Ïðîáëåìû ñ OpenVPN. Ïðîøó ïîìîùè!

**staticroute** · 19-10-2012, 10:32

Èç êîíôèãà äåáèàíà óáåðèòå:

Code:

auth none
redirect-gateway
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

è ñäåëàéòå íà äåáèàíå

Code:

chmod 0600 /etc/openvpn/keys/server.key

ëîã debian-êëèåíòà òîæå ïîêàæèòå.

**MMX2** · 19-10-2012, 10:45

Originally Posted by staticroute

Èç êîíôèãà äåáèàíà óáåðèòå:

Code:

auth none
redirect-gateway
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

è ñäåëàéòå íà äåáèàíå

Code:

chmod 0600 /etc/openvpn/keys/server.key

ëîã debian-êëèåíòà òîæå ïîêàæèòå.

Ñïàñèáî çà îòâåò! Ñäåëàë. Ñîåäèíåíèå ïðîäåðæàëîñü äîëüøå îáû÷íîãî, äàæå óäàëîñü çàéòè íà øàðó äåáèàí-ñåðâåðà. Ïîòîì îïÿòü ðàçðûâ. Â ëîãàõ ñåðâåòà âñå òîæå ñàìîå, à ëîãè êëèåíòà ñåé÷àñ ñíèìó.
Ëîã äåáèàí-êëèåíòà:

PHP Code:


Fri Oct 19 13:35:54 2012 OpenVPN 2.2.1 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 23 2012

Fri Oct 19 13:35:54 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Fri Oct 19 13:35:54 2012 ******* WARNING *******: null MAC specified, no authentication will be used

Fri Oct 19 13:35:54 2012 LZO compression initialized

Fri Oct 19 13:35:54 2012 Attempting to establish TCP connection with [AF_INET] :80 [nonblock]

Fri Oct 19 13:35:55 2012 TCP connection established with [AF_INET] :80

Fri Oct 19 13:35:55 2012 TCPv4_CLIENT link local: [undef]

Fri Oct 19 13:35:55 2012 TCPv4_CLIENT link remote: [AF_INET] :80

Fri Oct 19 13:35:59 2012 [server] Peer Connection Initiated with [AF_INET] :80

Fri Oct 19 13:36:01 2012 TUN/TAP device tap0 opened

Fri Oct 19 13:36:01 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Fri Oct 19 13:36:01 2012 /sbin/ifconfig tap0 192.168.1.202 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255

Fri Oct 19 13:36:01 2012 Initialization Sequence Completed

Fri Oct 19 13:38:05 2012 Connection reset, restarting [0]

Fri Oct 19 13:38:05 2012 SIGUSR1[soft,connection-reset] received, process restarting

Fri Oct 19 13:38:10 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Fri Oct 19 13:38:10 2012 Re-using SSL/TLS context

Fri Oct 19 13:38:10 2012 LZO compression initialized

Fri Oct 19 13:38:10 2012 Attempting to establish TCP connection with [AF_INET]:80 [nonblock]

Fri Oct 19 13:38:11 2012 TCP connection established with [AF_INET] :80

Fri Oct 19 13:38:11 2012 TCPv4_CLIENT link local: [undef]

Fri Oct 19 13:38:11 2012 TCPv4_CLIENT link remote: [AF_INET] :80

Fri Oct 19 13:38:14 2012 [server] Peer Connection Initiated with [AF_INET] :80

Fri Oct 19 13:38:16 2012 Preserving previous TUN/TAP instance: tap0

Fri Oct 19 13:38:16 2012 Initialization Sequence Completed

Fri Oct 19 13:45:07 2012 event_wait : Interrupted system call (code=4)

Fri Oct 19 13:45:07 2012 /sbin/ifconfig tap0 0.0.0.0

Fri Oct 19 13:45:08 2012 SIGTERM[hard,] received, process exiting

Â êîíöå - ýòî ÿ îñòàíîâèë ñåðâèñ OVPN.

**staticroute** · 19-10-2012, 12:22

Ìîæíî ïîïðîáîâàòü âîòêíóòü mssfix 1450 íà êëèåíòå è ñåðâåðå.

**MMX2** · 19-10-2012, 12:45

Originally Posted by staticroute

Ìîæíî ïîïðîáîâàòü âîòêíóòü mssfix 1450 íà êëèåíòå è ñåðâåðå.

Ñäåëàë, íå ïîìîãàåò. Çàòî çàìåòèë, ÷òî ïðîáëåìà íà÷èíàåòñÿ òîëüêî åñëè ïî òîííåëü íà÷èíàþò èñïîëüçîâàòü. Ò.å. åñëè òîëüêî ïèíãîâàòü, òî îí ñêîëü óãîäíî äîëãî ïèíãóåòñÿ. À âîò åñëè ïî íåìó, íàïðèìåð, ïîïûòàòüñÿ ïîäêëþ÷èòüñÿ ê êîìïó çà ñåðâåðîì - ñðàçó ïàäàåò...

**staticroute** · 19-10-2012, 13:04

Originally Posted by MMX2

Ñäåëàë, íå ïîìîãàåò. Çàòî çàìåòèë, ÷òî ïðîáëåìà íà÷èíàåòñÿ òîëüêî åñëè ïî òîííåëü íà÷èíàþò èñïîëüçîâàòü. Ò.å. åñëè òîëüêî ïèíãîâàòü, òî îí ñêîëü óãîäíî äîëãî ïèíãóåòñÿ. À âîò åñëè ïî íåìó, íàïðèìåð, ïîïûòàòüñÿ ïîäêëþ÷èòüñÿ ê êîìïó çà ñåðâåðîì - ñðàçó ïàäàåò...

Îí ïàäàåò è ïåðåïîäêëþ÷àåòñÿ?

Âîçìîæíî ïðîáëåìà â MTU/MSSFIX êàê ðàç-òàêè.

íà Debian-ñåðâåðå ñäåëàéòå:

Code:

iptables -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu

win7 ðàáîòàåò ñòàáèëüíî íà òî÷íî òàêîé æå êîíôèãóðàöèè? íèêàêèõ ðåêîííåêòîâ?

**MMX2** · 19-10-2012, 13:18

Originally Posted by staticroute

Îí ïàäàåò è ïåðåïîäêëþ÷àåòñÿ?

Âîçìîæíî ïðîáëåìà â MTU/MSSFIX êàê ðàç-òàêè.

íà Debian-ñåðâåðå ñäåëàéòå:

Code:

iptables -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu

win7 ðàáîòàåò ñòàáèëüíî íà òî÷íî òàêîé æå êîíôèãóðàöèè? íèêàêèõ ðåêîííåêòîâ?

Ñåé÷àñ ïîïðîáóþ. W7 ðàáîòàåò ñòàáèëüíî êàê ñêàëà - íèêàêèõ ðåêîíåêòîâ, õîòü 20-30 ãèãîâ ïåðåëèâàé. À ó äåáèàíà êëèåíòà ñîåäèíåíèå ïàäàåò è ïåðåïîäêëþ÷àåòñÿ. È òàê äî ñëåäóþùåãî òàéìàóòà ïî ïèíãó.
UPD. Ïðîâåðèë. Êàðòèíà íå èçìåíèëàñü, êîãäà íà÷èíàåøü ïîëüçîâàòüñÿ òîíåëåì òî ñðàçó òàéìàóò è ïîòîì ðåêîííåêò. Ìèñòèêà....

**staticroute** · 19-10-2012, 13:21

Âåðñèè OpenVPN íà ñåðâåðå Debian è êëèåíòå Debian îäèíàêîâûå?

**MMX2** · 19-10-2012, 13:43

Originally Posted by staticroute

Âåðñèè OpenVPN íà ñåðâåðå Debian è êëèåíòå Debian îäèíàêîâûå?

Íà äåáèàíàõ îäèíàêîâûå âåðñèè OpenVPN Âåðñèÿ: 2.2.1-8
À âîò íà RT-N16, ñ êîòîðûì áåçïðîáëåìíàÿ ðàáîòà - äðóãàÿ: Version: 2.2.2-2
Ùàñ ïîïðîáóþ ñîáðàòü íà äåáèàíà Ovpn èç ñîðöîâ âåðñèè 2.2.2-2

UPD:
Ñîáðàë íà îáîèõ äåáèàíàõ ñàìûé ñâåæèé OpenVPN. Êàðòèíà îñòàëàñü ïðåæíåé. Òàêæå â íàñòðîéêàõ wi-fi àäàïòåðà êëèåíòà îòêëþ÷èë ðîóìèíã è æåñòêî ïðîïèñàë MTU 1500. Áåç èçìåíåíèé.
Êàêèìè ìåòîäàìè äèàãíîñòèêè è íàáëþäåíèÿ ìîæíî îòëîâèòü äàííûé ãëþê?

**MMX2** · 19-10-2012, 20:42

Çàìåòèë, ÷òî ñåðâåðà RT-N16 è äåáèàí(û) îòëè÷àþòñÿ òåì, ÷òî íà RT-N16 âûêëþ÷åíà ïîääåðæêà ipv6. Â âèíäîâîì êëèåíòû òîæå âûêëþ÷åíà. Òàêèì îáðàçîì, ñëåäóþùåé ìîåé èäååé áûëî îòêëþ÷èòü åå íà äåáèàíàõ. Îòêëþ÷èë, â ifconfig àäðåñà ipv6 ïðîïàëè, íî.... íå ïîìîãëî...
Äàëüøå ÿ òóïî çàáèë íà ïðîáëåìíîì ñåðâåðå:

PHP Code:


ifconfig tap0 mtu 1400

è âîò óæå 200 ìåãîâ îò ôèëüìà çàëèëîñü áåç ïðîáëåì

Òüôó*3, íàäåþñü, ÷òî ïðîáëåìà ðåøåíà. Òî÷íî ñêàæó òåïåðü òîëüêî â ïîíåäåëüíèê.
Â ëþáîì ñëó÷àå, staticroute, ÎÃÐÎÌÍÎÅ ñïàñèáî çà ïîìîùü â ðåøåíèè ìèñòè÷åñêîé ïðîáëåìû

Åñëè äåëî òàêè â mtu, òî êàêîâ ìåõàíèçì âîçíèêíîâåíèÿ ïðîáëåìû?

**staticroute** · 19-10-2012, 21:20

Originally Posted by MMX2

Çàìåòèë, ÷òî ñåðâåðà RT-N16 è äåáèàí(û) îòëè÷àþòñÿ òåì, ÷òî íà RT-N16 âûêëþ÷åíà ïîääåðæêà ipv6. Â âèíäîâîì êëèåíòû òîæå âûêëþ÷åíà. Òàêèì îáðàçîì, ñëåäóþùåé ìîåé èäååé áûëî îòêëþ÷èòü åå íà äåáèàíàõ. Îòêëþ÷èë, â ifconfig àäðåñà ipv6 ïðîïàëè, íî.... íå ïîìîãëî...
Äàëüøå ÿ òóïî çàáèë íà ïðîáëåìíîì ñåðâåðå:

PHP Code:


ifconfig tap0 mtu 1400

è âîò óæå 200 ìåãîâ îò ôèëüìà çàëèëîñü áåç ïðîáëåì

Òüôó*3, íàäåþñü, ÷òî ïðîáëåìà ðåøåíà. Òî÷íî ñêàæó òåïåðü òîëüêî â ïîíåäåëüíèê.
Â ëþáîì ñëó÷àå, staticroute, ÎÃÐÎÌÍÎÅ ñïàñèáî çà ïîìîùü â ðåøåíèè ìèñòè÷åñêîé ïðîáëåìû

Åñëè äåëî òàêè â mtu, òî êàêîâ ìåõàíèçì âîçíèêíîâåíèÿ ïðîáëåìû?

--tun-mtu n
Take the TUN device MTU to be n and derive the link MTU from it (default=1500). In most cases, you will probably want to leave this parameter set to its default value.

The MTU (Maximum Transmission Units) is the maximum datagram size in bytes that can be sent unfragmented over a particular network path. OpenVPN requires that packets on the control or data channels be sent unfragmented.

MTU problems often manifest themselves as connections which hang during periods of active usage.

It's best to use the --fragment and/or --mssfix options to deal with MTU sizing issues.

Âîîáùå mssfix äîëæíî áûëî ïîìî÷ü ïî èäåå.

Òî÷íî ðåñòàðòèë OpenVPN ïîñëå äîáàâëåíèÿ îïöèé?

Õîòÿ, âîçìîæíî ýòî ïðèìåíèìî òîëüêî ê tun, à íà tap êàê ðàç-òàêè mtu èíòåðôåéñà, òàê êàê èíòåðôåéñ òû âðó÷íóþ ïîäíèìàåøü ifconfig-îì.

**MMX2** · 20-10-2012, 07:41

OpenVPN è ñåðâåð è êëèåíò òî÷íî ïåðåçàïóñêàë, äà è äàæå ïåðåñîáèðàë è ñàì ñåðâåð (êîìïüþòåð) ðåñòàðòèë.
Ïðè ýòîì, â âûäà÷å ifconfig mtu ó tap èíòåðôåéñà îñòàâàëñÿ 1500. Ìîæåò ýòî íå âëèÿåò íè íà ÷òî è OpenVPN ñàì ðóëèòü MTU - íå çíàþ.
Êñòàòè TAP èíòåðôåéñ ñîçäàåòñÿ, åñëè âåðèòü ñòàðòîâûì ñêðèïòàì, íå ifconfig'îì, à OpenVPN'îì:

PHP Code:


for t in $tap; do

    openvpn --mktun --dev $t

done

Çà íî÷ü âòîðîé ïðîáëåìíûé êëèåíò íå îòâàëèâàëñÿ, íî ñîâñåì òî÷íî î ðåçóëüòàòå áóäåò èçâåñòíî â ïîíåäåëüíèê

Ñïàñèáî!

**kpush** · 22-10-2012, 12:07

óñòàíîâèë íà ðîóòåð OpenVPN, òåïåðü îí çàíÿò ïîñòîÿííî:

top -d 10

Mem: 28776K used, 98064K free, 0K shrd, 2480K buff, 12480K cached
CPU: 45% usr 14% sys 0% nic 12% idle 0% io 1% irq 25% sirq
Load average: 1.14 0.92 0.78 3/29 1059
PID PPID USER STAT VSZ %VSZ %CPU COMMAND
299 1 admin R 4984 4% 87% /opt/bin/openvpn --cd /opt/etc/openvpn
284 1 admin S 1512 1% 0% watchdog
1059 1056 admin R 1384 1% 0% top -d 10
.......

×òî ìîæíî ñäåëàòü? ìîæåò, ÷òî ëèøíåå îñòàíîâèòü?

Â îáùåì òî Wifi ðàçäàâàòü íå íàäî, íàäî òîëüêî øèôðîâàòü ïîòîê
è äîñòóï ê îñòàëüíîìó èíòåðíåòó îáåñïå÷èâàòü íà ìàøèí 10-15.

Ìîãó, òåîðåòè÷åñêè, ïîñòàâèòü RT-66U.
Áóäåò ëè ñèëüíî ëó÷øå?

Êîãäà OpenVPN ñòîÿë íà îáû÷íîé ìàøèíå, çàãðóçêè òàêîé íå âèäåë
(âûëîæó Top äëÿ ñðàâíåíèÿ, êîãäà ñíîâà ïîéäåò ïîòîê)

**MMX2** · 22-10-2012, 12:31

Originally Posted by kpush

óñòàíîâèë íà ðîóòåð OpenVPN, òåïåðü îí çàíÿò ïîñòîÿííî:

top -d 10

Mem: 28776K used, 98064K free, 0K shrd, 2480K buff, 12480K cached
CPU: 45% usr 14% sys 0% nic 12% idle 0% io 1% irq 25% sirq
Load average: 1.14 0.92 0.78 3/29 1059
PID PPID USER STAT VSZ %VSZ %CPU COMMAND
299 1 admin R 4984 4% 87% /opt/bin/openvpn --cd /opt/etc/openvpn
284 1 admin S 1512 1% 0% watchdog
1059 1056 admin R 1384 1% 0% top -d 10
.......

×òî ìîæíî ñäåëàòü? ìîæåò, ÷òî ëèøíåå îñòàíîâèòü?

Â îáùåì òî Wifi ðàçäàâàòü íå íàäî, íàäî òîëüêî øèôðîâàòü ïîòîê
è äîñòóï ê îñòàëüíîìó èíòåðíåòó îáåñïå÷èâàòü íà ìàøèí 10-15.

Ìîãó, òåîðåòè÷åñêè, ïîñòàâèòü RT-66U.
Áóäåò ëè ñèëüíî ëó÷øå?

Êîãäà OpenVPN ñòîÿë íà îáû÷íîé ìàøèíå, çàãðóçêè òàêîé íå âèäåë
(âûëîæó Top äëÿ ñðàâíåíèÿ, êîãäà ñíîâà ïîéäåò ïîòîê)

Òàê ìîæåò è ïîäíÿòü OpenVPN íà ïîëíîöåííîì êîìïå, ñêàæåì, ïîä äåáèàíîì, à íà àñóñå ïðîáðîñèòü ïîðò?

**MMX2** · 22-10-2012, 14:35

Èòàê, ñåãîäíÿ ïðîâåðèë - ñ mtu íà ñåðâåðå 1400 âñå ðàáîòàåò êàê ÷àñû. Ïðè÷åì íå ïðèøëîñü äàæå òðîãàòü íàñòðîéêè êëèåíòà.
Ñïàñèáî çà ïîìîùü!

**kpush** · 24-10-2012, 18:53

Originally Posted by MMX2

Òàê ìîæåò è ïîäíÿòü OpenVPN íà ïîëíîöåííîì êîìïå, ñêàæåì, ïîä äåáèàíîì, à íà àñóñå ïðîáðîñèòü ïîðò?

ýòî íå êðóòî

Thread: Ïðîáëåìû ñ OpenVPN. Ïðîøó ïîìîùè!

Thread Tools

Rate This Thread

Display

OpenVPN íà RT-N16 êàê óâåëè÷èòü ïðîèçâîäèòåëüíîñòü?

Similar Threads

Óïðàâëåíèå UPS ïðè ïîìîùè apcupsd è nut

Îòïðàâêà SMS-îïîâåùåíèé ïðè ïîìîùè Google

OpenVPN â ñîñòàâå ïðîøèâêè îò ýíòóçèàñòîâ

HowTo install OpenVPN server

Tags for this Thread

Posting Permissions