OpenVPN 不断重新授权

tag-icon tag-icon vpn vps openvpn
OpenVPN 不断重新授权

过去几个月,我一直在为家人在一台小型 VPS 上运行 OpenVPN,并且一直很满意。上周,我的主机重新启动了这台机器,现在我遇到了问题。他们重新启用了 TUN,这在过去曾帮助我恢复运行。

我可以连接到 VPN,但当我尝试通过它访问网络时,连接会陷入不断重新授权的循环中。我已阅读日志文件,但这对我来说是天书。有人能帮我解释一下吗?以下是一次会话的日志文件。

我尝试过重启 OpenVPN 服务并重启我的实例,但都对这个问题没有任何影响。我认为这与通过 VPN 路由流量有关,但除了重启硬件之外,我没有做任何改变,所以我不确定是什么引发了这个问题。客户端密钥也是一样的。

Wed Nov  7 11:16:16 2012 MULTI: multi_create_instance called
Wed Nov  7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 Re-using SSL/TLS context
Wed Nov  7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 LZO compression initialized
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Local Options hash (VER=V4): '530fdded'
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:50631, sid=d4a3e774 69029449
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/[email protected]
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/[email protected]
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:50631
Wed Nov  7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:50631
Wed Nov  7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:50631: 10.8.0.26
Wed Nov  7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov  7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov  7 11:17:00 2012 MULTI: multi_create_instance called
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Re-using SSL/TLS context
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 LZO compression initialized
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Local Options hash (VER=V4): '530fdded'
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:64732, sid=fc2b0817 0fa801c1
Wed Nov  7 11:17:00 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/[email protected]
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/[email protected]
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:64732
Wed Nov  7 11:17:01 2012 MULTI: new connection by client 'mycomputer' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Nov  7 11:17:01 2012 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:64732
Wed Nov  7 11:17:01 2012 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:64732: 10.8.0.26
Wed Nov  7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov  7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov  7 11:17:07 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:20 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:30 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:37 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:46 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:56 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:06 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:08 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:19 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:29 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:39 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:50 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:59 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:09 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:22 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:32 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:42 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:53 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:03 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:13 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:23 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:34 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:44 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:54 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 [mycomputer] Inactivity timeout (--ping-restart), restarting
Wed Nov  7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SIGUSR1[soft,ping-restart] received, client-instance restarting

答案1

我确定这与我的 VPN 无关。我的电脑是 Mac,在我开始遇到这些问题的同时,我升级到了 Mountain Lion。我使用的 VPN 客户端隧道图,与 Mountain Lion 不兼容。

解决方案是卸载 Tunnelblick 并升级到其最新测试版。现在我的 VPN 运行正常。

相关内容