自从我将 ubuntu 从 14.04 升级到 16.04LTS 后,我的 openvpn 意外退出
以下是openvpn的日志文件内容。
Wed Mar 1 13:46:33 2017 username/123.123.123.123:56729 WARNING: Failed running command (--client-connect): external program exited with error status: 254
Mar 1 13:46:33 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar 1 13:46:33 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar 1 13:46:33 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar 1 13:46:36 2017 username/123.123.123.123:56729 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar 1 13:46:42 2017 :55522 TLS: 123.123.123.123Initial packet from [AF_INET]123.123.123.123:55522, sid=1272ece9 72edde04
Wed Mar 1 13:46:43 2017 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Wed Mar 1 13:46:43 2017 RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
Wed Mar 1 13:46:43 2017 RADIUS-PLUGIN: Client config file was not written, overwriteccfiles is false
.Wed Mar 1 13:46:43 2017 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to map.
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 TLS: Username/Password authentication succeeded for username 'username' [CN SET]
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Wed Mar 1 13:46:43 2017 123.123.123.123:55522 [username] Peer Connection Initiated with [AF_INET]123.123.123.123:55522
Wed Mar 1 13:46:43 2017 username/123.123.123.123:55522 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_DISCONNECT status=0
Wed Mar 1 13:46:43 2017 username/123.123.123.123:55522 openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
Wed Mar 1 13:46:43 2017 username/123.123.123.123:55522 Exiting due to fatal error
Wed Mar 1 13:46:43 2017 username/123.123.123.123:55522 /sbin/ip route del 10.25.38.0/24
Wed Mar 1 13:46:43 2017 username/123.123.123.123:55522 openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
Wed Mar 1 13:46:43 2017 username/123.123.123.123:55522 Exiting due to fatal error
我不知道为什么会出现这种情况。
openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
并导致我的 openvpn 退出 已经被注释掉。LIMITNPROC=10 in /lib/systemd/system/[email protected]
答案1
.service这是OpenVPN systemd 文件中的一个已知问题。
LimitNProc=10更确切地说,systemd 通过文件中的设置将 openvpn 的进程限制在 10 个以内。删除此行即可。/lib/systemd/system/[email protected]
一些来源互联网上说,将此值增加到 100 就足够了。在我的实验中,它不起作用 - 还要注意,10 应该已经足够了,因为 OpenVPN 实际上从未分叉过这么多进程。这可能是一些 systemd 错误。
还要注意,最好创建副本并修改该配置文件。这样,它将覆盖原始设置。/lib/systemd/system/[email protected]/etc/systemd/system/[email protected]
修改 systemd 服务文件后,应该systemctl daemon-reload重新加载它们(无需重启)。