我遇到了 pfSense openVPN 隧道问题。我有 10 个站点,但有时有些站点会自动关闭,因此我需要在客户端重新启动 openVPN 服务。我该怎么做才能修复它?
注意:我的 WAN 链接不稳定。
日志
openvpn[20891]: Re-using SSL/TLS contex
openvpn[20891]: UDPv4 link local (bound):[AF_INET]10.99.62.18
openvpn[20891]: UDPv4 link remote: [AF_INET]10.89.57.5:1194
openvpn[20891]: [UNDEF] Inactivity timeout (--ping-restart), restarting
openvpn[20891]: SIGUSR1[soft,ping-restart] received, process restarting
openvpn[20891]: WARNING: NO server certificate verification method has been enable.
openvpn[20891]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn[20891]: Re-using SSL/TLS contex
openvpn[20891]: UDPv4 link local (bound):[AF_INET]10.99.62.18
openvpn[20891]: UDPv4 link remote: [AF_INET]10.89.57.5:1194
openvpn[20891]: [UNDEF] Inactivity timeout (--ping-restart), restarting
openvpn[20891]: SIGUSR1[soft,ping-restart] received, process restarting
openvpn[20891]: WARNING: NO server certificate verification method has been enable. See http://openvpn.net/howto.html#mitm for more information.
openvpn[20891]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn[20891]: Re-using SSL/TLS contex
openvpn[20891]: UDPv4 link local (bound):[AF_INET]10.99.62.18
openvpn[20891]: UDPv4 link remote: [AF_INET]10.89.57.5:1194
openvpn[20891]: [UNDEF] Inactivity timeout (--ping-restart), restarting
openvpn[20891]: SIGUSR1[soft,ping-restart] received, process restarting
openvpn[20891]: WARNING: NO server certificate verification method has been enable.
openvpn[20891]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn[20891]: Re-using SSL/TLS contex
openvpn[20891]: Preseving previous TUN/TAP instance:ovpnc1
openvpn[20891]: Initialization Sequence Completed
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: Option error: route parameter netmask '255.255.240' must be an IP address
openvpn[20891]: OpenVPN ROUTE: cannot add more than 100 routes -- please increase the max-routes option in the client configuration file
openvpn[20891]: Exiting
openvpn[20891]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1557 10.0.8.22 10.0.8.21 init
答案1
您不需要重新启动它,它会自行处理。您确实需要修复那里的配置问题。某处的网络掩码“255.255.240”无效,并且显然有超过 100 条路由,这几乎肯定是过多的(例如,如果您有很多 10.xxx 网络,请使用“route 10.0.0.0 255.0.0.0”或类似的总结)。