Eu tenho o túnel OpenVPN estabelecido. De repente parou para empurrar dados através dele. Conexão estabelece normalmente, mas eu não tenho ping de qualquer lado (segundo cliente funciona bem). Eu verifiquei firewalls (eles estão desligados) e reiniciei os serviços VPN (ambos os lados).
Tenho 100% de certeza de que as configurações não foram alteradas quando o problema apareceu (eu estava conectado ao servidor, ninguém além de mim tem acesso ao cliente). O que pode causar esse problema? Cliente tem internet através da rede GSM, mas parece ok.
Registro do cliente (como você pode ver, ele obtém rotas, etc., mas o ping na VPN e na rede do servidor [e vice-versa] termina com o tempo limite). Não há tentativas de reconectar, parece que o keepalive passa.
Fri Apr 17 15:57:00 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014
Fri Apr 17 15:57:00 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Fri Apr 17 15:57:00 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Apr 17 15:57:00 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock]
Fri Apr 17 15:57:01 2015 TCP connection established with [AF_INET]xx:1194
Fri Apr 17 15:57:01 2015 TCPv4_CLIENT link local: [undef]
Fri Apr 17 15:57:01 2015 TCPv4_CLIENT link remote: [AF_INET]xx:1194
Fri Apr 17 15:57:02 2015 TLS: Initial packet from [AF_INET]xx1194, sid=6b7a62a1 728d49a8
Fri Apr 17 15:57:03 2015 VERIFY OK: depth=1, C=PL, ST=xx, L=xx, O=xx, OU=xx, CN=ca, name=xx, emailAddress=xx
Fri Apr 17 15:57:03 2015 VERIFY OK: nsCertType=SERVER
Fri Apr 17 15:57:03 2015 VERIFY OK: depth=0, C=PL, ST=xx, L=xx, O=xx, OU=xx, CN=server, name=xx, emailAddress=xx
Fri Apr 17 15:57:05 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 17 15:57:05 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 17 15:57:05 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 17 15:57:05 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 17 15:57:05 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Apr 17 15:57:05 2015 [server] Peer Connection Initiated with [AF_INET]xx:1194
Fri Apr 17 15:57:07 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Apr 17 15:57:07 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.80.0 255.255.255.0,route 10.9.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.9.0.6 10.9.0.5'
Fri Apr 17 15:57:07 2015 OPTIONS IMPORT: timers and/or timeouts modified
Fri Apr 17 15:57:07 2015 OPTIONS IMPORT: --ifconfig/up options modified
Fri Apr 17 15:57:07 2015 OPTIONS IMPORT: route options modified
Fri Apr 17 15:57:07 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Apr 17 15:57:07 2015 open_tun, tt->ipv6=0
Fri Apr 17 15:57:07 2015 TAP-WIN32 device [Połączenie lokalne 2] opened: \.\Global\{D7C7226F-B0C5-4344-AA02-F0B6A92BE128}.tap
Fri Apr 17 15:57:07 2015 TAP-Windows Driver Version 9.21
Fri Apr 17 15:57:07 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.0.6/255.255.255.252 on interface {D7C7226F-B0C5-4344-AA02-F0B6A92BE128} [DHCP-serv: 10.9.0.5, lease-time: 31536000]
Fri Apr 17 15:57:07 2015 Successful ARP Flush on interface [21] {D7C7226F-B0C5-4344-AA02-F0B6A92BE128}
Fri Apr 17 15:57:12 2015 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Fri Apr 17 15:57:12 2015 C:\Windows\system32\route.exe ADD 192.168.80.0 MASK 255.255.255.0 10.9.0.5
Fri Apr 17 15:57:12 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Apr 17 15:57:12 2015 Route addition via IPAPI succeeded [adaptive]
Fri Apr 17 15:57:12 2015 C:\Windows\system32\route.exe ADD 10.9.0.1 MASK 255.255.255.255 10.9.0.5
Fri Apr 17 15:57:12 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Apr 17 15:57:12 2015 Route addition via IPAPI succeeded [adaptive]
Fri Apr 17 15:57:12 2015 Initialization Sequence Completed
EDIT: Depois de algum tempo, a conexão foi reiniciada. Resto do log do cliente abaixo:
Fri Apr 17 16:18:01 2015 Connection reset, restarting [-1]
Fri Apr 17 16:18:01 2015 C:\Windows\system32\route.exe DELETE 10.9.0.1 MASK 255.255.255.255 10.9.0.5
Fri Apr 17 16:18:01 2015 Route deletion via IPAPI succeeded [adaptive]
Fri Apr 17 16:18:01 2015 C:\Windows\system32\route.exe DELETE 192.168.80.0 MASK 255.255.255.0 10.9.0.5
Fri Apr 17 16:18:01 2015 Route deletion via IPAPI succeeded [adaptive]
Fri Apr 17 16:18:01 2015 Closing TUN/TAP interface
Fri Apr 17 16:18:01 2015 SIGUSR1[soft,connection-reset] received, process restarting
Fri Apr 17 16:18:01 2015 Restart pause, 5 second(s)
Fri Apr 17 16:18:06 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Apr 17 16:18:06 2015 Attempting to establish TCP connection with [AF_INET]xx:1194 [nonblock]
Fri Apr 17 16:18:07 2015 TCP connection established with [AF_INET]xx:1194
Fri Apr 17 16:18:07 2015 TCPv4_CLIENT link local: [undef]
Fri Apr 17 16:18:07 2015 TCPv4_CLIENT link remote: [AF_INET]1xx:1194
Fri Apr 17 16:18:07 2015 TLS: Initial packet from [AF_INET]xx1194, sid=fb80fb3e 13452b0e
Fri Apr 17 16:18:08 2015 VERIFY OK: depth=1, C=PL, ST=Pxx, L=xx, O=xx, OU=xx, CN=ca, name=xx, emailAddress=xx
Fri Apr 17 16:18:08 2015 VERIFY OK: nsCertType=SERVER
Fri Apr 17 16:18:08 2015 VERIFY OK: depth=0, C=PL, ST=xx, L=xx, O=xx, OU=xx, CN=server, name=xx, emailAddress=xx
Fri Apr 17 16:18:11 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 17 16:18:11 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 17 16:18:11 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Apr 17 16:18:11 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Apr 17 16:18:11 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Apr 17 16:18:11 2015 [server] Peer Connection Initiated with [AF_INET]xx:1194
Fri Apr 17 16:18:13 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Apr 17 16:18:13 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.80.0 255.255.255.0,route 10.9.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.9.0.6 10.9.0.5'
Fri Apr 17 16:18:13 2015 OPTIONS IMPORT: timers and/or timeouts modified
Fri Apr 17 16:18:13 2015 OPTIONS IMPORT: --ifconfig/up options modified
Fri Apr 17 16:18:13 2015 OPTIONS IMPORT: route options modified
Fri Apr 17 16:18:13 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Apr 17 16:18:13 2015 open_tun, tt->ipv6=0
Fri Apr 17 16:18:13 2015 TAP-WIN32 device [Połączenie lokalne 2] opened: \.\Global\{D7C7226F-B0C5-4344-AA02-F0B6A92BE128}.tap
Fri Apr 17 16:18:13 2015 TAP-Windows Driver Version 9.21
Fri Apr 17 16:18:13 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.0.6/255.255.255.252 on interface {D7C7226F-B0C5-4344-AA02-F0B6A92BE128} [DHCP-serv: 10.9.0.5, lease-time: 31536000]
Fri Apr 17 16:18:13 2015 Successful ARP Flush on interface [21] {D7C7226F-B0C5-4344-AA02-F0B6A92BE128}
Fri Apr 17 16:18:18 2015 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Fri Apr 17 16:18:18 2015 Route: Waiting for TUN/TAP interface to come up...
Fri Apr 17 16:18:23 2015 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Fri Apr 17 16:18:23 2015 C:\Windows\system32\route.exe ADD 192.168.80.0 MASK 255.255.255.0 10.9.0.5
Fri Apr 17 16:18:23 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Apr 17 16:18:23 2015 Route addition via IPAPI succeeded [adaptive]
Fri Apr 17 16:18:23 2015 C:\Windows\system32\route.exe ADD 10.9.0.1 MASK 255.255.255.255 10.9.0.5
Fri Apr 17 16:18:23 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Apr 17 16:18:23 2015 Route addition via IPAPI succeeded [adaptive]
Fri Apr 17 16:18:23 2015 Initialization Sequence Completed
E novamente. Reinicie, mas desta vez com um comentário preciso. Sex Abr 17 16:39:41 2015 write TCPv4_CLIENT: Conexão redefinida pelo peer
> (WSAECONNRESET) (code=10054) Fri Apr 17 16:39:43 2015 write
> TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
> Fri Apr 17 16:39:46 2015 write TCPv4_CLIENT: Connection reset by peer
> (...)
> TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
> Fri Apr 17 16:40:01 2015 write TCPv4_CLIENT: Connection reset by peer
> (WSAECONNRESET) (code=10054) Fri Apr 17 16:40:01 2015 write
> TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
> Fri Apr 17 16:40:04 2015 Connection reset, restarting [-1]
Ambos os lados são int tcp protocol. Ambos os certificados são bons (eles são trabalhados há uma hora e eles definitivamente têm menos de 10 anos enquanto eu os criava). O problema pode emergir de outra razão que não uma conexão ruim?
Configuração do servidor:
port 1194
proto tcp
dev tun
ifconfig-pool-persist ipp.txt
server 10.9.0.0 255.255.255.0
push "route 192.168.80.0 255.255.255.0"
client-config-dir ccd
route 192.168.70.0 255.255.255.0
route 192.168.71.0 255.255.255.0
keepalive 10 120
comp-lzo
# ustawienia certyfikatów
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
status openvpn-status.log
verb 3
Algo semelhante aconteceu comigo no passado. Acontece que o servidor OpenVPN fica sem espaço em disco. Isso fez com que o daemon do OpenVPN parasse a operação porque nenhum outro log poderia ser gravado.
Se possível, verifique o espaço livre em seu servidor.