VPN 陷入“TLS：初始数据包”循环

2024-6-2 • tag-icon

我有一个 OpenVPN 2.4.9 服务器，需要连接多个客户端，但目前没有客户端可以连接。我收到以下错误，针对一个特定客户端进行过滤：

14:06:38 xxx.xxx.xxx.xxx:1209 Re-using SSL/TLS context
14:06:38 xxx.xxx.xxx.xxx:1209 LZO compression initializing
14:06:38 xxx.xxx.xxx.xxx:1209 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:06:38 xxx.xxx.xxx.xxx:1209 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:06:38 xxx.xxx.xxx.xxx:1209 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:06:38 xxx.xxx.xxx.xxx:1209 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:06:38 xxx.xxx.xxx.xxx:1209 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1209, sid=f5f87f34 db300e2a
14:07:37 xxx.xxx.xxx.xxx:1152 Re-using SSL/TLS context
14:07:37 xxx.xxx.xxx.xxx:1152 LZO compression initializing
14:07:37 xxx.xxx.xxx.xxx:1152 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:07:37 xxx.xxx.xxx.xxx:1152 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:07:37 xxx.xxx.xxx.xxx:1152 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:07:37 xxx.xxx.xxx.xxx:1152 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:07:37 xxx.xxx.xxx.xxx:1152 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1152, sid=a51c6653 918e9955
14:10:02 xxx.xxx.xxx.xxx:1070 Re-using SSL/TLS context
14:10:02 xxx.xxx.xxx.xxx:1070 LZO compression initializing
14:10:02 xxx.xxx.xxx.xxx:1070 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:10:02 xxx.xxx.xxx.xxx:1070 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:10:02 xxx.xxx.xxx.xxx:1070 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:10:02 xxx.xxx.xxx.xxx:1070 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:10:02 xxx.xxx.xxx.xxx:1070 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1070, sid=4783fc46 dc03a197
14:11:44 xxx.xxx.xxx.xxx:1055 Re-using SSL/TLS context
14:11:44 xxx.xxx.xxx.xxx:1055 LZO compression initializing
14:11:44 xxx.xxx.xxx.xxx:1055 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:11:44 xxx.xxx.xxx.xxx:1055 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:11:44 xxx.xxx.xxx.xxx:1055 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:11:44 xxx.xxx.xxx.xxx:1055 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:11:44 xxx.xxx.xxx.xxx:1055 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1055, sid=c49e2c9b 38019dec
14:12:49 xxx.xxx.xxx.xxx:1052 Re-using SSL/TLS context
14:12:49 xxx.xxx.xxx.xxx:1052 LZO compression initializing
14:12:49 xxx.xxx.xxx.xxx:1052 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:12:49 xxx.xxx.xxx.xxx:1052 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:12:49 xxx.xxx.xxx.xxx:1052 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:12:49 xxx.xxx.xxx.xxx:1052 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:12:49 xxx.xxx.xxx.xxx:1052 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1052, sid=fd3a21d4 1f68e97a

在“TLS：初始数据包来自”后约 60 秒，一切再次开始。

对我来说，这看起来像是某种超时，客户端期望什么？为什么它没有得到预期的回报？

由于超时，我已经设置：

reneg-sec 3600
ping 120
ping-restart 120

相关内容