有没有熟悉 openvpn 的同学给看看

openvpn 两边 service 都启动起来了 连接不成功,或者说一连上就被重置了,似乎是拒绝了
服务端的转发有开 /etc/sysctl.conf
服务端的端口 51199 是正常开放的
看日志 Connection reset, restarting [-1] 这个错误也找不到相关解释


服务端配置:
proto tcp-server
dev tun
port 51199
ifconfig 10.10.4.1 10.10.4.2
tls-server
remote-cert-tls client
tls-auth /etc/openvpn/server/ta.key 0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
cipher AES-128-CBC
comp-lzo adaptive
push "comp-lzo adaptive"
persist-tun
persist-key
verb 4
keepalive 10 60
user openvpn
group openvpn
log /var/log/openvpn_test.log
log-append /var/log/openvpn_test.log
route 192.168.144.0 255.255.248.0 vpn_gateway


客户端配置:
proto tcp-client
dev tun
remote x.x.x.x 51199
ifconfig 10.10.4.2 10.10.4.1
tls-client
remote-cert-tls server
tls-auth /etc/openvpn/server/ta.key 1
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh2048.pem
cipher AES-128-CBC
comp-lzo adaptive
persist-tun
persist-key
verb 4
keepalive 10 60
user openvpn
group openvpn
log /var/log/openvpn_us.log
log-append /var/log/openvpn_us.log
route 192.168.40.0 255.255.248.0 vpn_gateway



客户端日志:
2024-04-02 19:53:17 us=761923 Restart pause, 300 second(s)
2024-04-02 19:58:17 us=762021 Re-using SSL/TLS context
2024-04-02 19:58:17 us=762156 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-04-02 19:58:17 us=762173 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-04-02 19:58:17 us=762235 Control Channel MTU parms [ L:1559 D:1182 EF:68 EB:0 ET:0 EL:3 ]
2024-04-02 19:58:17 us=762253 Preserving previous TUN/TAP instance: tun4
2024-04-02 19:58:17 us=762271 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:395 ET:0 EL:3 ]
2024-04-02 19:58:17 us=762307 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,ifconfig 10.10.4.1 10.10.4.2,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2024-04-02 19:58:17 us=762319 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,ifconfig 10.10.4.2 10.10.4.1,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2024-04-02 19:58:17 us=762331 TCP/UDP: Preserving recently used remote address: [AF_INET]xxxx:51199
2024-04-02 19:58:17 us=762362 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-04-02 19:58:17 us=762371 Attempting to establish TCP connection with [AF_INET]xxxx:51199 [nonblock]
2024-04-02 19:58:17 us=937632 TCP connection established with [AF_INET]xxxx:51199
2024-04-02 19:58:17 us=937679 TCP_CLIENT link local: (not bound)
2024-04-02 19:58:17 us=937689 TCP_CLIENT link remote: [AF_INET]xxxx:51199
2024-04-02 19:58:18 us=791085 Connection reset, restarting [-1]
2024-04-02 19:58:18 us=791173 TCP/UDP: Closing socket
2024-04-02 19:58:18 us=791200 SIGUSR1[soft,connection-reset] received, process restarting
2024-04-02 19:58:18 us=791215 Restart pause, 300 second(s)


服务端日志
2024-04-02 19:58:18 us=709684 TCP connection established with [AF_INET]x.x.x.x:37360
2024-04-02 19:58:18 us=709738 TCPv4_SERVER link local (bound): [AF_INET][undef]:51199
2024-04-02 19:58:18 us=709745 TCPv4_SERVER link remote: [AF_INET]x.x.x.x:37360
2024-04-02 19:58:18 us=709757 Server poll timeout, restarting
2024-04-02 19:58:18 us=709799 TCP/UDP: Closing socket
2024-04-02 19:58:18 us=709860 SIGUSR1[soft,server_poll] received, process restarting
2024-04-02 19:58:18 us=709880 net_route_v4_best_gw query: dst 0.0.0.0
2024-04-02 19:58:18 us=709965 net_route_v4_best_gw result: via 192.168.40.253 dev eth0
2024-04-02 19:58:18 us=709996 Re-using SSL/TLS context
2024-04-02 19:58:18 us=710069 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-04-02 19:58:18 us=710081 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-04-02 19:58:18 us=710127 Control Channel MTU parms [ L:1559 D:1182 EF:68 EB:0 ET:0 EL:3 ]
2024-04-02 19:58:18 us=710194 Preserving previous TUN/TAP instance: tun0
2024-04-02 19:58:18 us=710205 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:395 ET:0 EL:3 ]
2024-04-02 19:58:18 us=710224 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,ifconfig 10.10.4.2 10.10.4.1,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2024-04-02 19:58:18 us=710229 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,ifconfig 10.10.4.1 10.10.4.2,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2024-04-02 19:58:18 us=710282 Could not determine IPv4/IPv6 protocol. Using AF_INET
2024-04-02 19:58:18 us=710300 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-04-02 19:58:18 us=710314 Listening for incoming TCP connection on [AF_INET][undef]:51199