我已经建立了与内置 OpenVPN 兼容性的 PLC 的 OpenVPN 连接。我正在连接到我自己的 OpenVPN 访问服务器,我可以从其他设备以及我的 Windows 客户端连接到该服务器。几周前我建立了连接,一切似乎都很好,但现在连接失败了。行为如下:重新启动后,PLC 连接到访问服务器(我可以在“当前用户”下看到它),但只持续了大约 100 秒。之后,它消失了,没有再出现。我在 PLC 上加载的 client.ovpn 配置文件中设置了以下参数:
cipher AES-256-CBC
...
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
...
dev tun
dev-type tun
persist-tun
persist-key
resolv-retry infinite
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 0
sndbuf 0
rcvbuf 0
...
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
...
key-direction 1
最新证书是在几天前生成的,问题从一开始就存在。请注意,生成此证书完全是因为之前的证书也导致了类似的问题。我无法通过 VPN 连接 ping、SSH 或访问 PLC 的 Web 界面(即使在 100 秒的在线时间内也无法访问),但由于我目前正在测试设置,所以我也可以直接连接到 PLC,因为它与我在同一个网络上。所以,总而言之,OpenVPN 与 PLC 的连接曾经可以工作,但现在不行了。我在证书或其他任何地方都看不到任何时间限制,那么可能是什么问题呢?
更新:
从 OpenVPN AS 登录:
2019-10-24 06:43:52+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:52 2019 [IP:PORTofPLC] TLS: Initial packet from [AF_INET] [IP:PORTofPLC] (via [AF_INET]10.1.0.4%eth0), sid=[someHEXnumbers]'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] VERIFY OK: depth=1, /CN=OpenVPN CA'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] VERIFY OK: nsCertType=CLIENT'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] VERIFY OK: depth=0, /CN=*vpnUSERNAME*_AUTOLOGIN'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_VER=2.4.6'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_PLAT=linux'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_PROTO=2'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_NCP=2'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_LZO=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_COMP_STUB=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_COMP_STUBv2=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_TCPNL=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_HWADDR=*MAC*'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] peer info: IV_SSL=OpenSSL_1.0.2q__20_Nov_2018'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019 [IP:PORTofPLC] [*vpnUSERNAME*_AUTOLOGIN] Peer Connection Initiated with [AF_INET] [IP:PORTofPLC] (via [AF_INET]10.1.0.4%eth0)'
2019-10-24 06:43:53+0000 [-] AUTH SUCCESS {'status': 0, 'reason': 'AuthTrue: autologin certificate auth succeeded', 'serial_list': [], 'user': u'*vpnUSERNAME*', 'proplist': {u'prop_autologin': u'true', u'prop_force_lzo': u'false', u'pvt_passw$
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:53 2019 MANAGEMENT: CMD 'client-auth 139 0'"
2019-10-24 06:43:54+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:54 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] OPTIONS IMPORT: compression parms modified'
2019-10-24 06:43:54+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:54 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] MULTI: Learn: [vpnIPofPLC] -> *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC]'
2019-10-24 06:43:54+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:54 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] MULTI: primary virtual IP for *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC]: [vpnIPofPLC]'
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] SENT CONTROL [*vpnUSERNAME*_AUTOLOGIN]: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhc$
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] Data Channel: using negotiated cipher 'AES-256-GCM'"
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-10-24 06:45:38+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:45:38 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] [*vpnUSERNAME*_AUTOLOGIN] Inactivity timeout (--ping-restart), restarting'
2019-10-24 06:45:38+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:45:38 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] SIGUSR1[soft,ping-restart] received, client-instance restarting'
2019-10-24 06:46:41+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:41 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:41+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:41 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [HTTPChannel,4036,] License Info {'apc': False, 'concurrent_connections': 10}
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: "Thu Oct 24 06:46:42 2019 MANAGEMENT: CMD 'status 3'"
2019-10-24 06:46:42+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:46:42 2019 MANAGEMENT: CMD 'status 3'"
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
来自 PLC 的日志:
Oct 24 08:43:39 [PLCname] firewall[933]: pid: 933, ppid: 931
Oct 24 08:43:39 [PLCname] firewall[933]: uid: 0, euid: 0
Oct 24 08:43:39 [PLCname] firewall[933]: gid: 0, egid: 0
Oct 24 08:43:39 [PLCname] firewall[933]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:39 [PLCname] firewall[933]: exit value: 0 (success)
Oct 24 08:43:39 [PLCname] firewall[940]: pid: 940, ppid: 939
Oct 24 08:43:39 [PLCname] firewall[940]: uid: 0, euid: 0
Oct 24 08:43:39 [PLCname] firewall[940]: gid: 0, egid: 0
Oct 24 08:43:39 [PLCname] firewall[940]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:39 [PLCname] firewall[940]: exit value: 0 (success)
Oct 24 08:43:40 [PLCname] DRM: [Info] src/Drm.c:355: Starting DRM...
Oct 24 08:43:40 [PLCname] DRM: [Info] src/Drm.c:406: DRM started.
Oct 24 08:43:44 [PLCname] firewall[1187]: pid: 1187, ppid: 1185
Oct 24 08:43:44 [PLCname] firewall[1187]: uid: 0, euid: 0
Oct 24 08:43:44 [PLCname] firewall[1187]: gid: 0, egid: 0
Oct 24 08:43:44 [PLCname] firewall[1187]: execution call: /etc/config-tools/firewall iptables --set-forward on
Oct 24 08:43:44 [PLCname] firewall[1187]: exit value: 0 (success)
Oct 24 08:43:44 [PLCname] firewall[1200]: pid: 1200, ppid: 1199
Oct 24 08:43:44 [PLCname] firewall[1200]: uid: 0, euid: 0
Oct 24 08:43:44 [PLCname] firewall[1200]: gid: 0, egid: 0
Oct 24 08:43:44 [PLCname] firewall[1200]: execution call: /etc/config-tools/firewall iptables --rem-masq all
Oct 24 08:43:44 [PLCname] firewall[1200]: exit value: 0 (success)
Oct 24 08:43:44 [PLCname] firewall[1206]: pid: 1206, ppid: 1205
Oct 24 08:43:44 [PLCname] firewall[1206]: uid: 0, euid: 0
Oct 24 08:43:44 [PLCname] firewall[1206]: gid: 0, egid: 0
Oct 24 08:43:45 [PLCname] firewall[1206]: execution call: /etc/config-tools/firewall iptables --rem-pfw all
Oct 24 08:43:45 [PLCname] firewall[1206]: exit value: 0 (success)
Oct 24 08:43:45 [PLCname] firewall[1211]: pid: 1211, ppid: 1183
Oct 24 08:43:45 [PLCname] firewall[1211]: uid: 0, euid: 0
Oct 24 08:43:45 [PLCname] firewall[1211]: gid: 0, egid: 0
Oct 24 08:43:45 [PLCname] firewall[1211]: execution call: /etc/config-tools/firewall iptables --apply
Oct 24 08:43:45 [PLCname] FIREWALL: Firewall - setting network layer firewall up...
Oct 24 08:43:45 [PLCname] FIREWALL: Failed do set-up network-layer firewall!
Oct 24 08:43:46 [PLCname] FIREWALL: Firewall - ...finished.
Oct 24 08:43:46 [PLCname] firewall[1211]: exit value: 0 (success)
Oct 24 08:43:46 [PLCname] ifplugd(ethX1)[1277]: ifplugd 0.28 initializing.
Oct 24 08:43:46 [PLCname] ifplugd(ethX1)[1277]: Using interface ethX1/[ethXmac] with driver <dsa> (version: 0.1)
Oct 24 08:43:46 [PLCname] ifplugd(ethX1)[1277]: Using detection mode: SIOCETHTOOL
Oct 24 08:43:46 [PLCname] ifplugd(ethX1)[1277]: Initialization complete, link beat not detected.
Oct 24 08:43:46 [PLCname] ifplugd(ethX1)[1277]: Could not open /dev/tty, cannot beep.
Oct 24 08:43:46 [PLCname] ifplugd(ethX2)[1281]: ifplugd 0.28 initializing.
Oct 24 08:43:46 [PLCname] ifplugd(ethX2)[1281]: Using interface ethX2/[ethXmac] with driver <dsa> (version: 0.1)
Oct 24 08:43:46 [PLCname] ifplugd(ethX2)[1281]: Using detection mode: SIOCETHTOOL
Oct 24 08:43:46 [PLCname] ifplugd(ethX2)[1281]: Initialization complete, link beat detected.
Oct 24 08:43:46 [PLCname] ifplugd(ethX2)[1281]: Could not open /dev/tty, cannot beep.
Oct 24 08:43:46 [PLCname] ipwatchd[1294]: IPwatchD started
Oct 24 08:43:46 [PLCname] dnsmasq[1301]: started, version 2.80 DNS disabled
Oct 24 08:43:46 [PLCname] dnsmasq[1301]: compile time options: no-IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua no-TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
Oct 24 08:43:46 [PLCname] firewall[1305]: pid: 1305, ppid: 1304
Oct 24 08:43:46 [PLCname] firewall[1305]: uid: 0, euid: 0
Oct 24 08:43:46 [PLCname] firewall[1305]: gid: 0, egid: 0
Oct 24 08:43:46 [PLCname] firewall[1305]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:46 [PLCname] firewall[1305]: exit value: 0 (success)
Oct 24 08:43:47 [PLCname] DNSMASQ-LOCALHOST: Dnsmasq is disabled - "nameserver 127.0.0.1" will be removed
Oct 24 08:43:47 [PLCname] firewall[1313]: pid: 1313, ppid: 1312
Oct 24 08:43:47 [PLCname] firewall[1313]: uid: 0, euid: 0
Oct 24 08:43:47 [PLCname] firewall[1313]: gid: 0, egid: 0
Oct 24 08:43:47 [PLCname] firewall[1313]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:47 [PLCname] firewall[1313]: exit value: 0 (success)
Oct 24 08:43:47 [PLCname] dropbear[1318]: Running in background
Oct 24 08:43:47 [PLCname] firewall[1321]: pid: 1321, ppid: 1320
Oct 24 08:43:47 [PLCname] firewall[1321]: uid: 0, euid: 0
Oct 24 08:43:47 [PLCname] firewall[1321]: gid: 0, egid: 0
Oct 24 08:43:47 [PLCname] firewall[1321]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:47 [PLCname] firewall[1321]: exit value: 0 (success)
Oct 24 08:43:47 [PLCname] root: Starting virtual private network daemon
Oct 24 08:43:47 [PLCname] root: openvpn
Oct 24 08:43:47 [PLCname] ovpn-openvpn[1332]: OpenVPN 2.4.6 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 6 2019
Oct 24 08:43:47 [PLCname] ovpn-openvpn[1332]: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.09
Oct 24 08:43:47 [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 24 08:43:47 [PLCname] ovpn-openvpn[1333]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 24 08:43:47 [PLCname] root: 0
Oct 24 08:43:47 [PLCname] ovpn-openvpn[1333]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 24 08:43:47 [PLCname] firewall[1350]: pid: 1350, ppid: 1349
Oct 24 08:43:47 [PLCname] firewall[1350]: uid: 0, euid: 0
Oct 24 08:43:47 [PLCname] firewall[1350]: gid: 0, egid: 0
Oct 24 08:43:47 [PLCname] firewall[1350]: execution call: /etc/config-tools/firewall iptables --set-forward on
Oct 24 08:43:47 [PLCname] firewall[1350]: exit value: 0 (success)
Oct 24 08:43:47 [PLCname] firewall[1360]: pid: 1360, ppid: 1359
Oct 24 08:43:47 [PLCname] firewall[1360]: uid: 0, euid: 0
Oct 24 08:43:47 [PLCname] firewall[1360]: gid: 0, egid: 0
Oct 24 08:43:47 [PLCname] firewall[1360]: execution call: /etc/config-tools/firewall iptables --rem-masq all
Oct 24 08:43:47 [PLCname] firewall[1360]: exit value: 0 (success)
Oct 24 08:43:48 [PLCname] firewall[1363]: pid: 1363, ppid: 1362
Oct 24 08:43:48 [PLCname] firewall[1363]: uid: 0, euid: 0
Oct 24 08:43:48 [PLCname] firewall[1363]: gid: 0, egid: 0
Oct 24 08:43:48 [PLCname] firewall[1363]: execution call: /etc/config-tools/firewall iptables --rem-pfw all
Oct 24 08:43:48 [PLCname] firewall[1363]: exit value: 0 (success)
Oct 24 08:43:48 [PLCname] firewall[1367]: pid: 1367, ppid: 1347
Oct 24 08:43:48 [PLCname] firewall[1367]: uid: 0, euid: 0
Oct 24 08:43:48 [PLCname] firewall[1367]: gid: 0, egid: 0
Oct 24 08:43:48 [PLCname] firewall[1367]: execution call: /etc/config-tools/firewall iptables --apply
Oct 24 08:43:48 [PLCname] FIREWALL: Firewall - setting network layer firewall up...
Oct 24 08:43:48 [PLCname] FIREWALL: Failed do set-up network-layer firewall!
Oct 24 08:43:48 [PLCname] FIREWALL: Firewall - ...finished.
Oct 24 08:43:48 [PLCname] firewall[1367]: exit value: 0 (success)
Oct 24 08:43:49 [PLCname] firewall[1469]: pid: 1469, ppid: 1468
Oct 24 08:43:49 [PLCname] firewall[1469]: uid: 0, euid: 0
Oct 24 08:43:49 [PLCname] firewall[1469]: gid: 0, egid: 0
Oct 24 08:43:49 [PLCname] firewall[1469]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:49 [PLCname] firewall[1469]: exit value: 0 (success)
Oct 24 08:43:50 [PLCname] firewall[1472]: pid: 1472, ppid: 1471
Oct 24 08:43:50 [PLCname] firewall[1472]: uid: 0, euid: 0
Oct 24 08:43:50 [PLCname] firewall[1472]: gid: 0, egid: 0
Oct 24 08:43:50 [PLCname] firewall[1472]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:50 [PLCname] firewall[1472]: exit value: 0 (success)
Oct 24 08:43:50 [PLCname] firewall[1475]: pid: 1475, ppid: 1474
Oct 24 08:43:50 [PLCname] firewall[1475]: uid: 0, euid: 0
Oct 24 08:43:50 [PLCname] firewall[1475]: gid: 0, egid: 0
Oct 24 08:43:50 [PLCname] firewall[1475]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:50 [PLCname] firewall[1475]: exit value: 0 (success)
Oct 24 08:43:50 [PLCname] progexecd: Program execution daemon started, ready to accept connections
Oct 24 08:43:51 [PLCname] firewall[1528]: pid: 1528, ppid: 1527
Oct 24 08:43:51 [PLCname] firewall[1528]: uid: 0, euid: 0
Oct 24 08:43:51 [PLCname] firewall[1528]: gid: 0, egid: 0
Oct 24 08:43:51 [PLCname] firewall[1528]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:51 [PLCname] firewall[1528]: exit value: 0 (success)
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][openVPNasIP:port]
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: UDP link local: (not bound)
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: UDP link remote: [AF_INET][openVPNasIP:port]
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: TLS: Initial packet from [AF_INET][openVPNasIP:port], sid=[someHEX]
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: VERIFY OK: depth=1, CN=OpenVPN CA
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: VERIFY OK: nsCertType=SERVER
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: VERIFY OK: depth=0, CN=OpenVPN Server
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Oct 24 08:43:52 [PLCname] ovpn-openvpn[1333]: [OpenVPN Server] Peer Connection Initiated with [AF_INET][openVPNasIP:port]
Oct 24 08:43:53 [PLCname] ovpn-openvpn[1333]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Oct 24 08:43:56 [PLCname] firewall[1628]: pid: 1628, ppid: 1627
Oct 24 08:43:56 [PLCname] firewall[1628]: uid: 0, euid: 0
Oct 24 08:43:56 [PLCname] firewall[1628]: gid: 0, egid: 0
Oct 24 08:43:56 [PLCname] firewall[1628]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:56 [PLCname] firewall[1628]: exit value: 0 (success)
Oct 24 08:43:57 [PLCname] firewall[1662]: pid: 1662, ppid: 1661
Oct 24 08:43:57 [PLCname] firewall[1662]: uid: 0, euid: 0
Oct 24 08:43:57 [PLCname] firewall[1662]: gid: 0, egid: 0
Oct 24 08:43:57 [PLCname] firewall[1662]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:57 [PLCname] firewall[1662]: exit value: 0 (success)
Oct 24 08:43:57 [PLCname] firewall[1666]: pid: 1666, ppid: 1665
Oct 24 08:43:57 [PLCname] firewall[1666]: uid: 0, euid: 0
Oct 24 08:43:57 [PLCname] firewall[1666]: gid: 0, egid: 0
Oct 24 08:43:57 [PLCname] firewall[1666]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:57 [PLCname] firewall[1666]: exit value: 0 (success)
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,compress stub-v2,red$
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.6)
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.6)
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.6)
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: register-dns (2.4.6)
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:21: block-ipv6 (2.4.6)
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: timers and/or timeouts modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: explicit notify parm(s) modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: compression parms modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: route options modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: route-related options modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: peer-id set
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: adjusting link_mtu to 1625
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: data channel crypto options modified
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: TUN/TAP device tun0 opened
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: TUN/TAP TX queue length set to 100
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Oct 24 08:43:58 [PLCname] ovpn-openvpn[1333]: /usr/sbin/ifconfig tun0 [VPNipOFplc] netmask 255.255.255.0 mtu 1500 broadcast [broadcastIP]
Oct 24 08:44:03 [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net [OVPNasIP] netmask 255.255.255.255 gw [OVPNgwIP]
Oct 24 08:44:03 [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net [DNSip] netmask 255.255.255.255 metric 101 gw [OVPNgwIP]
Oct 24 08:44:03 [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net 10.1.0.0 netmask 255.255.255.0 metric 101 gw [OVPNgwIP]
Oct 24 08:44:03 [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net [OVPNnetworkIP] netmask 255.255.254.0 metric 101 gw [OVPNgwIP]
Oct 24 08:44:03 [PLCname] ovpn-openvpn[1333]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 24 08:44:03 [PLCname] ovpn-openvpn[1333]: Initialization Sequence Completed
Oct 24 08:46:25 [PLCname] ovpn-openvpn[1333]: [OpenVPN Server] Inactivity timeout (--ping-restart), restarting
Oct 24 08:46:25 [PLCname] ovpn-openvpn[1333]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 24 08:46:25 [PLCname] ovpn-openvpn[1333]: Restart pause, 5 second(s)
Oct 24 08:46:30 [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 24 08:46:30 [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][openVPNasIP:port]
Oct 24 08:46:30 [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Oct 24 08:46:30 [PLCname] ovpn-openvpn[1333]: UDP link local: (not bound)
Oct 24 08:46:30 [PLCname] ovpn-openvpn[1333]: UDP link remote: [AF_INET][openVPNasIP:port]
Oct 24 08:46:34 [PLCname] ovpn-openvpn[1333]: Server poll timeout, restarting
Oct 24 08:46:34 [PLCname] ovpn-openvpn[1333]: SIGUSR1[soft,server_poll] received, process restarting
Oct 24 08:46:34 [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 24 08:46:39 [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][openVPNasIP:port]
Oct 24 08:46:39 [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Oct 24 08:46:39 [PLCname] ovpn-openvpn[1333]: UDP link local: (not bound)
Oct 24 08:46:39 [PLCname] ovpn-openvpn[1333]: UDP link remote: [AF_INET][openVPNasIP:port]
Oct 24 08:46:43 [PLCname] ovpn-openvpn[1333]: Server poll timeout, restarting
Oct 24 08:46:43 [PLCname] ovpn-openvpn[1333]: SIGUSR1[soft,server_poll] received, process restarting
Oct 24 08:46:43 [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Oct 24 08:46:48 [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][OVPNasIP]:443
Oct 24 08:46:48 [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Oct 24 08:46:48 [PLCname] ovpn-openvpn[1333]: Attempting to establish TCP connection with [AF_INET][OVPNasIP]:443 [nonblock]
Oct 24 08:46:52 [PLCname] ovpn-openvpn[1333]: TCP: connect to [AF_INET][OVPNasIP]:443 failed: No route to host
答案1
解决方案:问题出在 PLC 设置中的静态路由,其网关地址恰好作为第三跳,删除该路由即可解决问题。我复制了设置的相同 PLC 已在 PLC 和网络之间使用另一个路由器进行测试,该路由器具有完全相同的 IP 地址(并充当网关)。没有这个路由器,静态路由会搞砸一切。但是,我仍然有点困惑,为什么 PLC 能够在每次重启时都向 OpenVPN AS 展示自己,并且似乎处于在线状态,直到达到某个超时。