Артём Анатольевич Posted November 11, 2020 Share Posted November 11, 2020 Добрый день, есть OpenVPN сервер на роутере микротик, есть клиент на Keenetic 4G (KN-1210), подключение осуществляется, но раз в минуту выбивает, в логах кинетика видно что клиент дисконектиться и все. В консоли микротика пишет следующее. 14:32:08 echo: ovpn,debug,error,,,,,,,,,l2tp,info,,derning duplicate packet, dropping При этом паралельно к микротику подключен комп с клиентом openVPN и там таких проблем нет. Конфиг на кинетике client dev tun proto tcp remote IP ADDR 1194 resolv-retry infinite nobind persist-key persist-tun cipher aes-256-cbc auth sha1 tls-client remote-cert-tls server <auth-user-pass> user pass </auth-user-pass> comp-lzo verb 1 reneg-sec 0 disable-occ <ca> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- </cert> <key> -----BEGIN ENCRYPTED PRIVATE KEY----- -----END ENCRYPTED PRIVATE KEY----- </key> Закрытый ключ выгружался с микротика с паролем, но пароль был задан password как указано на сайте кинетика, что если сертификат с паролем, то воспринимается только такой пароль. Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted November 11, 2020 Share Posted November 11, 2020 А в логах-то что? Quote Link to comment Share on other sites More sharing options...
Артём Анатольевич Posted November 11, 2020 Author Share Posted November 11, 2020 Вычленял, вот лог подключения, вроде бы ничего не упустил от начала до конца. [I] Nov 11 14:23:58 OpenVPN0: OpenVPN 2.4.6 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD] [I] Nov 11 14:23:58 OpenVPN0: library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10 [W] Nov 11 14:23:58 OpenVPN0: using default password "password" for pkcs file [I] Nov 11 14:23:58 OpenVPN0: Attempting to establish TCP connection with [AF_INET]VPN SERV:1194 [nonblock] [I] Nov 11 14:23:59 OpenVPN0: TCP connection established with [AF_INET]VPN SERV:1194 [I] Nov 11 14:23:59 OpenVPN0: TCP_CLIENT link local: (not bound) [I] Nov 11 14:23:59 OpenVPN0: TCP_CLIENT link remote: [AF_INET]VPN SERV:1194 [I] Nov 11 14:23:59 OpenVPN0: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay [I] Nov 11 14:24:03 OpenVPN0: [ovpn-server] Peer Connection Initiated with [AF_INET]VPN SERV:1194 [I] Nov 11 14:24:03 ndm: Network::Interface::OpenVpn: "OpenVPN0": connecting via ISP (FastEthernet0/Vlan2). [I] Nov 11 14:24:03 ndm: Network::Interface::OpenVpn: "OpenVPN0": added host route to remote endpoint VPN SERV via VPN CLIENT. [I] Nov 11 14:24:15 OpenVPN0: TUN/TAP device tun0 opened [I] Nov 11 14:24:15 OpenVPN0: do_ifconfig, tt->did_ifconfig_ipv6_setup=0 [I] Nov 11 14:24:15 ndm: Network::Interface::Ip: "OpenVPN0": IP address is 172.16.10.187/24. [I] Nov 11 14:24:15 OpenVPN0: GID set to nobody [I] Nov 11 14:24:15 OpenVPN0: UID set to nobody [I] Nov 11 14:24:15 OpenVPN0: Initialization Sequence Completed [I] Nov 11 14:24:16 ndm: Http::Nginx: loaded SSL certificate for "f214fee853903e5610c69e76.keenetic.io". [I] Nov 11 14:24:16 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 11 14:24:16 ndm: Core::Session: client disconnected. [I] Nov 11 14:24:16 ndm: Http::Manager: updated configuration. [I] Nov 11 14:24:16 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 11 14:24:16 ndm: Core::Session: client disconnected. [I] Nov 11 14:25:15 OpenVPN0: [ovpn-server] Inactivity timeout (--ping-restart), restarting [I] Nov 11 14:25:15 OpenVPN0: SIGUSR1[soft,ping-restart] received, process restarting [I] Nov 11 14:25:15 ndm: Network::Interface::Ip: "OpenVPN0": IP address cleared. [I] Nov 11 14:25:15 OpenVPN0: SIGINT[hard,init_instance] received, process exiting [I] Nov 11 14:25:16 ndm: Http::Nginx: loaded SSL certificate for "f214fee853903e5610c69e76.keenetic.io". [I] Nov 11 14:25:17 ndm: Core::Server: started Session /var/run/ndm.core.socket. [I] Nov 11 14:25:17 ndm: Core::Session: client disconnected. Quote Link to comment Share on other sites More sharing options...
Le ecureuil Posted November 11, 2020 Share Posted November 11, 2020 Цитата [I] Nov 11 14:25:15 OpenVPN0: [ovpn-server] Inactivity timeout (--ping-restart), restarting При таком сообщении предположить что-то, кроме проверки связи с сервером затруднительно. Quote Link to comment Share on other sites More sharing options...
Артём Анатольевич Posted November 11, 2020 Author Share Posted November 11, 2020 да но IP VPN получаю... Сервер подключение тоже видит. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.