Eu tenho usado o OpenVPN em um pequeno VPS para minha família nos últimos meses e estou feliz com isso. Na semana passada, meu host reiniciou a caixa e agora estou tendo problemas. Eles voltaram a ligar a TUN, que no passado me colocou de volta em operação.
Eu posso conectar-me à VPN, mas quando tento acessar a Web por meio dela, a conexão fica presa em um loop contínuo de nova autorização. Eu li através dos arquivos de log, mas isso é grego para mim. Alguém pode ajudar a entender isso? Abaixo está um arquivo de log para uma sessão.
Eu tentei reiniciar o serviço OpenVPN e reinicializar minha instância, e não tive nenhum efeito sobre esse problema. Eu acho que tem a ver com o tráfego de roteamento através da VPN, mas eu não mudei nada além de reiniciar o hardware, então não tenho certeza do que teria desencadeado isso. As chaves do cliente são as mesmas também.
Wed Nov 7 11:16:16 2012 MULTI: multi_create_instance called
Wed Nov 7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 Re-using SSL/TLS context
Wed Nov 7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 LZO compression initialized
Wed Nov 7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov 7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov 7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Local Options hash (VER=V4): '530fdded'
Wed Nov 7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov 7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:50631, sid=d4a3e774 69029449
Wed Nov 7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/[email protected]
Wed Nov 7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/[email protected]
Wed Nov 7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov 7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:50631
Wed Nov 7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:50631
Wed Nov 7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:50631: 10.8.0.26
Wed Nov 7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov 7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov 7 11:17:00 2012 MULTI: multi_create_instance called
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Re-using SSL/TLS context
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 LZO compression initialized
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Local Options hash (VER=V4): '530fdded'
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:64732, sid=fc2b0817 0fa801c1
Wed Nov 7 11:17:00 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/[email protected]
Wed Nov 7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/[email protected]
Wed Nov 7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov 7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:64732
Wed Nov 7 11:17:01 2012 MULTI: new connection by client 'mycomputer' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Nov 7 11:17:01 2012 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:64732
Wed Nov 7 11:17:01 2012 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:64732: 10.8.0.26
Wed Nov 7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov 7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov 7 11:17:07 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:17:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:17:20 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:17:30 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:17:37 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:17:46 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:17:56 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:18:06 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:18:08 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:18:19 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:18:29 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:18:39 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:18:50 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:18:59 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:19:09 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:19:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:19:22 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:19:32 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:19:42 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:19:53 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:20:03 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:20:13 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:20:23 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:20:34 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:20:44 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:20:54 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov 7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 [mycomputer] Inactivity timeout (--ping-restart), restarting
Wed Nov 7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SIGUSR1[soft,ping-restart] received, client-instance restarting