背景:客户想要一个(看似简单的)VPN 解决方案来连接他的总部(站点 A)和他的卫星办公室(站点 B)(在同一城市)
从未尝试过 OpenVPN。为两个站点购买了 2 个 ASUS RT-N66 路由器,每个路由器上都安装了 Shibby VPN 的 Tomato 1.28。两个路由器都有各自的 WAN。
站点 A 有 1 个桌面(办公室)Windows 8.1 - 网络 10.1.10.0 - 掩码 255.255.255.0 站点 B 有 1 个桌面(卫星)Windows 7 Pro - 网络 192.168.2.0 - 掩码 255.255.255.0 所需的只是桌面 a 连接到桌面 b,桌面 b 连接到桌面 a(我理解为客户端到客户端)
两个站点都有动态 IP 地址。我已通过 dyn.com 配置了 DDNS,该部分似乎对两个站点都有效/正在更新。时间在每个路由器上设置
我所做的:在两台电脑上安装 OpenVPN 2.3.10,并使用 easy-rsa 实用程序生成的密钥,即 init-config、vars、clean-all 以及在两台电脑上/通过两台电脑构建(ca、客户端、服务器和 dh)
这就是遵循多个指南导致我的逻辑混乱的地方,我希望一个解释可以让我回到正确的方向......
站点 A 有一个番茄路由器和桌面(办公室),我为番茄路由器的桌面客户端和服务器配置了一个通用名称办公室。站点 B 有一个番茄路由器和桌面(卫星),我为番茄路由器的桌面客户端和服务器配置了一个通用名称卫星。
在每个番茄路由器中:我有(在VPN隧道:服务器基本下),从WAN启动,接口TUN,协议UDP,端口1194,防火墙自动,授权TLS,额外HMAC禁用,VPN子网10.8.0.0和掩码255.255.255.0
站点 A(在 VPN 隧道:服务器高级下)我已检查客户端到客户端,并输入详细信息:cn=satellite,192.168.2.0,255.255.255.0,push=checked 站点 B(在 VPN 隧道:服务器高级下)我已检查客户端到客户端,并输入详细信息:cn=office,10.1.10.0,255.255.255.0,push=checked
站点 A(在 VPN 隧道:服务器密钥下)我放入了从站点 A 桌面(办公室)生成的 ca.crt、server.crt、server.key 和 dh1024.pem 站点 B(在 VPN 隧道:服务器密钥下)我放入了从站点 B 桌面(卫星)生成的 ca.crt、server.crt、server.key 和 dh1024.pem
站点 A(在 VPN 隧道下:客户端基本)已启动,WAN、接口 TUN、协议 UDP、服务器/地址端口 XXsatellite.dynalias.com 1194、防火墙自动、身份验证 TLS、禁用额外 HMAC、未选中创建 NAT
站点 B(在 VPN 隧道下:客户端基本)已启动,WAN、接口 TUN、协议 UDP、服务器/地址端口 XXoffice.dynalias.com 1194、防火墙自动、身份验证 TLS、禁用额外 HMAC、未选中创建 NAT
站点 A(在 VPN 隧道下:客户端密钥)我使用记事本打开、复制、粘贴了卫星客户端相应字段的密钥 站点 B(在 VPN 隧道下:客户端密钥)我使用记事本打开、复制、粘贴了办公客户端相应字段的密钥
现在,对于在每个客户端(办公室和卫星)上运行的 OpenVPNGUI.exe,我使用了示例 client.ovpn 文件并设置: ca.crt、office(或 satellite).crt、office(或 satellite).key 路径到同一文件夹,即配置我将站点 A 客户端(办公室)的远程路径设置为 XXsatellite.dynalias.com 我将站点 B 客户端(卫星)的远程路径设置为 XXoffice.dynalias.com 我尝试将其他设置保持为默认(简单),基于我在挣扎和来回驾驶后所研究/阅读的内容,我将 Windows 防火墙入站/出站规则设置为允许 UDP 1194,然后在每个路由器上进行端口转发:在 UDP 1194 输入、1194 输出到(每个路由器各自的办公室和卫星台式电脑的静态私有 IP)
它不起作用,我担心我弄错了一些基本的东西。以下是我无法弄清楚的一些问题:
我是否在每个 Tomato 路由器上混淆了客户端密钥?我是否真的需要在那里设置它们(在 Tomato 路由器的 VPN 隧道选项中)?如果不是,路由器 A(openvpn 服务器)如何知道连接到路由器 B(其他 openvpn 服务器)?
我在每个 client.ovpn 文件中的远程设置是否错误?对我来说,站点 A 远程应该是站点 B,反之亦然
server.ovpn(和服务器密钥)是否需要放在 config 文件夹中(与 client.ovpn 一起)?或者,如果/因为密钥被放入 Tomato Web Gui,这是否无关紧要?
使用 DDNS 时 TAP/TUN 重要吗?追求可靠性而不是安全性?
我可能还遗漏了更多内容,我全凭记忆完成这些,因为我要求设置远程登录到相关的两台电脑(网络),但被禁止了。我相信道德,所以我尊重他们的意愿,但我真的需要帮助,而且 3 天多的时间里我变得绝望了。我查看了 OpenVPN 博客和社区论坛
更新——使用本指南:http://blog.qnology.com/2013/02/tutorial-30-minutes-or-less-site-to.html 通过 SSH 进入路由器,使用基于 Linux 的命令生成密钥,将服务器密钥放在服务器路由器(站点 A)的 USB 记忆棒上,将客户端路由器(站点 B)的内容复制到另一个 USB 记忆棒上并带到站点 B。注意 - 站点 A VPN 服务已启动并且似乎正常 - 虽然由于尚未设置而无法连接到 B。
到达站点 B,将内容粘贴到 VPN 隧道 -> 客户端 -> 密钥中,启动,几分钟后路由器崩溃了(至少我是这么认为的)。以太网连接和无线连接的机器上的互联网连接丢失。通过 Web GUI、Putty 和 WinSCP 与路由器的连接丢失。
我通过电源开关重启了 B 站点的路由器,但仍然没有响应。我从路由器拔出 WAN 以太网,片刻之后又可以连接到路由器。我彻底清除了 NVRAM,然后重新开始。
发生了同样的事情。我听说过华硕 RT-N66U 路由器的 32KB NVRAM 问题,但在 Tomatoing 之前已将原始固件升级到 64KB。再次拉动 WAN,路由器变得有响应。
我通过 SSH 进入并执行了 top 和 nvram show。加载正常,有超过一半的 NVRAM 可用(是的,显示总数接近 64)。插入 WAN,然后按向上箭头和 Enter 继续监控统计数据,直到一切都冻结。
我想‘也许是密钥的问题’,‘也许它们已损坏,或者存在一些换行回车问题’(我不能 100% 确定没有),但是当我编辑密钥并删除部分内容时,VPN 服务无法启动,路由器和互联网也从未中断。
因此,我将密钥从粘贴到 WebGUI VPN 隧道 -> 客户端 -> 密钥的密钥部分移至 JFFS(首先启用并格式化),通过 SCP,然后将这些证书和密钥路径放入 VPN 隧道 -> 客户端 -> 高级 -> 自定义。行为相同。我查看了日志文件,将其复制并带回家:
Jan 28 18:17:18 SiteBRouter user.info kernel: tun: Universal TUN/TAP device driver, 1.6
Jan 28 18:17:18 SiteBRouter user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
Jan 28 18:17:18 SiteBRouter daemon.notice openvpn[2338]: OpenVPN 2.3.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 9 2015
Jan 28 18:17:18 SiteBRouter daemon.notice openvpn[2338]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Jan 28 18:17:18 SiteBRouter daemon.warn openvpn[2340]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 28 18:17:18 SiteBRouter daemon.notice openvpn[2340]: Socket Buffers: R=[112640->131072] S=[112640->131072]
Jan 28 18:17:18 SiteBRouter daemon.info pppd[1903]: System time change detected.
Jan 28 18:17:18 SiteBRouter daemon.notice openvpn[2340]: UDPv4 link local: [undef]
Jan 28 18:17:18 SiteBRouter daemon.notice openvpn[2340]: UDPv4 link remote: [AF_INET]73.XX.XX.35:1194
Jan 28 18:17:19 SiteBRouter daemon.notice openvpn[2340]: TLS: Initial packet from [AF_INET]73.XX.XX.35:1194, sid=7aa2cb6f 8441e929
Jan 28 18:17:19 SiteBRouter daemon.notice openvpn[2340]: VERIFY OK: depth=1, C=US, ST=VA, L=Henrico, O=XX, OU=StaplesMill, CN=Production, name=EasyRSA, [email protected]
Jan 28 18:17:19 SiteBRouter daemon.notice openvpn[2340]: VERIFY OK: depth=0, C=US, ST=VA, L=Henrico, O=XX, OU=StaplesMill, CN=OpenVPNServer, name=EasyRSA, [email protected]
Jan 28 18:17:19 SiteBRouter user.notice root: vpnrouting: clean-up
Jan 28 18:17:20 SiteBRouter daemon.notice openvpn[2340]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 28 18:17:20 SiteBRouter daemon.notice openvpn[2340]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 28 18:17:20 SiteBRouter daemon.notice openvpn[2340]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 28 18:17:20 SiteBRouter daemon.notice openvpn[2340]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 28 18:17:20 SiteBRouter daemon.notice openvpn[2340]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Jan 28 18:17:20 SiteBRouter daemon.notice openvpn[2340]: [OpenVPNServer] Peer Connection Initiated with [AF_INET]73.XX.XX.35:1194
Jan 28 18:17:21 SiteBRouter cron.err crond[567]: time disparity of 24233712 minutes detected
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: SENT CONTROL [OpenVPNServer]: 'PUSH_REQUEST' (status=1)
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: PUSH: Received control message: 'PUSH_REPLY,route 10.1.10.0 255.255.255.0,route 192.168.2.0 255.255.255.0,route 10.8.0.0 255.255.255.0,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: OPTIONS IMPORT: timers and/or timeouts modified
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: OPTIONS IMPORT: --ifconfig/up options modified
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: OPTIONS IMPORT: route options modified
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: TUN/TAP device tun11 opened
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: TUN/TAP TX queue length set to 100
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: /sbin/ifconfig tun11 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: /sbin/route add -net 10.1.10.0 netmask 255.255.255.0 gw 10.8.0.5
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.8.0.5
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Jan 28 18:17:22 SiteBRouter daemon.notice openvpn[2340]: Initialization Sequence Completed
Jan 28 18:18:52 SiteBRouter daemon.notice openvpn[2340]: [OpenVPNServer] Inactivity timeout (--ping-restart), restarting
Jan 28 18:18:52 SiteBRouter daemon.notice openvpn[2340]: SIGUSR1[soft,ping-restart] received, process restarting
Jan 28 18:18:52 SiteBRouter daemon.notice openvpn[2340]: Restart pause, 2 second(s)
Jan 28 18:18:54 SiteBRouter daemon.warn openvpn[2340]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 28 18:18:54 SiteBRouter daemon.notice openvpn[2340]: Socket Buffers: R=[112640->131072] S=[112640->131072]
Jan 28 18:19:00 SiteBRouter daemon.info pppd[1903]: No response to 5 echo-requests
Jan 28 18:19:00 SiteBRouter daemon.notice pppd[1903]: Serial link appears to be disconnected.
Jan 28 18:19:00 SiteBRouter daemon.info pppd[1903]: Connect time 2.0 minutes.
Jan 28 18:19:00 SiteBRouter daemon.info pppd[1903]: Sent 7697 bytes, received 9004 bytes.
Jan 28 18:19:04 SiteBRouter daemon.err openvpn[2340]: RESOLVE: Cannot resolve host address: XXproductionXXcom: Name or service not known
Jan 28 18:19:04 SiteBRouter daemon.err openvpn[2340]: RESOLVE: Cannot resolve host address: XXproductionXXcom: Name or service not known
Jan 28 18:19:06 SiteBRouter daemon.notice pppd[1903]: Connection terminated.
Jan 28 18:19:06 SiteBRouter daemon.notice pppd[1903]: Modem hangup
Jan 28 18:19:09 SiteBRouter daemon.err openvpn[2340]: RESOLVE: Cannot resolve host address: XXproductionXXcom: Name or service not known
Jan 28 18:19:09 SiteBRouter user.info redial[1904]: WAN down. Reconnecting...
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[1985]: exiting on receipt of SIGTERM
Jan 28 18:19:09 SiteBRouter user.debug init[1]: 182: pptp peerdns disabled
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: started, version 2.73 cachesize 1500
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth no-DNSSEC loop-detect no-inotify
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: asynchronous logging enabled, queue limit is 5 messages
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq-dhcp[2457]: DHCP, IP range 192.168.2.10 -- 192.168.2.51, lease time 1d
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: reading /etc/resolv.dnsmasq
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: using nameserver 71.XX.XX.12#53
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: using nameserver 71.XX.XX.12#53
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: read /etc/hosts - 2 addresses
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq[2457]: read /etc/dnsmasq/hosts/hosts - 3 addresses
Jan 28 18:19:09 SiteBRouter daemon.info dnsmasq-dhcp[2457]: read /etc/dnsmasq/dhcp/dhcp-hosts
Jan 28 18:19:10 SiteBRouter daemon.info pppd[1903]: Terminating on signal 15
Jan 28 18:19:10 SiteBRouter daemon.info pppd[1903]: Exit.
Jan 28 18:19:10 SiteBRouter daemon.notice openvpn[2340]: RESOLVE: signal received during DNS resolution attempt
Jan 28 18:19:10 SiteBRouter daemon.notice openvpn[2340]: /sbin/route del -net 10.8.0.0 netmask 255.255.255.0
Jan 28 18:19:10 SiteBRouter daemon.notice openvpn[2340]: /sbin/route del -net 192.168.2.0 netmask 255.255.255.0
Jan 28 18:19:10 SiteBRouter daemon.notice openvpn[2340]: /sbin/route del -net 10.1.10.0 netmask 255.255.255.0
Jan 28 18:19:10 SiteBRouter daemon.notice openvpn[2340]: Closing TUN/TAP interface
Jan 28 18:19:10 SiteBRouter daemon.notice openvpn[2340]: /sbin/ifconfig tun11 0.0.0.0
Jan 28 18:19:10 SiteBRouter daemon.notice openvpn[2340]: SIGTERM[hard,init_instance] received, process exiting
Jan 28 18:19:10 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from vlan interface
Jan 28 18:19:10 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from master interface
Jan 28 18:19:10 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from vlan interface
Jan 28 18:19:10 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from master interface
Jan 28 18:19:10 SiteBRouter user.warn kernel: vlan2: Setting MAC address to xx xx xx c1 a9 49.
Jan 28 18:19:10 SiteBRouter user.debug kernel: vlan2: add 01:00:5e:00:00:01 mcast address to master interface
Jan 28 18:19:10 SiteBRouter user.debug kernel: vlan2: add 33:33:00:00:00:01 mcast address to master interface
Jan 28 18:19:11 SiteBRouter daemon.info pppd[2551]: Plugin rp-pppoe.so loaded.
Jan 28 18:19:11 SiteBRouter daemon.info pppd[2551]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
Jan 28 18:19:11 SiteBRouter user.info redial[2553]: Started. Time: 10
Jan 28 18:19:11 SiteBRouter daemon.notice pppd[2552]: pppd 2.4.5 started by root, uid 0
Jan 28 18:19:15 SiteBRouter user.notice root: vpnrouting: clean-up
Jan 28 18:19:16 SiteBRouter daemon.warn dnsmasq[2457]: no servers found in /etc/resolv.dnsmasq, will retry
Jan 28 18:19:31 SiteBRouter user.info redial[2553]: WAN down. Reconnecting...
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq[2457]: exiting on receipt of SIGTERM
Jan 28 18:19:31 SiteBRouter user.debug init[1]: 182: pptp peerdns disabled
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq[2619]: started, version 2.73 cachesize 1500
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq[2619]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth no-DNSSEC loop-detect no-inotify
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq[2619]: asynchronous logging enabled, queue limit is 5 messages
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq-dhcp[2619]: DHCP, IP range 192.168.2.10 -- 192.168.2.51, lease time 1d
Jan 28 18:19:31 SiteBRouter daemon.warn dnsmasq[2619]: no servers found in /etc/resolv.dnsmasq, will retry
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq[2619]: read /etc/hosts - 2 addresses
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq[2619]: read /etc/dnsmasq/hosts/hosts - 3 addresses
Jan 28 18:19:31 SiteBRouter daemon.info dnsmasq-dhcp[2619]: read /etc/dnsmasq/dhcp/dhcp-hosts
Jan 28 18:19:37 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from vlan interface
Jan 28 18:19:37 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from master interface
Jan 28 18:19:37 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from vlan interface
Jan 28 18:19:37 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from master interface
Jan 28 18:19:37 SiteBRouter user.warn kernel: vlan2: Setting MAC address to xx xx xx a9 49.
Jan 28 18:19:37 SiteBRouter user.debug kernel: vlan2: add 01:00:5e:00:00:01 mcast address to master interface
Jan 28 18:19:37 SiteBRouter user.debug kernel: vlan2: add 33:33:00:00:00:01 mcast address to master interface
Jan 28 18:19:38 SiteBRouter daemon.info pppd[2674]: Plugin rp-pppoe.so loaded.
Jan 28 18:19:38 SiteBRouter daemon.info pppd[2674]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
Jan 28 18:19:38 SiteBRouter user.info redial[2676]: Started. Time: 10
Jan 28 18:19:38 SiteBRouter daemon.notice pppd[2675]: pppd 2.4.5 started by root, uid 0
Jan 28 18:19:58 SiteBRouter user.info redial[2676]: WAN down. Reconnecting...
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq[2619]: exiting on receipt of SIGTERM
Jan 28 18:19:58 SiteBRouter user.debug init[1]: 182: pptp peerdns disabled
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq[2684]: started, version 2.73 cachesize 1500
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq[2684]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth no-DNSSEC loop-detect no-inotify
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq[2684]: asynchronous logging enabled, queue limit is 5 messages
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq-dhcp[2684]: DHCP, IP range 192.168.2.10 -- 192.168.2.51, lease time 1d
Jan 28 18:19:58 SiteBRouter daemon.warn dnsmasq[2684]: no servers found in /etc/resolv.dnsmasq, will retry
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq[2684]: read /etc/hosts - 2 addresses
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq[2684]: read /etc/dnsmasq/hosts/hosts - 3 addresses
Jan 28 18:19:58 SiteBRouter daemon.info dnsmasq-dhcp[2684]: read /etc/dnsmasq/dhcp/dhcp-hosts
Jan 28 18:20:04 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from vlan interface
Jan 28 18:20:04 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from master interface
Jan 28 18:20:04 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from vlan interface
Jan 28 18:20:04 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from master interface
Jan 28 18:20:04 SiteBRouter user.warn kernel: vlan2: Setting MAC address to xx xx xx a9 49.
Jan 28 18:20:04 SiteBRouter user.debug kernel: vlan2: add 01:00:5e:00:00:01 mcast address to master interface
Jan 28 18:20:04 SiteBRouter user.debug kernel: vlan2: add 33:33:00:00:00:01 mcast address to master interface
Jan 28 18:20:05 SiteBRouter daemon.info pppd[2740]: Plugin rp-pppoe.so loaded.
Jan 28 18:20:05 SiteBRouter daemon.info pppd[2740]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
Jan 28 18:20:05 SiteBRouter daemon.notice pppd[2741]: pppd 2.4.5 started by root, uid 0
Jan 28 18:20:05 SiteBRouter user.info redial[2742]: Started. Time: 10
Jan 28 18:20:25 SiteBRouter user.info redial[2742]: WAN down. Reconnecting...
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq[2684]: exiting on receipt of SIGTERM
Jan 28 18:20:25 SiteBRouter user.debug init[1]: 182: pptp peerdns disabled
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq[2750]: started, version 2.73 cachesize 1500
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq[2750]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth no-DNSSEC loop-detect no-inotify
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq[2750]: asynchronous logging enabled, queue limit is 5 messages
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq-dhcp[2750]: DHCP, IP range 192.168.2.10 -- 192.168.2.51, lease time 1d
Jan 28 18:20:25 SiteBRouter daemon.warn dnsmasq[2750]: no servers found in /etc/resolv.dnsmasq, will retry
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq[2750]: read /etc/hosts - 2 addresses
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq[2750]: read /etc/dnsmasq/hosts/hosts - 3 addresses
Jan 28 18:20:25 SiteBRouter daemon.info dnsmasq-dhcp[2750]: read /etc/dnsmasq/dhcp/dhcp-hosts
Jan 28 18:20:31 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from vlan interface
Jan 28 18:20:31 SiteBRouter user.debug kernel: vlan2: del 33:33:00:00:00:01 mcast address from master interface
Jan 28 18:20:31 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from vlan interface
Jan 28 18:20:31 SiteBRouter user.debug kernel: vlan2: del 01:00:5e:00:00:01 mcast address from master interface
Jan 28 18:20:31 SiteBRouter user.warn kernel: vlan2: Setting MAC address to xx xx xx c1 a9 49.
Jan 28 18:20:31 SiteBRouter user.debug kernel: vlan2: add 01:00:5e:00:00:01 mcast address to master interface
Jan 28 18:20:31 SiteBRouter user.debug kernel: vlan2: add 33:33:00:00:00:01 mcast address to master interface
Jan 28 18:20:32 SiteBRouter daemon.info pppd[2814]: Plugin rp-pppoe.so loaded.
Jan 28 18:20:32 SiteBRouter daemon.info pppd[2814]: RP-PPPoE plugin version 3.10 compiled against pppd 2.4.5
Jan 28 18:20:32 SiteBRouter user.info redial[2816]: Started. Time: 10
Jan 28 18:20:32 SiteBRouter daemon.notice pppd[2815]: pppd 2.4.5 started by root, uid 0
Jan 28 18:20:47 SiteBRouter daemon.info pppd[2815]: PPP session is 6635 (0x19eb)
Jan 28 18:20:47 SiteBRouter daemon.warn pppd[2815]: Connected to 00:90:1a:41:65:93 via interface vlan2
Jan 28 18:20:47 SiteBRouter daemon.info pppd[2815]: Using interface ppp0
Jan 28 18:20:47 SiteBRouter daemon.notice pppd[2815]: Connect: ppp0 <--> vlan2
Jan 28 18:20:48 SiteBRouter daemon.notice pppd[2815]: PAP authentication succeeded
Jan 28 18:20:48 SiteBRouter daemon.notice pppd[2815]: peer from calling number XX:XX:XX:41:65:93 authorized
Jan 28 18:20:48 SiteBRouter daemon.notice pppd[2815]: local IP address 72.XX.XX.161
Jan 28 18:20:48 SiteBRouter daemon.notice pppd[2815]: remote IP address 10.22.119.1
Jan 28 18:20:48 SiteBRouter daemon.notice pppd[2815]: primary DNS address 71.XX.XX.0.12
Jan 28 18:20:48 SiteBRouter daemon.notice pppd[2815]: secondary DNS address 71.XX.XX.0.12
Jan 28 18:20:48 SiteBRouter user.debug ip-up[2822]: 182: pptp peerdns disabled
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2750]: reading /etc/resolv.dnsmasq
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2750]: using nameserver 71.XX.XX.0.12#53
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2750]: using nameserver 71.XX.XX.12#53
Jan 28 18:20:48 SiteBRouter user.debug init[1]: 182: pptp peerdns disabled
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2750]: exiting on receipt of SIGTERM
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: started, version 2.73 cachesize 1500
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset Tomato-helper auth no-DNSSEC loop-detect no-inotify
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: asynchronous logging enabled, queue limit is 5 messages
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq-dhcp[2825]: DHCP, IP range 192.168.2.10 -- 192.168.2.51, lease time 1d
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: reading /etc/resolv.dnsmasq
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: using nameserver 71.XX.XX.12#53
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: using nameserver 71.XX.XX.12#53
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: read /etc/hosts - 2 addresses
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq[2825]: read /etc/dnsmasq/hosts/hosts - 3 addresses
Jan 28 18:20:48 SiteBRouter daemon.info dnsmasq-dhcp[2825]: read /etc/dnsmasq/dhcp/dhcp-hosts
Jan 28 18:20:51 SiteBRouter user.info kernel: tun: Universal TUN/TAP device driver, 1.6
Jan 28 18:20:51 SiteBRouter user.info kernel: tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
Jan 28 18:20:51 SiteBRouter daemon.err openvpn[3097]: Options error: You must define CA file (--ca) or CA path (--capath)
Jan 28 18:20:51 SiteBRouter daemon.warn openvpn[3097]: Use --help for more information.
Jan 28 18:20:52 SiteBRouter user.notice root: vpnrouting: clean-up
Jan 28 18:28:06 SiteBRouter daemon.info dnsmasq-dhcp[2825]: DHCPINFORM(br0) 192.168.2.45 xx:xx:xx:22:58:f9
Jan 28 18:28:06 SiteBRouter daemon.info dnsmasq-dhcp[2825]: DHCPACK(br0) 192.168.2.45 xx:xx:xx:22:58:f9 SATELLITE
我看到其中有几件事我不确定:
我发现 DDNS 地址未解析 XXproductionXXcom
我从这个 192.168.2.0 后面看到了办公生产站点 10.1.10.0 的私有 IP 寻址方案,这表明正在建立连接。
我后来看到 WAN 关闭了,那时系统是否崩溃了?
除非我在配置中做错了什么,否则还有一件事可能会造成这种情况:
客户站点 B 使用 DSL,但效果不佳。我进行了速度测试,下载速度约为 2.5 Mbps,上传速度在 0.25 到 0.70 Mbps 之间。会不会是互联网太差,导致 VPN 占用了每一点带宽/吞吐量,导致自身崩溃?如果是这样,有没有办法限制它,或者缩小它,让它继续稳定运行,尽管速度很慢?
在我明天再次尝试之前,我欢迎所有的想法和假设。