我有一台运行 CentOS 5.7 的服务器,我正在尝试让 OpenVPN 2.2.0 工作。首先,我已经运行了一段时间了,但决定尝试通过使用心跳将故障转移到另一台服务器来提高它的可用性。现在出于某种原因,我根本无法让它工作。
每当我尝试通过运行启动 openvpn 时,/etc/init.d/openvpn start它都会不断给我错误
/etc/init.d/openvpn:第 148 行:5820 分段错误 $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
脚本的该部分内容如下:
...
# Start every .conf in $work and run .sh if exists
errors=0
successes=0
for c in `/bin/ls *.conf 2>/dev/null`; do
bn=${c%%.conf}
if [ -f "$bn.sh" ]; then
. $bn.sh
fi
rm -f $piddir/$bn.pid
$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
if [ $? = 0 ]; then
successes=1
else
errors=1
fi
done
...
这是我的初始化脚本:
在/etc/openvpn/bridge启动
#!/bin/bash
. /etc/sysconfig/network-scripts/ifcfg-eth1
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth=$DEVICE
eth_ip=$IPADDR
eth_netmask=$NETMASK
eth_broadcast="10.224.45.159"
for t in $tap; do
openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
/etc/openvpn/openvpn.conf
port 1194
proto tcp
# Bridge
dev tap0
server-bridge 10.224.45.130 255.255.255.0 10.224.45.140 10.224.45.160
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
keepalive 10 120
status /var/log/openvpn/status.log
log /var/log/openvpn/openvpn.log
verb 0
client-to-client
comp-lzo
user nobody
group users
persist-key
persist-tun
client-cert-not-required
ifconfig-pool-persist ipp.txt
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
/etc/openvpn/auth/ldap.conf
<LDAP>
# LDAP server URL
URL ldap://ldap.****.com
# Bind DN (If your LDAP server doesn't support anonymous binds)
BindDN uid=readonly,ou=Users,dc=****,dc=com
# Bind Password
Password <hidden>
# Network timeout (in seconds)
Timeout 15
# Follow LDAP Referrals (anonymously)
FollowReferrals yes
</LDAP>
<Authorization>
# Base DN
BaseDN "ou=Users,dc=****,dc=com"
# User Search Filter
SearchFilter "(&(uid=%u))"
# Require Group Membership
RequireGroup false
</Authorization>
我不知道导致段错误的原因是什么。我已经在 Google 上搜索了几个小时,但没找到与我的问题相关的任何内容。
更新:
输出uname -a:
Linux master-srv1 2.6.18-274.7.1.el5xen #1 SMP Thu Oct 20 17:06:34 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux
输出yum info openvpn:
Installed Packages
Name : openvpn
Arch : x86_64
Version : 2.2.0
Release : 3.el5.rf
Size : 1.0 M
Repo : installed
Summary : Robust and highly flexible VPN daemon
URL : http://openvpn.net/
License : GPL
Description: OpenVPN is a robust and highly flexible tunneling application.
:
: OpenVPN supports SSL/TLS security, ethernet bridging, TCP or UDP tunnel
: transport through proxies or NAT, support for dynamic IP addresses and
: DHCP, scalability to hundreds or thousands of users, and portability to
: most major OS platforms.
输出strace /etc/init.d/openvpn start:
(无法容纳整个输出,因此我粘贴了其末尾部分)
...
stat("/etc/sysconfig/network", {st_mode=S_IFREG|0644, st_size=79, ...}) = 0
access("/etc/sysconfig/network", X_OK) = -1 EACCES (Permission denied)
access("/etc/sysconfig/network", R_OK) = 0
open("/etc/sysconfig/network", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=79, ...}) = 0
read(3, "NETWORKING=yes\nNETWORKING_IPV6=y"..., 79) = 79
close(3) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
stat("/usr/sbin/openvpn", {st_mode=S_IFREG|0755, st_size=614892, ...}) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b10685b9000
write(1, "Starting openvpn: ", 18Starting openvpn: ) = 18
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [INT CHLD], 8) = 0
rt_sigprocmask(SIG_SETMASK, [INT CHLD], NULL, 8) = 0
lseek(255, -7, SEEK_CUR) = 5545
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2b1064fe4fe0) = 24440
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 24440
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, 0x7fff46543fe4, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
stat("/etc/openvpn/openvpn-startup", {st_mode=S_IFREG|0740, st_size=143, ...}) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2b1064fe4fe0) = 24441
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
wait4(-1,
Running bridge-start...Done
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 24441
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, 0x7fff46544144, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
stat("/var/run/openvpn", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
stat("/var/lock/subsys/openvpn", 0x7fff46544910) = -1 ENOENT (No such file or directory)
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
open("/var/run/openvpn/", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 3
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
brk(0x1170c000) = 0x1170c000
getdents(3, /* 2 entries */, 32768) = 48
getdents(3, /* 0 entries */, 32768) = 0
brk(0x11704000) = 0x11704000
close(3) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/sbin/rm", 0x7fff46544b50) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/rm", 0x7fff46544b50) = -1 ENOENT (No such file or directory)
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK) = 0
access("/bin/rm", R_OK) = 0
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK) = 0
access("/bin/rm", R_OK) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2b1064fe4fe0) = 24460
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 24460
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, 0x7fff46544824, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
stat("/etc", {st_mode=S_IFDIR|0755, st_size=12288, ...}) = 0
stat("/etc/openvpn", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
chdir("/etc/openvpn") = 0
pipe([3, 4]) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2b1064fe4fe0) = 24461
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGCHLD, {0x436360, [], SA_RESTORER, 0x34e10302d0}, {0x436360, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
close(4) = 0
read(3, "openvpn.conf\n", 128) = 13
read(3, "", 128) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG, NULL) = 24461
wait4(-1, 0x7fff46544e94, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0) = 0
close(3) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
stat("openvpn.sh", 0x7fff46544840) = -1 ENOENT (No such file or directory)
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
stat("/bin/rm", {st_mode=S_IFREG|0755, st_size=47088, ...}) = 0
access("/bin/rm", X_OK) = 0
access("/bin/rm", R_OK) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [INT CHLD], 8) = 0
rt_sigprocmask(SIG_SETMASK, [INT CHLD], NULL, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2b1064fe4fe0) = 24463
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG, NULL) = 24463
wait4(-1, 0x7fff46544684, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
write(1, "/usr/sbin/openvpn --daemon --wri"..., 107/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config openvpn.conf --cd /etc/openvpn
) = 107
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2b1064fe4fe0) = 24464
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
wait4(-1, [{WIFSIGNALED(s) && WTERMSIG(s) == SIGSEGV}], 0, NULL) = 24464
fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b10685ba000
open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "/etc/init.d/openvpn: line 148: 2"..., 129/etc/init.d/openvpn: line 148: 24464 Segmentation fault $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work
) = 129
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, 0x7fff46544b74, WNOHANG, NULL) = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x34e10302d0}, {0x436f40, [], SA_RESTORER, 0x34e10302d0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(1, "\33[60G", 5 ) = 5
write(1, "[", 1[) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(1, "\33[0;31m", 7) = 7
write(1, "FAILED", 6FAILED) = 6
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(1, "\33[0;39m", 7) = 7
write(1, "]", 1]) = 1
) = 1
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
stat("/usr/bin/rhgb-client", 0x7fff465449a0) = -1 ENOENT (No such file or directory)
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(1, "\n", 1
) = 1
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
read(255, "exit 0\n", 5552) = 7
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
exit_group(0) = ?
答案1
Boban P. 的评论完全正确,openvpn-auth-ldap 插件是导致段错误的原因。我最初排除了这种可能性,因为我注释掉了插件行,并尝试重新启动 openvpn,但还是出现了同样的错误。然而,openvpn 显然仍在尝试使用该插件,因此它仍然会抛出段错误。我不知道插件的问题到底是什么,但我最好的猜测是我为我的系统安装了错误的版本。我确保从http://pkgs.org/centos-5-rhel-5/flexbox-x86_64/openvpn-auth-ldap-2.0.3-3.centos5.x86_64.rpm.html并且它再次完美运行。
应该感谢 Boban P. 就 openvpn-auth-ldap 问题提出的建议。
答案2
我会卸载 heartbeat,或者至少查看与 heartbeat 相关的软件包。如果我没记错的话,它们会对网络接口进行一些操作,并且可能会干扰 tun0。
我不确定这是否是在 OpenVPN 上实现 HA 的最佳方法。我的印象是,推荐的方法是在客户端配置中使用多条“服务器”线路。这不会是无缝的,但 OpenVPN 无论如何都不会无缝地进行故障转移,即使使用 Heartbeat,因为会话需要重新初始化。