 write > TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054) > Fri Apr 17 16:40:04 2015 Connection reset, restarting [-1]

双方都是int tcp协议。 两个证书都是好的(他们在一个小时前工作,他们肯定比创build他们的时候less了10年)。 这个问题能否从其他原因出现而不是连接不良?

服务器configuration: 

 port 1194 proto tcp dev tun ifconfig-pool-persist ipp.txt server 10.9.0.0 255.255.255.0 push "route 192.168.80.0 255.255.255.0" client-config-dir ccd route 192.168.70.0 255.255.255.0 route 192.168.71.0 255.255.255.0 keepalive 10 120 comp-lzo # ustawienia certyfikatów ca ca.crt cert server.crt key server.key dh dh1024.pem status openvpn-status.log verb 3

过去发生了类似的事情。 事实certificate,OpenVPN服务器的磁盘空间不足。 这导致OpenVPN守护进程停止运行,因为不能写入更多的日志。

如果可能,请检查您的服务器可用磁盘空间。