在这种情况下,我不知道发生了什么:
我使用 PKI 配置了 OpenVPN,一切似乎工作,除了这个:
Dbeaver 和 Mysql-Workbench 在“成功登录”后挂起(我的意思是,如果我设置了错误的密码或错误的允许域,它会说无法连接。在这里,它只是挂起)
真正奇怪的是,mysql 客户端通过我的 VPN 运行良好,只有 SQL IDE 出现故障。
顺便说一句,这些 IDE 使用公共 IPv4 通过互联网连接没有任何问题。
知道我能做什么吗:
1)调查问题(我设置的第一个 VPN...我可能遗漏了一些东西,或者是否有一些设置明显会导致这种行为,我不知道)
2)解决问题
?
[编辑]:为了进行测试,我设置了一个空的 iptables 规则集并禁用了 fail2ban(以及所有其他可能导致防火墙问题的因素):
2018-12-17 11:46:24 root /etc/openvpn/ #>iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
路线:
2018-12-17 11:49:17 root /etc/openvpn/ #>ip route
default via 10.16.84.150 dev ens2 proto dhcp src 10.16.84.151 metric 1024
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
10.16.84.150 dev ens2 proto dhcp scope link src 10.16.84.151 metric 1024
10.16.84.150/31 dev ens2 proto kernel scope link src 10.16.84.151
这些是由 openVPN 设置的:
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
[编辑2]
我在服务器和我的电脑上尝试了一些 wireshark 来查看这里发生了什么,使用 dbeaver 进行“测试连接”后的结果是:
在客户
tshark -i tun0
Running as user "root" and group "root". This could be dangerous.
tshark: Lua: Error during loading:
/usr/share/wireshark/init.lua:32: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Capturing on 'tun0'
1 0.000000000 10.8.0.6 → 10.8.0.1 TCP 60 47148 → 3306 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=999443647 TSecr=0 WS=128
2 0.049160978 10.8.0.1 → 10.8.0.6 TCP 60 3306 → 47148 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1358 SACK_PERM=1 TSval=3444840768 TSecr=999443647 WS=128
3 0.049178626 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=999443696 TSecr=3444840768
4 0.084592971 10.8.0.1 → 10.8.0.6 MySQL 145 Server Greeting proto=10 version=5.5.5-10.1.37-MariaDB
5 0.084630234 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=94 Win=29312 Len=0 TSval=999443731 TSecr=3444840803
6 0.085223320 10.8.0.6 → 10.8.0.1 MySQL 282 Login Request user=root db=fbpl_dataset
7 0.128639717 10.8.0.1 → 10.8.0.6 TCP 52 3306 → 47148 [ACK] Seq=94 Ack=231 Win=30080 Len=0 TSval=3444840848 TSecr=999443732
8 0.128899853 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
9 0.129036157 10.8.0.6 → 10.8.0.1 MySQL 162 Request Query
10 0.166717953 10.8.0.1 → 10.8.0.6 MySQL 422 Response
11 0.167034485 10.8.0.6 → 10.8.0.1 MySQL 168 Request Query
12 0.201992947 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
13 0.202300657 10.8.0.6 → 10.8.0.1 MySQL 100 Request Query
14 0.244425110 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
15 0.244723180 10.8.0.6 → 10.8.0.1 MySQL 73 Request Query
16 0.282299897 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
17 0.282750321 10.8.0.6 → 10.8.0.1 MySQL 63 Request Query
18 0.324337397 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
19 0.325020740 10.8.0.6 → 10.8.0.1 MySQL 88 Request Query
20 0.363417862 10.8.0.1 → 10.8.0.6 MySQL 131 Response
21 0.380069274 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
22 0.426607694 10.8.0.1 → 10.8.0.6 MySQL 1288 Response
23 0.427432886 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
24 0.464371877 10.8.0.1 → 10.8.0.6 TCP 1037 [TCP Previous segment not captured] 3306 → 47148 [PSH, ACK] Seq=3180 Ack=607 Win=30080 Len=985 TSval=3444841181 TSecr=999444074 [TCP segment of a reassembled PDU]
25 0.464403500 10.8.0.6 → 10.8.0.1 TCP 64 [TCP Window Update] 47148 → 3306 [ACK] Seq=607 Ack=1834 Win=35712 Len=0 TSval=999444111 TSecr=3444841142 SLE=3180 SRE=4165
26 0.648240382 10.8.0.6 → 138.201.81.199 TCP 60 47946 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125070191 TSecr=0 WS=128
27 15.154852195 fe80::2b5f:797f:89b6:2163 → ff02::2 ICMPv6 48 Router Solicitation
28 17.460851851 10.8.0.6 → 138.201.81.199 TCP 60 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125087000 TSecr=0 WS=128
29 18.461720007 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125088001 TSecr=0 WS=128
30 20.488217123 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125090027 TSecr=0 WS=128
31 24.541683888 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125094080 TSecr=0 WS=128
32 32.648223719 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125102185 TSecr=0 WS=128
33 76.255359872 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
34 76.594972111 fe80::2b5f:797f:89b6:2163 → ff02::2 ICMPv6 48 Router Solicitation
35 77.255689579 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
36 78.256235262 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
37 79.256582538 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
38 81.468184482 10.8.0.6 → 138.201.81.199 TCP 60 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125150997 TSecr=0 WS=128
39 82.488202760 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125152016 TSecr=0 WS=128
40 84.701712530 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125154230 TSecr=0 WS=128
41 88.754872248 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125158282 TSecr=0 WS=128
42 96.861639556 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125166388 TSecr=0 WS=128
43 196.255874050 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
44 197.257068532 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
45 198.258297209 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
46 199.258728979 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
47 204.595034169 fe80::2b5f:797f:89b6:2163 → ff02::2 ICMPv6 48 Router Solicitation
48 209.531734561 10.8.0.6 → 138.201.81.199 TCP 60 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125279045 TSecr=0 WS=128
49 210.541697498 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125280055 TSecr=0 WS=128
50 212.701695301 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125282215 TSecr=0 WS=128
51 216.755028817 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125286268 TSecr=0 WS=128
52 224.861647492 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125294374 TSecr=0 WS=128
53 316.256315832 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
54 317.257280083 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
55 318.258064000 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
56 319.258529228 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
在服务器:
tshark
Running as user "root" and group "root". This could be dangerous.
tshark: Lua: Error during loading:
/usr/share/wireshark/init.lua:32: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Capturing on 'tun0'
1 0.000000000 10.8.0.6 → 10.8.0.1 TCP 60 47148 → 3306 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=999443647 TSecr=0 WS=128
2 0.000053386 10.8.0.1 → 10.8.0.6 TCP 60 3306 → 47148 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=3444840768 TSecr=999443647 WS=128
3 0.034842750 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=999443696 TSecr=3444840768
4 0.035454228 10.8.0.1 → 10.8.0.6 MySQL 145 Server Greeting proto=10 version=5.5.5-10.1.37-MariaDB
5 0.074777548 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=94 Win=29312 Len=0 TSval=999443731 TSecr=3444840803
6 0.079692859 10.8.0.6 → 10.8.0.1 MySQL 282 Login Request user=root db=fbpl_dataset
7 0.079706973 10.8.0.1 → 10.8.0.6 TCP 52 3306 → 47148 [ACK] Seq=94 Ack=231 Win=30080 Len=0 TSval=3444840848 TSecr=999443732
8 0.079907092 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
9 0.114271069 10.8.0.6 → 10.8.0.1 MySQL 162 Request Query
10 0.116406475 10.8.0.1 → 10.8.0.6 MySQL 422 Response
11 0.153284108 10.8.0.6 → 10.8.0.1 MySQL 168 Request Query
12 0.153484577 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
13 0.194794969 10.8.0.6 → 10.8.0.1 MySQL 100 Request Query
14 0.195012071 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
15 0.232990157 10.8.0.6 → 10.8.0.1 MySQL 73 Request Query
16 0.233240592 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
17 0.274414074 10.8.0.6 → 10.8.0.1 MySQL 63 Request Query
18 0.274611706 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
19 0.313793459 10.8.0.6 → 10.8.0.1 MySQL 88 Request Query
20 0.314036139 10.8.0.1 → 10.8.0.6 MySQL 131 Response
21 0.373724977 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
22 0.374313462 10.8.0.1 → 10.8.0.6 MySQL 1288 Response
23 0.412753261 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
24 0.413313088 10.8.0.1 → 10.8.0.6 MySQL 1398 Response
25 0.413332858 10.8.0.1 → 10.8.0.6 MySQL 1037 ResponseResponse
26 0.453471537 10.8.0.6 → 10.8.0.1 TCP 64 [TCP Window Update] 47148 → 3306 [ACK] Seq=607 Ack=1834 Win=35712 Len=0 TSval=999444111 TSecr=3444841142 SLE=3180 SRE=4165
27 0.471486585 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444841239 TSecr=999444111
28 0.653949113 10.8.0.6 → 138.201.81.199 TCP 60 47946 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125070191 TSecr=0 WS=128
29 0.738141927 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444841506 TSecr=999444111
30 1.244791421 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444842013 TSecr=999444111
31 1.564860995 10.8.0.1 → 10.8.0.6 MySQL 1398 Response
32 2.231524259 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444842999 TSecr=999444111
33 4.338152670 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444845106 TSecr=999444111
34 8.391500815 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444849159 TSecr=999444111
35 16.284812186 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444857053 TSecr=999444111
36 17.453808438 10.8.0.6 → 138.201.81.199 TCP 60 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125087000 TSecr=0 WS=128
37 18.442690460 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125088001 TSecr=0 WS=128
38 20.473716795 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125090027 TSecr=0 WS=128
39 24.513887900 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125094080 TSecr=0 WS=128
40 32.284844755 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444873053 TSecr=999444111
41 32.634593171 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125102185 TSecr=0 WS=128
42 64.711502663 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444905479 TSecr=999444111
43 76.239261484 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
44 77.239606533 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
45 78.248116041 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
46 79.240570533 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
47 81.458991045 10.8.0.6 → 138.201.81.199 TCP 60 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125150997 TSecr=0 WS=128
48 82.473039673 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125152016 TSecr=0 WS=128
49 84.679898494 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125154230 TSecr=0 WS=128
50 88.739155711 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125158282 TSecr=0 WS=128
51 96.840751788 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125166388 TSecr=0 WS=128
52 124.444841498 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47008 [ACK] Seq=1 Ack=1 Win=235 Len=1346 TSval=3444965213 TSecr=998700357
53 127.858151192 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444968626 TSecr=999444111
54 196.234990777 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
55 197.236207702 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
56 198.236346847 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
57 199.235242415 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
58 209.476349902 10.8.0.6 → 138.201.81.199 TCP 60 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125279045 TSecr=0 WS=128
59 210.509956728 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125280055 TSecr=0 WS=128
60 212.674468626 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125282215 TSecr=0 WS=128
61 216.716790577 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125286268 TSecr=0 WS=128
62 224.828569147 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125294374 TSecr=0 WS=128
63 260.978128154 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3445101746 TSecr=999444111
[编辑3] 看起来这实际上是一个网络问题:使用 dbeaver 时,会发生 tcp 窗口更新。然后,我的电脑没有从连接中收到任何数据包。我还对物理链路进行了 wireshark 测试,确实没有收到其他 udp 数据包,因此严重怀疑是 MTU 问题。我通过 TCP 测试了 VPN,它有效。