OpenVPN 反复重置连接

tag-icon tag-icon networking openvpn rdp
OpenVPN 反复重置连接

我在装有 Windows Server 2008 R2 的 Amazon 实例中安装了 OpenVPN 服务器,还有我的客户端。

首先我连接到我的 VPN 出于某种原因,当我尝试连接到我的 VPN 服务器并通过 RDP 连接到它时,RDP 的屏幕会在几秒钟后冻结,因为连接或隧道在建立几秒钟后断开。

要首先设置隧道,我运行以下命令:sudo openvpn client.conf

client.conf文件包含以下内容:

#This is a client profile.
client
# We want to tunnel packets (rather than Ethernet bridging).
dev tun
# Use TCP instead of UDP.
proto tcp
# This is the VPN server we're connecting to.
# Be sure to change this value to YOUR Elastic IP address.
remote 107.23.174.205 443
# These are the crypto certificates we'll be using.
ca ca.crt
cert IanCert.crt
key IanCert.key
# Use LZO compression on the channel.
comp-lzo
#Verbosity
verb 3

运行该命令后,我的终端上会重复出现以下内容:

Mon Dec 31 03:35:03 2012 Connection reset, restarting [-1]
Mon Dec 31 03:35:03 2012 TCP/UDP: Closing socket
Mon Dec 31 03:35:03 2012 /sbin/route del -net 10.8.0.1 netmask 255.255.255.255
Mon Dec 31 03:35:03 2012 Closing TUN/TAP interface
Mon Dec 31 03:35:03 2012 /sbin/ifconfig tun0 0.0.0.0
Mon Dec 31 03:35:03 2012 SIGUSR1[soft,connection-reset] received, process restarting
Mon Dec 31 03:35:03 2012 Restart pause, 5 second(s)
Mon Dec 31 03:35:08 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Dec 31 03:35:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Dec 31 03:35:08 2012 WARNING: file 'IanCert.key' is group or others accessible
Mon Dec 31 03:35:08 2012 LZO compression initialized
Mon Dec 31 03:35:08 2012 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Dec 31 03:35:08 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Mon Dec 31 03:35:08 2012 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 31 03:35:08 2012 Local Options hash (VER=V4): '69109d17'
Mon Dec 31 03:35:08 2012 Expected Remote Options hash (VER=V4): 'c0103fa8'
Mon Dec 31 03:35:08 2012 Attempting to establish TCP connection with [AF_INET]107.23.174.205:443 [nonblock]
Mon Dec 31 03:35:09 2012 TCP connection established with [AF_INET]107.23.174.205:443
Mon Dec 31 03:35:09 2012 TCPv4_CLIENT link local: [undef]
Mon Dec 31 03:35:09 2012 TCPv4_CLIENT link remote: [AF_INET]107.23.174.205:443
Mon Dec 31 03:35:09 2012 TLS: Initial packet from [AF_INET]107.23.174.205:443, sid=79b44982 8fb01720
Mon Dec 31 03:35:11 2012 VERIFY OK: depth=1, /C=US/ST=VA/L=Haymarket/O=DKRDomain/OU=IT/CN=DKRDomain/name=Dave_Rensin/[email protected]
Mon Dec 31 03:35:11 2012 VERIFY OK: depth=0, /C=US/ST=VA/L=Haymarket/O=DKRDomain/OU=IT/CN=DKRDomain/name=Dave_Rensin/[email protected]
Mon Dec 31 03:35:14 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 31 03:35:14 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 31 03:35:14 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 31 03:35:14 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 31 03:35:14 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 31 03:35:14 2012 [DKRDomain] Peer Connection Initiated with [AF_INET]107.23.174.205:443
Mon Dec 31 03:35:17 2012 SENT CONTROL [DKRDomain]: 'PUSH_REQUEST' (status=1)
Mon Dec 31 03:35:17 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: route options modified
Mon Dec 31 03:35:17 2012 ROUTE default_gateway=192.168.1.1
Mon Dec 31 03:35:17 2012 TUN/TAP device tun0 opened
Mon Dec 31 03:35:17 2012 TUN/TAP TX queue length set to 100
Mon Dec 31 03:35:17 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Dec 31 03:35:17 2012 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Mon Dec 31 03:35:17 2012 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Mon Dec 31 03:35:17 2012 Initialization Sequence Completed

通过 RDP 连接到我的实例的唯一方法(无需设置 VPN)是通过其公共 IP(但我不想这样做,只是为了解决这个问题)。我在客户端中使用 Mint Linux(或 Debian 6)。

有任何想法吗?

相关内容