我有一个用户无法从国外连接到我的OpenVPN服务器。 我的服务器被放置在葡萄牙,我的客户正在缅甸。 连接始终从用户端重新启动。 他现在通过PPTP使用旧的备份VPN。
这台服务器与Windows 10,Linux和MacOS的用户正常工作,其中一些使用连接每天8小时,使用数月后仍然工作正常,仍然没有发现问题。
我正在通过端口TCP 51184使用非标准连接,以避免服务被ISP阻塞到默认端口和通信量。
从用户端日志来看,除了这部分外,都看得很好:
Fri Jul 28 09:35:32 2017 Attempting to establish TCP connection with [AF_INET]x:51194 [nonblock] Fri Jul 28 09:35:33 2017 TCP connection established with [AF_INET]x:51194 Fri Jul 28 09:35:33 2017 TCP_CLIENT link local (bound): [AF_INET][undef]:0 Fri Jul 28 09:35:33 2017 TCP_CLIENT link remote: [AF_INET]x:51194 Fri Jul 28 09:36:14 2017 read TCP_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060) Fri Jul 28 09:36:14 2017 Connection reset, restarting [-1] Fri Jul 28 09:36:14 2017 Unblocking outside dns using service succeeded. Fri Jul 28 09:36:14 2017 SIGUSR1[soft,connection-reset] received, process restarting 从服务器端日志是这是一般情况下发生的事情:
Jul 28 04:13:23 openvpn 90566 rui.m/103.x.205.111:63802 SIGUSR1[soft,ping-restart] received, client-instance restarting Jul 28 04:13:23 openvpn 90566 rui.m/103.x.205.111:63802 [rui.m] Inactivity timeout (--ping-restart), restarting Jul 28 04:13:18 openvpn 90566 MANAGEMENT: Client disconnected Jul 28 04:13:18 openvpn 90566 MANAGEMENT: CMD 'quit' Jul 28 04:13:18 openvpn 90566 MANAGEMENT: CMD 'status 2' Jul 28 04:13:18 openvpn 90566 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock Jul 28 04:12:16 openvpn 90566 MANAGEMENT: Client disconnected Jul 28 04:12:16 openvpn 90566 MANAGEMENT: CMD 'quit' Jul 28 04:12:16 openvpn 90566 MANAGEMENT: CMD 'status 2' Jul 28 04:12:16 openvpn 90566 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock Jul 28 04:11:58 openvpn 90566 rui.m/103.x.205.111:63835 SENT CONTROL [rui.m]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,dhcp-option DOMAIN x.local,dhcp-option DNS 10.0.0.2,block-outside-dns,register-dns,redirect-gateway def1,route-gateway 10.0.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.0.8.2 255.255.255.0' (status=1)
服务器端configuration:
dev ovpns1 verb 3 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto tcp-server cipher AES-128-CBC auth SHA256 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local x engine cryptodev tls-server server 10.0.8.0 255.255.255.0 client-config-dir /var/etc/openvpn-csc/server1 username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9YWwRGF0YWJhcU= false server1 51194" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'xVPNca' 1" lport 51194 management /var/etc/openvpn/server1.sock unix push "route 10.0.0.0 255.255.255.0" push "dhcp-option DOMAIN x.local" push "dhcp-option DNS 10.0.0.2" push "block-outside-dns" push "register-dns" push "redirect-gateway def1" client-to-client duplicate-cn ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.1024 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo adaptive topology subnet
用户configuration文件:
dev tun persist-tun persist-key cipher AES-128-CBC auth SHA256 tls-client client resolv-retry infinite remote x.dyndns.biz 51194 tcp-client lport 0 verify-x509-name "xVPNca" name auth-user-pass pkcs12 pfSense-TCP-51194-x.p12 tls-auth pfSense-TCP-51194-x-tls.key 1 remote-cert-tls server comp-lzo adaptive