互联网连接重新建立后,OpenVPN 客户端无法重新连接

tag-icon tag-icon debian openvpn shorewall
互联网连接重新建立后,OpenVPN 客户端无法重新连接

我在 miniPC 上运行 Debian 和 shorewall + 以及 OpenVPN 客户端。除非我的 isp 调制解调器失去连接,否则一切都运行顺利。重新建立互联网连接后,OpenVPN 无法连接,除非我重新启动硬件或运行

systemctl restart openvpn

这是我在从 minipc 上拔下网线并将其放回时收到的消息

kernel: [15984.234741] igb 0000:01:00.0 enp1s0: igb: enp1s0 NIC Link is Down
dhcpcd[489]: enp1s0: carrier lost
dhcpcd[489]: enp1s0: deleting address fe80::91f0:1a8a:5b0:b967
dhcpcd[489]: enp1s0: deleting route to 192.168.0.0/24
dhcpcd[489]: enp1s0: deleting default route via 192.168.0.1
kernel: [15990.843593] igb 0000:01:00.0 enp1s0: igb: enp1s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
dhcpcd[489]: enp1s0: carrier acquired
dhcpcd[489]: enp1s0: IAID 31:0b:c8:5e
dhcpcd[489]: enp1s0: adding address fe80::91f0:1a8a:5b0:b967
dhcpcd[489]: enp1s0: soliciting an IPv6 router
dhcpcd[489]: enp1s0: rebinding lease of 192.168.0.49
dhcpcd[489]: enp1s0: NAK: from 192.168.0.72
dhcpcd[489]: enp1s0: soliciting a DHCP lease
dhcpcd[489]: enp1s0: offered 192.168.0.49 from 192.168.0.1
dhcpcd[489]: enp1s0: probing address 192.168.0.49/24
dhcpcd[489]: enp1s0: leased 192.168.0.49 for 864000 seconds
dhcpcd[489]: enp1s0: adding route to 192.168.0.0/24
dhcpcd[489]: enp1s0: adding default route via 192.168.0.1

然后只从 openvpn 获取此消息

ovpn-client[15057]: Socket Buffers: R=[212992->212992] S=[212992->212992]
ovpn-client[15057]: UDP link local: (not bound)
ovpn-client[15057]: UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
ovpn-client[15057]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
ovpn-client[15057]: TLS Error: TLS handshake failed
ovpn-client[15057]: SIGUSR1[soft,tls-error] received, process restarting
ovpn-client[15057]: Restart pause, 5 second(s)
ovpn-client[15057]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
ovpn-client[15057]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194

和我的 .conf

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

每次需要重新连接时,有没有办法可以正确地重新启动 OpenVPN 服务?我找不到任何有意义的东西,所有问题都与建立任何连接的问题有关。

答案1

我遇到了同样的问题,对我来说解决这个问题的唯一方法就是删除 persist-tun。

编辑:不幸的是,我没有时间深入研究为什么会发生此问题,但对于我的用例而言:

对于我们的内部服务器,其连接非常不稳定,因此使用自托管的 OpenVPN 作为集中式 ssh 服务器(通过 ssh 和中等方式进行连接)。

删除 persist-tun 对此用例没有影响,并解决了客户端重新连接失败的问题。

相关内容