我在跑步镓操作系统原生在 Chromebook 上并且喜欢它,但有一个问题。一直以来,当我将笔记本电脑从睡眠状态唤醒或更改 WiFi 网络时,我都会失去互联网连接。路由表是空的,直到我发出以下命令。
sudo systemctl restart openvpn
我在跑步乌夫沃和开放VPN,但我发现完全禁用 ufw 并不能解决这个问题。只有禁用和停止 openvpn 似乎才能解决此问题。我在下面列出了我已经尝试过的笔记,包括与 ufw、openvpn 和 NetworkManager 相关的 syslog 条目。我还尝试更改 openvpn client.conf 文件中的 ping、ping-restart 和 keepalive 选项。好像没什么作用!!
我的笔记:
11:47 重启并连接到 iPhone 热点。
连接良好。
路由表:
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.7.7.1 128.0.0.0 UG 0 0 0 tun0
default 172.20.10.1 0.0.0.0 UG 600 0 0 wlp2s0
10.7.7.0 * 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.7.7.1 128.0.0.0 UG 0 0 0 tun0
228-12-88-167.r 172.20.10.1 255.255.255.255 UGH 0 0 0 wlp2s0
link-local * 255.255.0.0 U 1000 0 0 wlp2s0
172.20.10.0 * 255.255.255.240 U 600 0 0 wlp2s0
UFW 状态:
To Action From
-- ------ ----
[my VPN IP] ALLOW OUT Anywhere
Anywhere ALLOW OUT Anywhere on tun0
22 ALLOW OUT Anywhere
[my VPN DNS server1] ALLOW OUT Anywhere
[my VPN DNS server2] ALLOW OUT Anywhere
Anywhere (v6) ALLOW OUT Anywhere (v6) on tun0
22 (v6) ALLOW OUT Anywhere (v6)
OpenVPN 服务状态
mike@mikecb:/var/log$ sudo systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2019-02-04 11:47:06 CST; 4min 12s ago
Process: 898 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 898 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/openvpn.service
Feb 04 11:47:06 mikecb systemd[1]: Starting OpenVPN service...
Feb 04 11:47:06 mikecb systemd[1]: Started OpenVPN service.
我在系统日志中收到很多条目,显示 UFW 正在阻止传出请求。然而,完全禁用 UFW 并不能解决我遇到的主要问题,所以我怀疑它是无关的。
启动后 syslog.1 中没有条目。启动后 boot.log 中没有任何条目。
syslog 中与 NetworkManager 相关的有趣条目:
Feb 4 11:47:15 mikecb NetworkManager[794]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
Feb 4 11:47:59 mikecb NetworkManager[794]: <warn> [1549302479.5826] dhcp6 (wlp2s0): request timed out
Feb 4 11:47:59 mikecb NetworkManager[794]: <info> [1549302479.5827] dhcp6 (wlp2s0): state changed unknown -> timeout
Feb 4 11:47:59 mikecb NetworkManager[794]: <info> [1549302479.5848] dhcp6 (wlp2s0): canceled DHCP transaction, DHCP client pid 1194
Feb 4 11:47:59 mikecb NetworkManager[794]: <info> [1549302479.5849] dhcp6 (wlp2s0): state changed timeout -> done
在 syslog 中没有发现与 openvpn 相关的问题。
中午 12:03 与热点断开连接。
系统日志中没有与 openvpn 相关的新条目。
NetworkManager 系统日志中的新条目:
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.5421] device (wlp2s0): state change: activated -> deactivating (reason 'user-requested') [100 110 39]
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.5425] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.5628] audit: op="device-disconnect" interface="wlp2s0" ifindex=2 pid=1111 uid=1000 result="success"
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.5645] device (wlp2s0): state change: deactivating -> disconnected (reason 'user-requested') [110 30 39]
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.5962] dhcp4 (wlp2s0): canceled DHCP transaction, DHCP client pid 1087
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.5963] dhcp4 (wlp2s0): state changed bound -> done
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.6379] dns-mgr: Writing DNS information to /sbin/resolvconf
Feb 4 12:03:54 mikecb NetworkManager[794]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.7019] dns-mgr: Removing DNS information from /sbin/resolvconf
Feb 4 12:03:54 mikecb NetworkManager[794]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
Feb 4 12:03:54 mikecb NetworkManager[794]: <warn> [1549303434.7436] sup-iface[0x29790c0,wlp2s0]: connection disconnected (reason -3)
Feb 4 12:03:54 mikecb NetworkManager[794]: <info> [1549303434.7439] device (wlp2s0): supplicant interface state: completed -> disconnected
正如预期的那样,路由表为空,并且没有连接。
中午 12:07 重新连接到热点。
路由表仍然是空的。
无法连接到互联网。
openvpn 的 syslog 中有趣的条目:
Feb 4 12:06:53 mikecb ovpn-client[746]: [us2838.nordvpn.com] Inactivity timeout (--ping-restart), restarting
Feb 4 12:06:53 mikecb ovpn-client[746]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 4 12:06:53 mikecb ovpn-client[746]: Restart pause, 5 second(s)
Feb 4 12:06:58 mikecb ovpn-client[746]: NOTE: --fast-io is disabled since we are not using UDP
Feb 4 12:06:58 mikecb ovpn-client[746]: Socket Buffers: R=[87380->425984] S=[16384->425984]
Feb 4 12:06:58 mikecb ovpn-client[746]: Attempting to establish TCP connection with [AF_INET][MY VPN IP]:443 [nonblock]
Feb 4 12:07:08 mikecb ovpn-client[746]: TCP: connect to [AF_INET][MY VPN IP]:443 failed, will try again in 5 seconds: Connection timed out
Feb 4 12:07:23 mikecb ovpn-client[746]: TCP: connect to [AF_INET][MY VPN IP]:443 failed, will try again in 5 seconds: Connection timed out
Feb 4 12:07:38 mikecb ovpn-client[746]: TCP: connect to [AF_INET][MY VPN IP]:443 failed, will try again in 5 seconds: Connection timed out
Feb 4 12:07:53 mikecb ovpn-client[746]: TCP: connect to [AF_INET][MY VPN IP]:443 failed, will try again in 5 seconds: Connection timed out
Feb 4 12:08:08 mikecb ovpn-client[746]: TCP: connect to [AF_INET][MY VPN IP]:443 failed, will try again in 5 seconds: Connection timed out
系统日志中的 NetworkManager 条目:
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.0757] device (wlp2s0): Activation: starting connection 'MICHAEL’s iPhone' (0daa18c3-2521-4029-8808-eeca7c222c67)
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.0761] audit: op="connection-activate" uuid="0daa18c3-2521-4029-8808-eeca7c222c67" name="MICHAEL’s iPhone" pid=1111 uid=1000 result="success"
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.0766] device (wlp2s0): state change: disconnected -> prepare (reason 'none') [30 40 0]
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.0772] manager: NetworkManager state is now CONNECTING
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.0784] device (wlp2s0): state change: prepare -> config (reason 'none') [40 50 0]
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.0789] device (wlp2s0): Activation: (wifi) access point 'MICHAEL’s iPhone' has security, but secrets are required.
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.0790] device (wlp2s0): state change: config -> need-auth (reason 'none') [50 60 0]
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1031] device (wlp2s0): state change: need-auth -> prepare (reason 'none') [60 40 0]
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1044] device (wlp2s0): state change: prepare -> config (reason 'none') [40 50 0]
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1050] device (wlp2s0): Activation: (wifi) connection 'MICHAEL’s iPhone' has security, and secrets exist. No new secrets needed.
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1052] Config: added 'ssid' value 'MICHAEL’s iPhone'
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1052] Config: added 'scan_ssid' value '1'
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1053] Config: added 'key_mgmt' value 'WPA-PSK'
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1053] Config: added 'auth_alg' value 'OPEN'
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1053] Config: added 'psk' value '<omitted>'
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1142] sup-iface[0x29790c0,wlp2s0]: config: set interface ap_scan to 1
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1530] device (wlp2s0): supplicant interface state: disconnected -> authenticating
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1736] device (wlp2s0): supplicant interface state: authenticating -> associating
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.1963] device (wlp2s0): supplicant interface state: associating -> 4-way handshake
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.2374] device (wlp2s0): supplicant interface state: 4-way handshake -> completed
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.2375] device (wlp2s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network 'MICHAEL’s iPhone'.
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.2377] device (wlp2s0): state change: config -> ip-config (reason 'none') [50 70 0]
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.2384] dhcp4 (wlp2s0): activation: beginning transaction (timeout in 45 seconds)
Feb 4 12:07:15 mikecb NetworkManager[794]: <info> [1549303635.2487] dhcp4 (wlp2s0): dhclient started with pid 3937
Feb 4 12:07:17 mikecb NetworkManager[794]: <info> [1549303637.2311] dhcp6 (wlp2s0): activation: beginning transaction (timeout in 45 seconds)
Feb 4 12:07:17 mikecb NetworkManager[794]: <info> [1549303637.2407] dhcp6 (wlp2s0): dhclient started with pid 3942
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4130] address 172.20.10.8
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4131] plen 28 (255.255.255.240)
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4131] gateway 172.20.10.1
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4131] server identifier 172.20.10.1
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4132] lease time 85536
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4132] nameserver '172.20.10.1'
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4132] dhcp4 (wlp2s0): state changed unknown -> bound
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4172] device (wlp2s0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4198] device (wlp2s0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4205] device (wlp2s0): state change: secondaries -> activated (reason 'none') [90 100 0]
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4207] manager: NetworkManager state is now CONNECTED_LOCAL
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4402] manager: NetworkManager state is now CONNECTED_GLOBAL
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4417] policy: set 'MICHAEL’s iPhone' (wlp2s0) as default for IPv4 routing and DNS
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4419] policy: set 'MICHAEL’s iPhone' (wlp2s0) as default for IPv6 routing and DNS
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.4420] dns-mgr: Writing DNS information to /sbin/resolvconf
Feb 4 12:07:18 mikecb NetworkManager[794]: /etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
Feb 4 12:07:18 mikecb NetworkManager[794]: <info> [1549303638.5022] device (wlp2s0): Activation: successful, device activated.
Feb 4 12:08:02 mikecb NetworkManager[794]: <warn> [1549303682.0797] dhcp6 (wlp2s0): request timed out
Feb 4 12:08:02 mikecb NetworkManager[794]: <info> [1549303682.0798] dhcp6 (wlp2s0): state changed unknown -> timeout
Feb 4 12:08:02 mikecb NetworkManager[794]: <info> [1549303682.0827] dhcp6 (wlp2s0): canceled DHCP transaction, DHCP client pid 3942
Feb 4 12:08:02 mikecb NetworkManager[794]: <info> [1549303682.0828] dhcp6 (wlp2s0): state changed timeout -> done
于中午 12:12 重新启动 openvpn 服务(sudo systemctl restart openvpn)。连接互联网成功。
路由表:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.7.7.1 128.0.0.0 UG 0 0 0 tun0
default 172.20.10.1 0.0.0.0 UG 600 0 0 wlp2s0
10.7.7.0 * 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.7.7.1 128.0.0.0 UG 0 0 0 tun0
228-12-88-167.r 172.20.10.1 255.255.255.255 UGH 0 0 0 wlp2s0
link-local * 255.255.0.0 U 1000 0 0 wlp2s0
172.20.10.0 * 255.255.255.240 U 600 0 0 wlp2s0
系统日志中与 openvpn 相关的有趣条目取自服务重新启动开始后:
Feb 4 12:12:38 mikecb ovpn-client[746]: message repeated 18 times: [ TCP: connect to [AF_INET][my VPN IP]:443 failed, will try again in 5 seconds: Connection timed out]
Feb 4 12:12:47 mikecb ovpn-client[746]: /sbin/ip route del [MY VPN IP]/32
Feb 4 12:12:47 mikecb ovpn-client[746]: ERROR: Linux route delete command failed: external program exited with error status: 2
Feb 4 12:12:47 mikecb ovpn-client[746]: /sbin/ip route del 0.0.0.0/1
Feb 4 12:12:47 mikecb ovpn-client[746]: /sbin/ip route del 128.0.0.0/1
Feb 4 12:12:47 mikecb ovpn-client[746]: Closing TUN/TAP interface
12:18pm:运行以下命令来尝试解决我在 NetworkManager 系统日志条目中看到的警告。看看这是否有所作为。
sudo ln -nsf ../run/resolvconf/resolv.conf /etc/resolv.conf
此后我无法连接到互联网。没有 DNS 服务。
这替换了我按照此处的说明放入其中的 /etc/resolv.conf 文件:
rm -r /etc/resolv.conf
nano /etc/resolv.conf
File contents:
nameserver [my VPN DNS server1 IP]
nameserver [my VPN DNS server2 IP]
chattr +i /etc/resolv.conf
reboot now
恢复到 /etc/resolv.conf 中的文件,以便我可以连接到互联网。经过更多的谷歌搜索后,我认为这个问题与这个系统日志条目无关。