Eu tenho um usuário que não consegue se conectar ao meu servidor OpenVPN de fora do país. Meu servidor é colocado em Portugal e meu cliente está triying Myanmar. A conexão está sempre reiniciando, do lado do usuário. Ele agora está usando uma VPN de backup antiga por meio do PPTP.
Este servidor está funcionando bem com usuários com Windows 10, Linux e MacOS, alguns deles, usando a conexão 8 horas por dia, e está funcionando bem, ainda que nenhum problema seja detectado após meses de uso.
Estou usando uma conexão não padrão por meio da porta TCP 51184 para evitar o bloqueio de serviços de ISPs para portas padrão e traffic shapping.
Nos registros do lado do usuário, tudo fica bem, exceto esta parte:
Fri Jul 28 09:35:32 2017 Attempting to establish TCP connection with [AF_INET]x:51194 [nonblock]
Fri Jul 28 09:35:33 2017 TCP connection established with [AF_INET]x:51194
Fri Jul 28 09:35:33 2017 TCP_CLIENT link local (bound): [AF_INET][undef]:0
Fri Jul 28 09:35:33 2017 TCP_CLIENT link remote: [AF_INET]x:51194
Fri Jul 28 09:36:14 2017 read TCP_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Fri Jul 28 09:36:14 2017 Connection reset, restarting [-1]
Fri Jul 28 09:36:14 2017 Unblocking outside dns using service succeeded.
Fri Jul 28 09:36:14 2017 SIGUSR1[soft,connection-reset] received, process restarting
De logs do lado do servidor é isso que está acontecendo em geral:
Jul 28 04:13:23 openvpn 90566 rui.m/103.x.205.111:63802 SIGUSR1[soft,ping-restart] received, client-instance restarting
Jul 28 04:13:23 openvpn 90566 rui.m/103.x.205.111:63802 [rui.m] Inactivity timeout (--ping-restart), restarting
Jul 28 04:13:18 openvpn 90566 MANAGEMENT: Client disconnected
Jul 28 04:13:18 openvpn 90566 MANAGEMENT: CMD 'quit'
Jul 28 04:13:18 openvpn 90566 MANAGEMENT: CMD 'status 2'
Jul 28 04:13:18 openvpn 90566 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 28 04:12:16 openvpn 90566 MANAGEMENT: Client disconnected
Jul 28 04:12:16 openvpn 90566 MANAGEMENT: CMD 'quit'
Jul 28 04:12:16 openvpn 90566 MANAGEMENT: CMD 'status 2'
Jul 28 04:12:16 openvpn 90566 MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Jul 28 04:11:58 openvpn 90566 rui.m/103.x.205.111:63835 SENT CONTROL [rui.m]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,dhcp-option DOMAIN x.local,dhcp-option DNS 10.0.0.2,block-outside-dns,register-dns,redirect-gateway def1,route-gateway 10.0.8.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.0.8.2 255.255.255.0' (status=1)
Configuração no lado do servidor:
dev ovpns1
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-128-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local x
engine cryptodev
tls-server
server 10.0.8.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9YWwRGF0YWJhcU= false server1 51194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'xVPNca' 1"
lport 51194
management /var/etc/openvpn/server1.sock unix
push "route 10.0.0.0 255.255.255.0"
push "dhcp-option DOMAIN x.local"
push "dhcp-option DNS 10.0.0.2"
push "block-outside-dns"
push "register-dns"
push "redirect-gateway def1"
client-to-client
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
topology subnet
Arquivo de configuração do usuário:
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.dyndns.biz 51194 tcp-client
lport 0
verify-x509-name "xVPNca" name
auth-user-pass
pkcs12 pfSense-TCP-51194-x.p12
tls-auth pfSense-TCP-51194-x-tls.key 1
remote-cert-tls server
comp-lzo adaptive
Tags openvpn