Retardo de conexão OpenVPN, logs do servidor PUSH: Mensagem de controle recebida: 'PUSH_REQUEST' várias vezes

1

Estou solucionando um atraso de conexão com meu servidor OpenVPN, que ocorre quando meu cliente se conecta e desconecta algumas vezes (2 a 3 vezes geralmente resultam no comportamento descrito). Nomes de servidor / cliente e endereços IP foram modificados para esta postagem.

O cliente simplesmente trava na conexão, veja o log abaixo:

Fri Mar  3 14:39:34 2017 OpenVPN 2.4.0 [git:master/f5bf296bacce76a8+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 29 2016                                                                                             
Fri Mar  3 14:39:34 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Fri Mar  3 14:39:34 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.2:443                                      
Fri Mar  3 14:39:34 2017 UDP link local (bound): [AF_INET][undef]:443                                                                 
Fri Mar  3 14:39:34 2017 UDP link remote: [AF_INET]127.0.0.2:443                                                                       
Fri Mar  3 14:39:34 2017 [SERVERNAME] Peer Connection Initiated with [AF_INET]127.0.0.2:443

Os registros do servidor mostram o seguinte durante esse atraso:

Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 TLS: new session incoming connection from [AF_INET]127.0.0.2:443
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 VERIFY OK: ~redacted
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 VERIFY OK: ~redacted
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_VER=2.4.0       
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_PLAT=linux      
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_PROTO=2  
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_NCP=2
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_LZ4=1
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_LZ4v2=1  
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_LZO=1
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_COMP_STUB=1                                  
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_COMP_STUBv2=1                                                           
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_TCPNL=1
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1                      
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 TLS: tls_multi_process: untrusted session promoted to semi-trusted
Fri Mar  3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4069 bit RSA
Fri Mar  3 15:05:03 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar  3 15:05:08 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar  3 15:05:13 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar  3 15:05:18 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar  3 15:05:23 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar  3 15:05:28 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'

O arquivo de configuração do servidor é o seguinte:

port 443
proto udp
dev tun
server 172.16.0.0 255.255.255.0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh4096.pem
tls-crypt /etc/openvpn/server/tls-crypt.key
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
auth SHA512
verb 3
comp-lzo
duplicate-cn

Ambos os lados usam o OpenVPN 2.4.0 e o OpenSSL 1.0.2k no Debian.

O que causa esse atraso e como ele pode ser evitado / reduzido?

    
por SaAtomic 03.03.2017 / 15:14

0 respostas