Ssh

當 OpenVPN 客戶端打開時,遠端 ssh 訪問不起作用

  • October 30, 2014

我是一個新使用者論壇,我正在做我的第一個 VPN 設置。

我購買了帶有 PrivateInternetAccess 的 VPN 服務。我正在 VMware ESXi 遠端主機上設置 Linux VM(CentOS 6.5 伺服器)。它位於另一個 VM 後面,它為多個 VM 提供 NAT 功能。我擁有對 ESXi 主機和 NAT 伺服器的完全訪問權限,可以進行必要的更改。

我在伺服器上有一個 openvpn 客戶端,它工作正常。

我的問題是,當我啟動客戶端並且隧道工作時,我失去了通過 ssh 與伺服器的連接。

我想我必須添加一條規則來分隔配置文件或在 Iptables 中保持打開 ssh 埠。

如果您需要任何其他資訊,我會盡快添加。

=============

客戶端配置文件:

client
dev tun
proto udp
remote xxx.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
crl-verify /etc/openvpn/crl.pem
tls-client
remote-cert-tls server
comp-lzo
reneg-sec 0
verb 4 # verbose mode
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn-log.log

auth-user-pass /etc/openvpn/login.pia

=============

連接到 VPN 的 IP 客戶端是(隧道 ips 每次會話都會更改):

eth1      Link encap:Ethernet  HWaddr 00:0C:29:6F:FA:48  
         inet addr:192.168.100.13  Bcast:192.168.100.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
test 1:
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
         inet addr:10.113.1.6  P-t-P:10.113.1.5  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
test 2:
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
         inet addr:10.188.1.10  P-t-P:10.188.1.9  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

Tunnel vpn public IP: test 1: 93.115.83.16
                     test 2: 5.254.100.67
                     test 3: 93.115.85.39

=============

/etc/sysconfig/iptables 文件:

# Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014
*mangle
:PREROUTING ACCEPT [3340:3277701]
:INPUT ACCEPT [3114:3220261]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2532:706816]
:POSTROUTING ACCEPT [2532:706816]
COMMIT
# Completed on Fri Oct 24 08:19:30 2014
# Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Oct 24 08:19:30 2014
# Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Oct 24 08:19:30 2014

=============

iptables 允許所有流量,因為具有 vpn 客戶端的伺服器在另一個伺服器後面,這使得路由,沒有過濾。

連接到 VPN 後,“iptables -L -n -v”的輸出為:

Chain INPUT (policy ACCEPT 1185 packets, 1301K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 1490 packets, 568K bytes)
pkts bytes target     prot opt in     out     source               destination

對於“iptables -L -n -v -t nat”

Chain PREROUTING (policy ACCEPT 18 packets, 1475 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 4 packets, 236 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 4 packets, 236 bytes)
pkts bytes target     prot opt in     out     source               destination

=============

執行 vpn 客戶端之前的路由 (netstat -rn)

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
0.0.0.0         192.168.100.10  0.0.0.0         UG        0 0          0 eth1

執行 vpn 客戶端后的路由 (netstat -rn)

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.110.1.5      0.0.0.0         255.255.255.255 UH        0 0          0 tun0
93.115.85.39    192.168.100.10  255.255.255.255 UGH       0 0          0 eth1
10.110.1.1      10.110.1.5      255.255.255.255 UGH       0 0          0 tun0
192.168.100.0   0.0.0.0         255.255.255.0   U         0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
0.0.0.0         10.110.1.5      128.0.0.0       UG        0 0          0 tun0
128.0.0.0       10.110.1.5      128.0.0.0       UG        0 0          0 tun0
0.0.0.0         192.168.100.10  0.0.0.0         UG        0 0          0 eth1

=============

我已經解決了在伺服器和我用來登錄的公共 IP 之間使用靜態路由的問題。

ip route add my.local.pc.ip/32 via 192.168.100.10 dev eth1

最好的祝福

我找到了這個之前的文章,我按照他的步驟更改了我的網路設置,但我還沒有讓它工作。

匿名化 OpenVPN 允許 SSH 訪問內部伺服器

我想我遺漏了一些東西,或者私有網際網路訪問設置(通過推送接收)被阻止生效。

知道如何繼續測試嗎?

openvpn 客戶端日誌,動詞 4:

Mon Oct 27 17:54:14 2014 us=164352 Current Parameter Settings:
Mon Oct 27 17:54:14 2014 us=164412   config = '/etc/openvpn/client.conf'
Mon Oct 27 17:54:14 2014 us=164422   mode = 0
Mon Oct 27 17:54:14 2014 us=164429   persist_config = DISABLED
Mon Oct 27 17:54:14 2014 us=164436   persist_mode = 1
Mon Oct 27 17:54:14 2014 us=164443   show_ciphers = DISABLED
Mon Oct 27 17:54:14 2014 us=164449   show_digests = DISABLED
Mon Oct 27 17:54:14 2014 us=164455   show_engines = DISABLED
Mon Oct 27 17:54:14 2014 us=164461   genkey = DISABLED
Mon Oct 27 17:54:14 2014 us=164467   key_pass_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164473   show_tls_ciphers = DISABLED
Mon Oct 27 17:54:14 2014 us=164479 Connection profiles [default]:
Mon Oct 27 17:54:14 2014 us=164485   proto = udp
Mon Oct 27 17:54:14 2014 us=164491   local = '192.168.100.13'
Mon Oct 27 17:54:14 2014 us=164497   local_port = 1194
Mon Oct 27 17:54:14 2014 us=164503   remote = 'ro.privateinternetaccess.com'
Mon Oct 27 17:54:14 2014 us=164509   remote_port = 1194
Mon Oct 27 17:54:14 2014 us=164515   remote_float = DISABLED
Mon Oct 27 17:54:14 2014 us=164521   bind_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=164527   bind_local = ENABLED
Mon Oct 27 17:54:14 2014 us=164533   connect_retry_seconds = 5
Mon Oct 27 17:54:14 2014 us=164539   connect_timeout = 10
Mon Oct 27 17:54:14 2014 us=164545   connect_retry_max = 0
Mon Oct 27 17:54:14 2014 us=164551   socks_proxy_server = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164557   socks_proxy_port = 0
Mon Oct 27 17:54:14 2014 us=164563   socks_proxy_retry = DISABLED
Mon Oct 27 17:54:14 2014 us=164568   tun_mtu = 1500
Mon Oct 27 17:54:14 2014 us=164574   tun_mtu_defined = ENABLED
Mon Oct 27 17:54:14 2014 us=164580   link_mtu = 1500
Mon Oct 27 17:54:14 2014 us=164586   link_mtu_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=164592   tun_mtu_extra = 0
Mon Oct 27 17:54:14 2014 us=164598   tun_mtu_extra_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=164603   mtu_discover_type = -1
Mon Oct 27 17:54:14 2014 us=164609   fragment = 0
Mon Oct 27 17:54:14 2014 us=164615   mssfix = 1450
Mon Oct 27 17:54:14 2014 us=164621   explicit_exit_notification = 0
Mon Oct 27 17:54:14 2014 us=164628 Connection profiles END
Mon Oct 27 17:54:14 2014 us=164634   remote_random = DISABLED
Mon Oct 27 17:54:14 2014 us=164640   ipchange = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164646   dev = 'tun'
Mon Oct 27 17:54:14 2014 us=164651   dev_type = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164657   dev_node = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164663   lladdr = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164669   topology = 1
Mon Oct 27 17:54:14 2014 us=164675   tun_ipv6 = DISABLED
Mon Oct 27 17:54:14 2014 us=164681   ifconfig_local = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164686   ifconfig_remote_netmask = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164692   ifconfig_noexec = DISABLED
Mon Oct 27 17:54:14 2014 us=164698   ifconfig_nowarn = DISABLED
Mon Oct 27 17:54:14 2014 us=164704   ifconfig_ipv6_local = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164710   ifconfig_ipv6_netbits = 0
Mon Oct 27 17:54:14 2014 us=164715   ifconfig_ipv6_remote = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164721   shaper = 0
Mon Oct 27 17:54:14 2014 us=164727   mtu_test = 0
Mon Oct 27 17:54:14 2014 us=164733   mlock = DISABLED
Mon Oct 27 17:54:14 2014 us=164739   keepalive_ping = 0
Mon Oct 27 17:54:14 2014 us=164745   keepalive_timeout = 0
Mon Oct 27 17:54:14 2014 us=164750   inactivity_timeout = 0
Mon Oct 27 17:54:14 2014 us=164756   ping_send_timeout = 0
Mon Oct 27 17:54:14 2014 us=164762   ping_rec_timeout = 0
Mon Oct 27 17:54:14 2014 us=164769   ping_rec_timeout_action = 0
Mon Oct 27 17:54:14 2014 us=164775   ping_timer_remote = DISABLED
Mon Oct 27 17:54:14 2014 us=164781   remap_sigusr1 = 0
Mon Oct 27 17:54:14 2014 us=164787   persist_tun = ENABLED
Mon Oct 27 17:54:14 2014 us=164793   persist_local_ip = DISABLED
Mon Oct 27 17:54:14 2014 us=164798   persist_remote_ip = DISABLED
Mon Oct 27 17:54:14 2014 us=164804   persist_key = ENABLED
Mon Oct 27 17:54:14 2014 us=164810   passtos = DISABLED
Mon Oct 27 17:54:14 2014 us=164816   resolve_retry_seconds = 1000000000
Mon Oct 27 17:54:14 2014 us=164825   username = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164831   groupname = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164837   chroot_dir = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164843   cd_dir = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164849   writepid = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164854   up_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164860   down_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164866   down_pre = DISABLED
Mon Oct 27 17:54:14 2014 us=164872   up_restart = DISABLED
Mon Oct 27 17:54:14 2014 us=164878   up_delay = DISABLED
Mon Oct 27 17:54:14 2014 us=164883   daemon = DISABLED
Mon Oct 27 17:54:14 2014 us=164889   inetd = 0
Mon Oct 27 17:54:14 2014 us=164895   log = ENABLED
Mon Oct 27 17:54:14 2014 us=164901   suppress_timestamps = DISABLED
Mon Oct 27 17:54:14 2014 us=164907   nice = 0
Mon Oct 27 17:54:14 2014 us=164913   verbosity = 4
Mon Oct 27 17:54:14 2014 us=164918   mute = 0
Mon Oct 27 17:54:14 2014 us=164924   gremlin = 0
Mon Oct 27 17:54:14 2014 us=164930   status_file = '/etc/openvpn/openvpn-status.log'
Mon Oct 27 17:54:14 2014 us=164936   status_file_version = 1
Mon Oct 27 17:54:14 2014 us=164942   status_file_update_freq = 60
Mon Oct 27 17:54:14 2014 us=164948   occ = ENABLED
Mon Oct 27 17:54:14 2014 us=164954   rcvbuf = 65536
Mon Oct 27 17:54:14 2014 us=164960   sndbuf = 65536
Mon Oct 27 17:54:14 2014 us=164965   mark = 0
Mon Oct 27 17:54:14 2014 us=164971   sockflags = 0
Mon Oct 27 17:54:14 2014 us=164977   fast_io = DISABLED
Mon Oct 27 17:54:14 2014 us=164983   lzo = 7
Mon Oct 27 17:54:14 2014 us=164988   route_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164994   route_default_gateway = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165000   route_default_metric = 0
Mon Oct 27 17:54:14 2014 us=165006   route_noexec = DISABLED
Mon Oct 27 17:54:14 2014 us=165012   route_delay = 0
Mon Oct 27 17:54:14 2014 us=165018   route_delay_window = 30
Mon Oct 27 17:54:14 2014 us=165024   route_delay_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=165030   route_nopull = DISABLED
Mon Oct 27 17:54:14 2014 us=165036   route_gateway_via_dhcp = DISABLED
Mon Oct 27 17:54:14 2014 us=165042   max_routes = 100
Mon Oct 27 17:54:14 2014 us=165048   allow_pull_fqdn = DISABLED
Mon Oct 27 17:54:14 2014 us=165054   management_addr = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165059   management_port = 0
Mon Oct 27 17:54:14 2014 us=165065   management_user_pass = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165071   management_log_history_cache = 250
Mon Oct 27 17:54:14 2014 us=165077   management_echo_buffer_size = 100
Mon Oct 27 17:54:14 2014 us=165083   management_write_peer_info_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165089   management_client_user = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165095   management_client_group = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165101   management_flags = 0
Mon Oct 27 17:54:14 2014 us=165107   shared_secret_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165113   key_direction = 0
Mon Oct 27 17:54:14 2014 us=165119   ciphername_defined = ENABLED
Mon Oct 27 17:54:14 2014 us=165125   ciphername = 'BF-CBC'
Mon Oct 27 17:54:14 2014 us=165131   authname_defined = ENABLED
Mon Oct 27 17:54:14 2014 us=165136   authname = 'SHA1'
Mon Oct 27 17:54:14 2014 us=165142   prng_hash = 'SHA1'
Mon Oct 27 17:54:14 2014 us=165148   prng_nonce_secret_len = 16
Mon Oct 27 17:54:14 2014 us=165154   keysize = 0
Mon Oct 27 17:54:14 2014 us=165160   engine = DISABLED
Mon Oct 27 17:54:14 2014 us=165166   replay = ENABLED
Mon Oct 27 17:54:14 2014 us=165172   mute_replay_warnings = DISABLED
Mon Oct 27 17:54:14 2014 us=165178   replay_window = 64
Mon Oct 27 17:54:14 2014 us=165184   replay_time = 15
Mon Oct 27 17:54:14 2014 us=165204   packet_id_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165211   use_iv = ENABLED
Mon Oct 27 17:54:14 2014 us=165217   test_crypto = DISABLED
Mon Oct 27 17:54:14 2014 us=165223   tls_server = DISABLED
Mon Oct 27 17:54:14 2014 us=165229   tls_client = ENABLED
Mon Oct 27 17:54:14 2014 us=165235   key_method = 2
Mon Oct 27 17:54:14 2014 us=165241   ca_file = '/etc/openvpn/ca.crt'
Mon Oct 27 17:54:14 2014 us=165253   ca_path = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165260   dh_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165266   cert_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165272   priv_key_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165278   pkcs12_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165284   cipher_list = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165290   tls_verify = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165296   tls_export_cert = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165302   verify_x509_type = 0
Mon Oct 27 17:54:14 2014 us=165308   verify_x509_name = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165313   crl_file = '/etc/openvpn/crl.pem'
Mon Oct 27 17:54:14 2014 us=165319   ns_cert_type = 0
Mon Oct 27 17:54:14 2014 us=165325   remote_cert_ku[i] = 160
Mon Oct 27 17:54:14 2014 us=165331   remote_cert_ku[i] = 136
Mon Oct 27 17:54:14 2014 us=165337   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165343   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165348   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165354   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165360   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165366   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165371   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165377   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165383   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165389   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165394   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165400   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165406   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165412   remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165418   remote_cert_eku = 'TLS Web Server Authentication'
Mon Oct 27 17:54:14 2014 us=165424   ssl_flags = 0
Mon Oct 27 17:54:14 2014 us=165430   tls_timeout = 2
Mon Oct 27 17:54:14 2014 us=165436   renegotiate_bytes = 0
Mon Oct 27 17:54:14 2014 us=165442   renegotiate_packets = 0
Mon Oct 27 17:54:14 2014 us=165447   renegotiate_seconds = 0
Mon Oct 27 17:54:14 2014 us=165453   handshake_window = 60
Mon Oct 27 17:54:14 2014 us=165459   transition_window = 3600
Mon Oct 27 17:54:14 2014 us=165465   single_session = DISABLED
Mon Oct 27 17:54:14 2014 us=165471   push_peer_info = DISABLED
Mon Oct 27 17:54:14 2014 us=165476   tls_exit = DISABLED
Mon Oct 27 17:54:14 2014 us=165482   tls_auth_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165488   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165494   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165500   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165506   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165512   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165518   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165524   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165529   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165535   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165541   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165547   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165553   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165559   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165564   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165570   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165576   pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165582   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165588   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165594   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165600   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165606   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165617   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165624   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165630   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165636   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165642   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165648   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165654   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165660   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165666   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165672   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165678   pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165683   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165689   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165695   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165701   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165707   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165712   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165718   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165724   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165730   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165736   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165741   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165747   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165753   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165759   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165764   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165770   pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165776   pkcs11_pin_cache_period = -1
Mon Oct 27 17:54:14 2014 us=165782   pkcs11_id = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165788   pkcs11_id_management = DISABLED
Mon Oct 27 17:54:14 2014 us=166003   server_network = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166025   server_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166034   server_network_ipv6 = ::
Mon Oct 27 17:54:14 2014 us=166040   server_netbits_ipv6 = 0
Mon Oct 27 17:54:14 2014 us=166047   server_bridge_ip = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166053   server_bridge_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166060   server_bridge_pool_start = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166067   server_bridge_pool_end = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166073   ifconfig_pool_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166079   ifconfig_pool_start = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166086   ifconfig_pool_end = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166092   ifconfig_pool_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166098   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166105   ifconfig_pool_persist_refresh_freq = 600
Mon Oct 27 17:54:14 2014 us=166111   ifconfig_ipv6_pool_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166117   ifconfig_ipv6_pool_base = ::
Mon Oct 27 17:54:14 2014 us=166123   ifconfig_ipv6_pool_netbits = 0
Mon Oct 27 17:54:14 2014 us=166129   n_bcast_buf = 256
Mon Oct 27 17:54:14 2014 us=166135   tcp_queue_limit = 64
Mon Oct 27 17:54:14 2014 us=166141   real_hash_size = 256
Mon Oct 27 17:54:14 2014 us=166147   virtual_hash_size = 256
Mon Oct 27 17:54:14 2014 us=166153   client_connect_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166159   learn_address_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166165   client_disconnect_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166172   client_config_dir = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166178   ccd_exclusive = DISABLED
Mon Oct 27 17:54:14 2014 us=166184   tmp_dir = '/tmp'
Mon Oct 27 17:54:14 2014 us=166203   push_ifconfig_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166210   push_ifconfig_local = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166217   push_ifconfig_remote_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166223   push_ifconfig_ipv6_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166240   push_ifconfig_ipv6_local = ::/0
Mon Oct 27 17:54:14 2014 us=166248   push_ifconfig_ipv6_remote = ::
Mon Oct 27 17:54:14 2014 us=166254   enable_c2c = DISABLED
Mon Oct 27 17:54:14 2014 us=166260   duplicate_cn = DISABLED
Mon Oct 27 17:54:14 2014 us=166266   cf_max = 0
Mon Oct 27 17:54:14 2014 us=166272   cf_per = 0
Mon Oct 27 17:54:14 2014 us=166278   max_clients = 1024
Mon Oct 27 17:54:14 2014 us=166284   max_routes_per_client = 256
Mon Oct 27 17:54:14 2014 us=166290   auth_user_pass_verify_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166296   auth_user_pass_verify_script_via_file = DISABLED
Mon Oct 27 17:54:14 2014 us=166302   port_share_host = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166308   port_share_port = 0
Mon Oct 27 17:54:14 2014 us=166314   client = ENABLED
Mon Oct 27 17:54:14 2014 us=166320   pull = ENABLED
Mon Oct 27 17:54:14 2014 us=166326   auth_user_pass_file = '/etc/openvpn/login.pia'
Mon Oct 27 17:54:14 2014 us=166334 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Mon Oct 27 17:54:14 2014 us=199516 LZO compression initialized
Mon Oct 27 17:54:14 2014 us=199583 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Oct 27 17:54:14 2014 us=199625 Socket Buffers: R=[124928->131072] S=[124928->131072]
Mon Oct 27 17:54:14 2014 us=202292 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 27 17:54:14 2014 us=202322 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Oct 27 17:54:14 2014 us=202330 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Oct 27 17:54:14 2014 us=202348 Local Options hash (VER=V4): '41690919'
Mon Oct 27 17:54:14 2014 us=202359 Expected Remote Options hash (VER=V4): '530fdded'
Mon Oct 27 17:54:14 2014 us=202372 UDPv4 link local (bound): [AF_INET]192.168.100.13:1194
Mon Oct 27 17:54:14 2014 us=202379 UDPv4 link remote: [AF_INET]93.115.83.244:1194
Mon Oct 27 17:54:14 2014 us=239323 TLS: Initial packet from [AF_INET]93.115.83.244:1194, sid=bb2e3c12 9e137b77
Mon Oct 27 17:54:14 2014 us=239417 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 27 17:54:14 2014 us=472807 CRL CHECK OK: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com
Mon Oct 27 17:54:14 2014 us=472851 VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com
Mon Oct 27 17:54:14 2014 us=472999 Validating certificate key usage
Mon Oct 27 17:54:14 2014 us=473009 ++ Certificate has key usage  00a0, expects 00a0
Mon Oct 27 17:54:14 2014 us=473016 VERIFY KU OK
Mon Oct 27 17:54:14 2014 us=473025 Validating certificate extended key usage
Mon Oct 27 17:54:14 2014 us=473033 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Oct 27 17:54:14 2014 us=473040 VERIFY EKU OK
Mon Oct 27 17:54:14 2014 us=473087 CRL CHECK OK: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
Mon Oct 27 17:54:14 2014 us=473106 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
Mon Oct 27 17:54:14 2014 us=639441 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 27 17:54:14 2014 us=639472 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 27 17:54:14 2014 us=639518 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 27 17:54:14 2014 us=639526 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 27 17:54:14 2014 us=639577 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 27 17:54:14 2014 us=639597 [Private Internet Access] Peer Connection Initiated with [AF_INET]93.115.83.244:1194
Mon Oct 27 17:54:16 2014 us=697840 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
Mon Oct 27 17:54:16 2014 us=734290 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,route 10.126.1.1,topology net30,ifconfig 10.126.1.6 10.126.1.5'
Mon Oct 27 17:54:16 2014 us=734376 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 27 17:54:16 2014 us=734386 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 27 17:54:16 2014 us=734393 OPTIONS IMPORT: route options modified
Mon Oct 27 17:54:16 2014 us=734398 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 27 17:54:16 2014 us=734549 ROUTE_GATEWAY 192.168.100.10/255.255.255.0 IFACE=eth1 HWADDR=00:0c:29:6f:fa:48
Mon Oct 27 17:54:16 2014 us=746608 TUN/TAP device tun0 opened
Mon Oct 27 17:54:16 2014 us=746628 TUN/TAP TX queue length set to 100
Mon Oct 27 17:54:16 2014 us=746641 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Oct 27 17:54:16 2014 us=746659 /sbin/ip link set dev tun0 up mtu 1500
Mon Oct 27 17:54:16 2014 us=748139 /sbin/ip addr add dev tun0 local 10.126.1.6 peer 10.126.1.5
Mon Oct 27 17:54:16 2014 us=748976 /sbin/ip route add 93.115.83.244/32 via 192.168.100.10
Mon Oct 27 17:54:16 2014 us=749737 /sbin/ip route add 0.0.0.0/1 via 10.126.1.5
Mon Oct 27 17:54:16 2014 us=750310 /sbin/ip route add 128.0.0.0/1 via 10.126.1.5
Mon Oct 27 17:54:16 2014 us=750803 /sbin/ip route add 10.126.1.1/32 via 10.126.1.5
Mon Oct 27 17:54:16 2014 us=751309 Initialization Sequence Completed

Mon Oct 27 17:56:45 2014 us=819279 event_wait : Interrupted system call (code=4)
Mon Oct 27 17:56:45 2014 us=819485 TCP/UDP: Closing socket
Mon Oct 27 17:56:45 2014 us=819530 /sbin/ip route del 10.126.1.1/32
Mon Oct 27 17:56:45 2014 us=820269 /sbin/ip route del 93.115.83.244/32
Mon Oct 27 17:56:45 2014 us=820850 /sbin/ip route del 0.0.0.0/1
Mon Oct 27 17:56:45 2014 us=821401 /sbin/ip route del 128.0.0.0/1
Mon Oct 27 17:56:45 2014 us=821927 Closing TUN/TAP interface
Mon Oct 27 17:56:45 2014 us=821953 /sbin/ip addr del dev tun0 local 10.126.1.6 peer 10.126.1.5
Mon Oct 27 17:56:45 2014 us=834264 SIGINT[hard,] received, process exiting

引用自:https://serverfault.com/questions/639648