Moin!
Ich habe auf meinem Server (Synology DS710+) einen OpenVPN-Server laufen.
Wenn ich von meinem openSUSE 12.1-Client "openvpn --config openvpn.ovpn" eingebe, dann wird anfangs eine VPN-Verbindung hergestellt, die auch prächtig funktioniert.
Soweit so gut. Nun meine Probleme:
1.)
Doch nach einiger Zeit kommt es zu einem Inactivity-Timeout. Alle Versuche des Clients die Verbindung wieder herzustellen, scheitern, siehe
openvpn --config openvpn.ovpn
Fri Mar 23 13:28:05 2012 OpenVPN 2.2.1 x86_64-suse-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jul 1 2011
Enter Auth Username: *****
Enter Auth Password: ******************
Fri Mar 23 13:28:26 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Mar 23 13:28:26 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Mar 23 13:28:26 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 23 13:28:26 2012 LZO compression initialized
Fri Mar 23 13:28:28 2012 UDPv4 link local (bound): [undef]:1194
Fri Mar 23 13:28:28 2012 UDPv4 link remote: 80.171.99.26:1194
Fri Mar 23 13:28:28 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Mar 23 13:28:29 2012 [Snake_Oil_CA] Peer Connection Initiated with 80.171.99.26:1194
Fri Mar 23 13:28:31 2012 TUN/TAP device tun0 opened
Fri Mar 23 13:28:31 2012 /bin/ip link set dev tun0 up mtu 1500
Fri Mar 23 13:28:31 2012 /bin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Fri Mar 23 13:28:31 2012 Initialization Sequence Completed
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:28:48 2012 write UDPv4 []: No buffer space available (code=105)
Fri Mar 23 13:55:36 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:55:37 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:55:37 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:55:39 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:55:42 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:55:48 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:55:59 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:56:01 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:56:10 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:56:21 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Fri Mar 23 13:56:27 2012 TCP/UDP: Incoming packet rejected from 80.171.99.81:1194[2], expected peer address: 80.171.99.26:1194 (allow this incoming source address/port by removing --remote or adding --float)
Alles anzeigen
Wenn ich openvpn beende und dann versuche es händisch wieder zu starten, funzt es auch nicht. Woran könnte es liegen? Übrigens: Die IP-Adresse meines Clients als auch die meines Servers sind während des Beobachtungszeitraums konstant geblieben - auch wenn das Logfile etwas anderes meint!
2.) Dieses ist der Inhalt der openvpn.ovpn. Was muss ich wo im nm-applet einstellen, dass ich darüber die OpenVPN-Verbindung herstellen und abbauen kann?
more openvpn.ovpn
dev tun
tls-client
remote <meine-sundomain>.zapto.org 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
Alles anzeigen