Сообщения Strangern

Openvpn дисконнект одной машины

конфиг сервера:

local 192.168.1.2
port 1194
proto udp
dev tun
comp-lzo
duplicate-cn
client-to-client
ca «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\ca.crt»
cert «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\win0.crt»
key «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\win0.key»
dh «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem»
tls-server
tls-auth «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\ta.key» 0
tls-timeout 120
server 192.168.10.0 255.255.255.0
ifconfig 192.168.10.2 192.168.10.20
route 192.168.10.0 255.255.255.0
push «route 192.168.10.0 255.255.255.0»
keepalive 10 120
auth SHA1
cipher BF-CBC
max-clients 5
persist-key
persist-tun
status «C:\\Program files\\OpenVPN\\log\\status.log»
log-append «C:\\Program files\\OpenVPN\\log\\openvpn.log»
client-to-client
verb 3

конфиг клиента:

client
dev tun
remote servpn.ath.cx
proto udp
resolv-retry infinite
nobind
pull
comp-lzo
persist-key
persist-tun
verb 3
ns-cert-type server
tls-auth «C:\\Program Files\\OpenVPN\\config\\ta.key» 1
ca «C:\\Program Files\\OpenVPN\\config\\ca.crt»
cert «C:\\Program Files\\OpenVPN\\config\\client.crt»
key «C:\\Program Files\\OpenVPN\\config\\client.key»
auth SHA1
cipher BF-CBC
route-method exe
route-delay 2

Всего 6 компов. один сервер и 5 клиентов, 4 из них работают отлично, все ровно, пятая-постоянные дисконнекты, то есть стандартный пинг где то 1000. такое поведение только на одном компе. менять тун и тап пробовал, статичный ключ пробовал, ставить сервер на другую машину пробовал, сетевую карту менять пробовал. Ничего не помогает. Что думаете? Заранее спасибо.
вот листинг серва:

Mon Nov 23 17:26:20 2009 Initialization Sequence Completed
Mon Nov 23 17:26:22 2009 MULTI: multi_create_instance called
Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Re-using SSL/TLS context
Mon Nov 23 17:26:22 2009 77.45.157.238:3686 LZO compression initialized
Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Local Options hash (VER=V4): '14168603'
Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Expected Remote Options hash (VER=V4): '504e774e'
Mon Nov 23 17:26:22 2009 77.45.157.238:3686 TLS: Initial packet from 77.45.157.238:3686, sid=334ab5b7 3bb4f181
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 VERIFY OK: depth=1, /C=RU/ST=VRN/L=VORONEZH/O=OpenVPN/CN=win0/emailAddress=12345@RAMBLER.RU
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 VERIFY OK: depth=0, /C=RU/ST=VRN/O=OpenVPN/CN=client/emailAddress=12345@RAMBLER.RU
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 23 17:26:23 2009 77.45.157.238:3686 [client] Peer Connection Initiated with 77.45.157.238:3686
Mon Nov 23 17:26:23 2009 client/77.45.157.238:3686 MULTI: Learn: 192.168.10.6 -> client/77.45.157.238:3686
Mon Nov 23 17:26:23 2009 client/77.45.157.238:3686 MULTI: primary virtual IP for client/77.45.157.238:3686: 192.168.10.6
Mon Nov 23 17:26:26 2009 client/77.45.157.238:3686 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 23 17:26:26 2009 client/77.45.157.238:3686 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.6 192.168.10.5' (status=1)
Mon Nov 23 17:26:46 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Nov 23 17:26:55 2009 MULTI: multi_create_instance called
Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Re-using SSL/TLS context
Mon Nov 23 17:26:55 2009 77.45.157.238:3771 LZO compression initialized
Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Local Options hash (VER=V4): '14168603'
Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Expected Remote Options hash (VER=V4): '504e774e'
Mon Nov 23 17:26:55 2009 77.45.157.238:3771 TLS: Initial packet from 77.45.157.238:3771, sid=5ded75b6 f6e792d8
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 VERIFY OK: depth=1, /C=RU/ST=VRN/L=VORONEZH/O=OpenVPN/CN=win0/emailAddress=12345@RAMBLER.RU
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 VERIFY OK: depth=0, /C=RU/ST=VRN/O=OpenVPN/CN=client/emailAddress=12345@RAMBLER.RU
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 23 17:26:56 2009 77.45.157.238:3771 [client] Peer Connection Initiated with 77.45.157.238:3771
Mon Nov 23 17:26:56 2009 client/77.45.157.238:3771 MULTI: Learn: 192.168.10.10 -> client/77.45.157.238:3771
Mon Nov 23 17:26:56 2009 client/77.45.157.238:3771 MULTI: primary virtual IP for client/77.45.157.238:3771: 192.168.10.10
Mon Nov 23 17:26:57 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Nov 23 17:26:59 2009 client/77.45.157.238:3771 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 23 17:26:59 2009 client/77.45.157.238:3771 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.10 192.168.10.9' (status=1)
Mon Nov 23 17:27:07 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Mon Nov 23 17:30:26 2009 client/77.45.157.238:3686 [client] Inactivity timeout (--ping-restart), restarting
Mon Nov 23 17:30:26 2009 client/77.45.157.238:3686 SIGUSR1[soft,ping-restart] received, client-instance restarting

Strangern
(23.11.09 21:50:43 MSK)

6 комментариев

Проблема openvpn disconnect одной машины

суть проблемы, есть 1 сервер и 4 клиента openvpn. 3 клиента прекрасно соединяются, на одном постоянные дисконнекты и как следствие пинг где то 1000. вот конфиги: server

local 192.168.1.2 port 1194 proto udp dev tun comp-lzo duplicate-cn client-to-client ca «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\ca.crt» cert «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\win0.crt» key «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\win0.key» dh «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem» tls-server tls-auth «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\ta.key» 0 tls-timeout 120 server 192.168.10.0 255.255.255.0 ifconfig 192.168.10.2 192.168.10.20 route 192.168.10.0 255.255.255.0 push «route 192.168.10.0 255.255.255.0» keepalive 10 120 auth SHA1 cipher BF-CBC max-clients 5 persist-key persist-tun status «C:\\Program files\\OpenVPN\\log\\status.log» #log-append «C:\\Program files\\OpenVPN\\log\\openvpn.log» client-to-client verb 3

client

client dev tun remote хх.хх.хх.хх proto udp resolv-retry infinite nobind pull comp-lzo persist-key persist-tun verb 3 ns-cert-type server tls-auth «C:\\Program Files\\OpenVPN\\config\\ta.key» 1 ca «C:\\Program Files\\OpenVPN\\config\\ca.crt» cert «C:\\Program Files\\OpenVPN\\config\\client.crt» key «C:\\Program Files\\OpenVPN\\config\\client.key» auth SHA1 cipher BF-CBC route-method exe route-delay 2

перепробовал практически все, менял tun и tap режим, выдавал отдельный ключ, и через статичный пробовал, винду ставил новую(в смысле на клиента) файерволла нет ни на сервере ни на клиенте, сетевую карту пробовал другую, пробовал делать сервером как проблемную, так и другую машину. ничего не помогает. Что это может быть? Заранее спасибо. p/s/ Знаю что форум никсовый, но openvpn одинаково настраивается что в никсах, что в вин32.

вот листинг сервера:

Mon Nov 23 17:26:20 2009 Initialization Sequence Completed Mon Nov 23 17:26:22 2009 MULTI: multi_create_instance called Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Re-using SSL/TLS context Mon Nov 23 17:26:22 2009 77.45.157.238:3686 LZO compression initialized Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Local Options hash (VER=V4): '14168603' Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Expected Remote Options hash (VER=V4): '504e774e' Mon Nov 23 17:26:22 2009 77.45.157.238:3686 TLS: Initial packet from 77.45.157.238:3686, sid=334ab5b7 3bb4f181 Mon Nov 23 17:26:23 2009 77.45.157.238:3686 VERIFY OK: depth=1, /C=RU/ST=VRN/L=VORONEZH/O=OpenVPN/CN=win0/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:23 2009 77.45.157.238:3686 VERIFY OK: depth=0, /C=RU/ST=VRN/O=OpenVPN/CN=client/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Nov 23 17:26:23 2009 77.45.157.238:3686 [client] Peer Connection Initiated with 77.45.157.238:3686 Mon Nov 23 17:26:23 2009 client/77.45.157.238:3686 MULTI: Learn: 192.168.10.6 -> client/77.45.157.238:3686 Mon Nov 23 17:26:23 2009 client/77.45.157.238:3686 MULTI: primary virtual IP for client/77.45.157.238:3686: 192.168.10.6 Mon Nov 23 17:26:26 2009 client/77.45.157.238:3686 PUSH: Received control message: 'PUSH_REQUEST' Mon Nov 23 17:26:26 2009 client/77.45.157.238:3686 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.6 192.168.10.5' (status=1) Mon Nov 23 17:26:46 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Mon Nov 23 17:26:55 2009 MULTI: multi_create_instance called Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Re-using SSL/TLS context Mon Nov 23 17:26:55 2009 77.45.157.238:3771 LZO compression initialized Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Local Options hash (VER=V4): '14168603' Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Expected Remote Options hash (VER=V4): '504e774e' Mon Nov 23 17:26:55 2009 77.45.157.238:3771 TLS: Initial packet from 77.45.157.238:3771, sid=5ded75b6 f6e792d8 Mon Nov 23 17:26:56 2009 77.45.157.238:3771 VERIFY OK: depth=1, /C=RU/ST=VRN/L=VORONEZH/O=OpenVPN/CN=win0/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:56 2009 77.45.157.238:3771 VERIFY OK: depth=0, /C=RU/ST=VRN/O=OpenVPN/CN=client/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Nov 23 17:26:56 2009 77.45.157.238:3771 [client] Peer Connection Initiated with 77.45.157.238:3771 Mon Nov 23 17:26:56 2009 client/77.45.157.238:3771 MULTI: Learn: 192.168.10.10 -> client/77.45.157.238:3771 Mon Nov 23 17:26:56 2009 client/77.45.157.238:3771 MULTI: primary virtual IP for client/77.45.157.238:3771: 192.168.10.10 Mon Nov 23 17:26:57 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Mon Nov 23 17:26:59 2009 client/77.45.157.238:3771 PUSH: Received control message: 'PUSH_REQUEST' Mon Nov 23 17:26:59 2009 client/77.45.157.238:3771 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.10 192.168.10.9' (status=1) Mon Nov 23 17:27:07 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

Strangern
(23.11.09 17:33:36 MSK)

1 комментарий

RSS подписка на новые темы