Linux Ubuntu 18 重启后,OpenVPN 客户端连接卡在“预连接初始化成功”

Linux Ubuntu 18 重启后,OpenVPN 客户端连接卡在“预连接初始化成功”

我的 OpenVPN 客户端版本 2.4.4 连接在重启后卡住了。在我配置 OpenVPN 服务器以向 OpenVPN 客户端传递 DNS 服务器列表后,它开始卡住。

我已经在 client.conf 中添加了以下几行,以允许 linux/ubuntu 使用 OpenVPN 服务器通知的 DNS 服务器

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Ubuntu 18 客户端启动时连接卡住。Windows 和 Android 客户端运行正常。

我所说的连接卡住是指 VPN 内部无法进行通信。检查 systemctl status 时[电子邮件保护]我发现服务状态永远停留在“预连接初始化成功”。

一个快速的解决方案是重新启动服务

systemctl restart [email protected] 

但这是一种解决方法,我担心这个错误的原因。

有适当的解决办法吗?

以下是日志:计算机启动时启动 OpenVPN 客户端时的日志:

[email protected] - OpenVPN connection to client
   Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
   Active: active (running) since Wed 2018-09-26 14:42:51 -03; 9min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 908 (openvpn)
   Status: "Pre-connection initialization successful"
    Tasks: 9 (limit: 1750)
   CGroup: /system.slice/system-openvpn.slice/[email protected]
           ├─ 908 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid
           ├─1167 /bin/bash /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
           ├─1172 run-parts --arg=-a --arg=tun0.openvpn /etc/resolvconf/update.d
           ├─1178 run-parts /etc/resolvconf/update-libc.d
           ├─1209 /bin/sh /usr/lib/avahi/avahi-daemon-check-dns.sh
           └─1221 host -t soa local.

Sep 26 14:42:49 ubuntu-server-vbox systemd[1]: Starting OpenVPN connection to client...
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Sep 26 14:42:51 ubuntu-server-vbox systemd[1]: Started OpenVPN connection to client.
Sep 26 14:42:51 ubuntu-server-vbox ovpn-client[908]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 26 14:42:52 ubuntu-server-vbox ovpn-client[908]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:52 ubuntu-server-vbox ovpn-client[908]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:xxxx [nonblock]
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: TCP_CLIENT link local: (not bound)
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:53 ubuntu-server-vbox ovpn-client[908]: [xxxx.xxxx.xxxx] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: TUN/TAP device tun0 opened
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /sbin/ip link set dev tun0 up mtu 1500
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /sbin/ip addr add dev tun0 xxx.xxx.xxx.xxx/16 broadcast xxx.xxx.xxx.xxx
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /sbin/ip -6 addr add xxxx::xx/xx dev tun0
Sep 26 14:42:54 ubuntu-server-vbox ovpn-client[908]: /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
Sep 26 14:42:54 ubuntu-server-vbox openvpn[908]: dhcp-option DOMAIN xxxxxx
Sep 26 14:42:54 ubuntu-server-vbox openvpn[908]: dhcp-option DOMAIN xxxxxx
Sep 26 14:42:54 ubuntu-server-vbox openvpn[908]: dhcp-option DNS xxx.xxx.xxx.xxx

OpeVPN客户端重启时的日志:

[email protected] - OpenVPN connection to client
   Loaded: loaded (/lib/systemd/system/[email protected]; indirect; vendor preset: enabled)
   Active: active (running) since Wed 2018-09-26 14:39:15 -03; 55s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 1590 (openvpn)
   Status: "Initialization Sequence Completed"
    Tasks: 9 (limit: 1750)
   CGroup: /system.slice/system-openvpn.slice/[email protected]
           ├─1060 /bin/bash /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
           ├─1086 run-parts --arg=-a --arg=tun0.openvpn /etc/resolvconf/update.d
           ├─1093 run-parts /etc/resolvconf/update-libc.d
           ├─1107 /bin/sh /usr/lib/avahi/avahi-daemon-check-dns.sh
           ├─1120 host -t soa local.
           └─1590 /usr/sbin/openvpn --daemon ovpn-client --status /run/openvpn/client.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/client.conf --writepid /run/openvpn/client.pid
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Main process exited, code=killed, status=9/KILL
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Failed with result 'timeout'.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: Stopped OpenVPN connection to client.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1060 (update-resolv-c) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1086 (run-parts) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1093 (run-parts) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1107 (avahi-daemon-ch) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: [email protected]: Found left-over process 1120 (host) in control group while starting unit. Ignoring.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: Starting OpenVPN connection to client...
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2018
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Sep 26 14:39:15 ubuntu-server-vbox systemd[1]: Started OpenVPN connection to client.
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:15 ubuntu-server-vbox ovpn-client[1590]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:xxxx [nonblock]
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: TCP_CLIENT link local: (not bound)
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:16 ubuntu-server-vbox ovpn-client[1590]: [xxx.xxx.xxx] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: TUN/TAP device tun0 opened
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /sbin/ip link set dev tun0 up mtu 1500
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /sbin/ip addr add dev tun0 xxx.xxx.xxx.xxx/xx broadcast xxx.xxx.xxx.xxx
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /sbin/ip -6 addr add xxxx::xx/xx dev tun0
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: /etc/openvpn/update-resolv-conf tun0 1500 1562 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx init
Sep 26 14:39:17 ubuntu-server-vbox openvpn[1590]: dhcp-option DOMAIN xxxx
Sep 26 14:39:17 ubuntu-server-vbox openvpn[1590]: dhcp-option DNS xxx.xxx.xxx.xxx
Sep 26 14:39:17 ubuntu-server-vbox openvpn[1590]: RTNETLINK answers: File exists
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: ERROR: Linux route add command failed: external program exited with error status: 2
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: add_route_ipv6(xxxx::/xx -> xxxx::x metric -1) dev tun0
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: add_route_ipv6(fdbb::/64 -> xxxx::x metric -1) dev tun0
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sep 26 14:39:17 ubuntu-server-vbox ovpn-client[1590]: Initialization Sequence Completed

相关内容