OpenVPN desconecta após 10 minutos

0

Eu tenho o Ubuntu 12.04 no AMD64. Eu uso o OpenVPN para conectar da minha casa ao escritório. No Windows, simplesmente funciona. Quando eu instalei no Ubuntu estou usando o mesmo arquivo de configuração do Windows. Eu posso me conectar. Ele funciona alguns minutos depois de repente desconectado e eu perdi toda a conectividade. Eu preciso matar o processo openvpn para restaurar a conectividade à internet. Eu corro openvpn do terminal. (OpenVPN 2.2.1 x86_64-linux-gnu)

Aqui está o log:

Enter Private Key Password:
Thu Sep 12 21:04:35 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Sep 12 21:04:35 2013 LZO compression initialized
Thu Sep 12 21:04:35 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Sep 12 21:04:35 2013 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Sep 12 21:04:35 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Sep 12 21:04:35 2013 Local Options hash (VER=V4): '31fdf004'
Thu Sep 12 21:04:35 2013 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Sep 12 21:04:35 2013 Attempting to establish TCP connection with [AF_INET]89.185.253.33:11194 [nonblock]
Thu Sep 12 21:04:36 2013 TCP connection established with [AF_INET]89.185.253.33:11194
Thu Sep 12 21:04:36 2013 TCPv4_CLIENT link local: [undef]
Thu Sep 12 21:04:36 2013 TCPv4_CLIENT link remote: [AF_INET]89.185.253.33:11194
Thu Sep 12 21:04:36 2013 TLS: Initial packet from [AF_INET]89.185.253.33:11194, sid=897cedfa 30d3a48b
Thu Sep 12 21:04:37 2013 VERIFY OK: depth=1, /C=CZ/ST=Czech_Republic/O=Syntactic_Sugar_s._r._o./OU=Technical_Support/CN=SyntacticSugarCA/[email protected]
Thu Sep 12 21:04:37 2013 VERIFY OK: depth=0, /C=CZ/ST=Czech_Republic/L=Pilsen/O=Syntactic_Sugar_s._r._o./OU=Technical_Support/CN=plymouth.syntacticsugar.com/[email protected]
Thu Sep 12 21:04:38 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Sep 12 21:04:38 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 12 21:04:38 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Sep 12 21:04:38 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 12 21:04:38 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Thu Sep 12 21:04:38 2013 [plymouth.syntacticsugar.com] Peer Connection Initiated with [AF_INET]89.185.253.33:11194
Thu Sep 12 21:04:40 2013 SENT CONTROL [plymouth.syntacticsugar.com]: 'PUSH_REQUEST' (status=1)
Thu Sep 12 21:04:40 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.0.0.1,dhcp-option DNS 10.0.0.3,ping 10,ping-restart 120,route 192.168.2.0 255.255.255.0 10.0.0.6,route 192.168.120.32 255.255.255.224 10.0.0.6,route 192.168.120.64 255.255.255.192 10.0.0.6,route 192.168.120.128 255.255.255.128 10.0.0.6,route 192.168.20.0 255.255.255.0 10.0.0.6,ifconfig 10.0.0.128 255.255.0.0'
Thu Sep 12 21:04:40 2013 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 12 21:04:40 2013 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 12 21:04:40 2013 OPTIONS IMPORT: route options modified
Thu Sep 12 21:04:40 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Sep 12 21:04:40 2013 ROUTE default_gateway=192.168.2.1
Thu Sep 12 21:04:40 2013 TUN/TAP device tap0 opened
Thu Sep 12 21:04:40 2013 TUN/TAP TX queue length set to 100
Thu Sep 12 21:04:40 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Sep 12 21:04:40 2013 /sbin/ifconfig tap0 10.0.0.128 netmask 255.255.0.0 mtu 1500 broadcast 10.0.255.255
Thu Sep 12 21:04:40 2013 WARNING: potential route subnet conflict between local LAN [192.168.2.0/255.255.255.0] and remote VPN [192.168.2.0/255.255.255.0]
Thu Sep 12 21:04:40 2013 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.0.0.6
Thu Sep 12 21:04:40 2013 /sbin/route add -net 192.168.120.32 netmask 255.255.255.224 gw 10.0.0.6
Thu Sep 12 21:04:40 2013 /sbin/route add -net 192.168.120.64 netmask 255.255.255.192 gw 10.0.0.6
Thu Sep 12 21:04:40 2013 /sbin/route add -net 192.168.120.128 netmask 255.255.255.128 gw 10.0.0.6
Thu Sep 12 21:04:40 2013 /sbin/route add -net 192.168.20.0 netmask 255.255.255.0 gw 10.0.0.6
Thu Sep 12 21:04:40 2013 Initialization Sequence Completed
Thu Sep 12 21:11:43 2013 [plymouth.syntacticsugar.com] Inactivity timeout (--ping-restart), restarting
Thu Sep 12 21:11:43 2013 TCP/UDP: Closing socket
Thu Sep 12 21:11:43 2013 SIGUSR1[soft,ping-restart] received, process restarting
Thu Sep 12 21:11:43 2013 Restart pause, 5 second(s)
Thu Sep 12 21:11:48 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Sep 12 21:11:48 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Sep 12 21:11:48 2013 Re-using SSL/TLS context
Thu Sep 12 21:11:48 2013 LZO compression initialized
Thu Sep 12 21:11:48 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Sep 12 21:11:48 2013 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Sep 12 21:12:28 2013 RESOLVE: Cannot resolve host address: plymouth.syntacticsugar.com: [HOST_NOT_FOUND] The specified host is unknown.
Thu Sep 12 21:12:28 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Sep 12 21:12:28 2013 Local Options hash (VER=V4): '31fdf004'
Thu Sep 12 21:12:28 2013 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Sep 12 21:13:08 2013 RESOLVE: Cannot resolve host address: plymouth.syntacticsugar.com: [HOST_NOT_FOUND] The specified host is unknown.
Thu Sep 12 21:13:53 2013 RESOLVE: Cannot resolve host address: plymouth.syntacticsugar.com: [HOST_NOT_FOUND] The specified host is unknown.
Thu Sep 12 21:14:38 2013 RESOLVE: Cannot resolve host address: plymouth.syntacticsugar.com: [HOST_NOT_FOUND] The specified host is unknown.

Alguém sabe o que pode ser um problema? Eu não sou especialista em Linux.

    
por Joe Bobson 13.09.2013 / 21:50

2 respostas

1

Eu estou supondo que plymouth.syntacticsugar.com é o nome do servidor OpenVPN? Se for esse o caso, então eu também presumo que seu servidor VPN está empurrando os servidores DNS para sua máquina local para usar na resolução de nomes, mas os servidores DNS que eles estão pressionando não estão resolvendo o nome plymouth.syntacticsugar.com . O que significa que uma vez que sua conexão de DNS tenha sido estabelecida, sua conexão permanecerá aberta até que o nome expire fora do cache do DNS.

Tente ajustar sua configuração do OpenVPN para usar um endereço IP em vez de um nome DNS para o remote .

Você também pode precisar adicionar uma rota estática em sua configuração local para garantir que os servidores DNS locais ainda estejam acessíveis quando a conexão VPN for estabelecida.

    
por 13.09.2013 / 22:55
0

Isso parece o problema:

Thu Sep 12 21:04:40 2013 WARNING: potential route subnet conflict between local LAN [192.168.2.0/255.255.255.0] and remote VPN [192.168.2.0/255.255.255.0]

A VPN parece estar usando a mesma sub-rede que você é, então você se depara com problemas.

Altere sua sub-rede local ou você provavelmente precisará adicionar rotas estáticas a plymouth.syntacticsugar.com

    
por 15.09.2013 / 18:57