Vpn

OpenVPN 不斷重新授權

  • November 10, 2012

在過去的幾個月裡,我一直在為我的家人在一個小型 VPS 上執行 OpenVPN,並且對此感到滿意。上週我的主機重新啟動了盒子,現在我遇到了問題。他們重新打開了 TUN,這在過去讓我重新開始工作。

我可以連接到 VPN,但是當我嘗試通過它訪問網路時,連接會卡在不斷的重新授權循環中。我已經閱讀了日誌文件,但這對我來說是希臘語。任何人都可以幫助理解這一點嗎?下面是一個會話的日誌文件。

我已經嘗試重新啟動 OpenVPN 服務並重新啟動我的實例,但對這個問題都沒有任何影響。我認為這與通過 VPN 路由流量有關,但除了重新啟動硬體之外我沒有進行任何更改,所以我不確定是什麼觸發了這種情況。客戶端密鑰也是相同的。

Wed Nov  7 11:16:16 2012 MULTI: multi_create_instance called
Wed Nov  7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 Re-using SSL/TLS context
Wed Nov  7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 LZO compression initialized
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Local Options hash (VER=V4): '530fdded'
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:50631, sid=d4a3e774 69029449
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/emailAddress=me@gmail.com
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/emailAddress=me@gmail.com
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:50631
Wed Nov  7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:50631
Wed Nov  7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:50631: 10.8.0.26
Wed Nov  7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov  7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov  7 11:17:00 2012 MULTI: multi_create_instance called
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Re-using SSL/TLS context
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 LZO compression initialized
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Local Options hash (VER=V4): '530fdded'
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:64732, sid=fc2b0817 0fa801c1
Wed Nov  7 11:17:00 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/emailAddress=me@gmail.com
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/emailAddress=me@gmail.com
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:64732
Wed Nov  7 11:17:01 2012 MULTI: new connection by client 'mycomputer' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Nov  7 11:17:01 2012 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:64732
Wed Nov  7 11:17:01 2012 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:64732: 10.8.0.26
Wed Nov  7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov  7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov  7 11:17:07 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:20 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:30 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:37 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:46 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:56 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:06 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:08 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:19 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:29 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:39 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:50 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:59 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:09 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:22 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:32 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:42 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:53 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:03 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:13 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:23 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:34 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:44 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:54 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 [mycomputer] Inactivity timeout (--ping-restart), restarting
Wed Nov  7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SIGUSR1[soft,ping-restart] received, client-instance restarting

我確定這與我的 VPN 無關。我的電腦是 Mac,在我開始遇到這些問題的同時,我已經升級到 Mountain Lion。我使用的 VPN 客戶端Tunnelblick與 Mountain Lion 不兼容。

解決方案是解除安裝 Tunnelblick 併升級到他們最新的 beta 版本。現在我的 VPN 工作正常。

引用自:https://serverfault.com/questions/446432