私のopenvpnサーバーは動作を停止し、エラーメッセージは表示されません。
インターフェイスに着信パケットが表示されますtcpdump。
09:06:33.283561 ARP, Request who-has blueberryext.home tell caiway.home, length 46
09:06:33.283613 ARP, Reply blueberryext.home is-at b8:27:eb:80:ec:b6 (oui Unknown), length 28
09:06:36.156366 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272341292 ecr 0,nop,wscale 12], length 0
09:06:37.128963 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272342309 ecr 0,nop,wscale 12], length 0
09:06:38.269443 ARP, Request who-has blueberryext.home tell caiway.home, length 46
09:06:38.269487 ARP, Reply blueberryext.home is-at b8:27:eb:80:ec:b6 (oui Unknown), length 28
09:06:39.237426 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272344416 ecr 0,nop,wscale 12], length 0
09:06:43.320721 ARP, Request who-has blueberryext.home tell caiway.home, length 46
09:06:43.320768 ARP, Reply blueberryext.home is-at b8:27:eb:80:ec:b6 (oui Unknown), length 28
09:06:43.320880 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272348470 ecr 0,nop,wscale 12], length 0
09:06:46.186804 IP externalIP.dynamic.caiway.nl.41916 > blueberryext.home.7443: Flags [S], seq 109473813, win 65535, options [mss 1412,sackOK,TS val 2272351292 ecr 0,nop,wscale 12], length 0
09:06:47.135196 IP externalIP.dynamic.caiway.nl.41916 > blueberryext.home.7443: Flags [S], seq 109473813, win 65535, options [mss 1412,sackOK,TS val 2272352310 ecr 0,nop,wscale 12], length 0
09:06:48.285301 ARP, Request who-has blueberryext.home tell caiway.home, length 46
しかし、ovpnデーモンでは何も起こりません。 11に設定しましたが、verbログには次のように生成されます。
Aug 2 09:37:36 10 ovpn-server[3488]: SCHEDULE: schedule_find_least NULL
Aug 2 09:37:46 10 ovpn-server[3488]: MULTI: REAP range 128 -> 144
Aug 2 09:37:46 10 ovpn-server[3488]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Aug 2 09:37:46 10 ovpn-server[3488]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Aug 2 09:37:46 10 ovpn-server[3488]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Aug 2 09:37:46 10 ovpn-server[3488]: SCHEDULE: schedule_find_least NULL
Aug 2 09:37:56 10 ovpn-server[3488]: MULTI: REAP range 144 -> 160
Aug 2 09:37:56 10 ovpn-server[3488]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Aug 2 09:37:56 10 ovpn-server[3488]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Aug 2 09:37:56 10 ovpn-server[3488]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Aug 2 09:37:56 10 ovpn-server[3488]: SCHEDULE: schedule_find_least NULL
クライアントが接続を試みるかどうか。
再び機能させるには、どこを見なければならないのか、および/または何を試すべきかを考えていますか?
コメントによると:
ポートは tcp/7443 です。 tcpdump では、Caiway モデムから blueberryext に到着するパケットを表示できます。しかし、openvpnでは何の反応もありません。動詞11でもありません。
クライアントファイル:
client
dev tun
proto tcp
remote externalIP 7443
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name blueberry_9edafeac-5c08-40de-94c8-c7aa3e29de67 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
certificate
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
the key
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
the key
-----END OpenVPN Static key V1-----
</tls-crypt>
サーバー側から:
dev tun
proto tcp
port 7443
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/blueberry_9edafeac-5c08-40de-94c8-c7aa3e29de67.crt
key /etc/openvpn/easy-rsa/pki/private/blueberry_9edafeac-5c08-40de-94c8-c7aa3e29de67.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS <dns server>"
push "dhcp-option DNS <dns server>"
push "route internal.network 255.255.255.0"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 11
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io
ss -nlp | grep -E 'Address:Port|LISTEN.*:7443'以下を提供します。
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 0 0.0.0.0:7443 0.0.0.0:* users:(("openvpn",pid=8049,fd=6))
したがって、openvpnはそのポートでリッスンしているようです。