Есть проблема с настройкой openvpn. OpenVPN настроен и работает, то есть у меня есть доступ к удаленной сети, и я могу выполнять в ней необходимые мне операции. Однако постоянно идут пересоединения, что приводит к тому что в работе возникают затыки секунд на 5-15, что очень напрягает. Я определенно что-то сделал не так, но никак не могу понять. Ниже привожу конфиг и участок вывода openvpn.
Дистрибутив: KUbuntu 10.04
Конфиг openvpn:
Код: Выделить всё
# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
#dev-node router
;dev tap
dev tun
client
tls-client
proto tcp
remote vpn.cmc.msu.ru
port 1194
resolv-retry infinite
ns-cert-type server
#keepalive 10 120
ca /home/mike/openvpn/bluegene/ca.crt
cert /home/mike/openvpn/bluegene/client.crt
key /home/mike/openvpn/bluegene/client.key
tls-auth /home/mike/openvpn/bluegene/ta.key 1
route-method exe
route-delay 2
ping 5
ping-restart 10
ping-timer-rem
persist-key
persist-tun
comp-lzo
verb 3Отрывок вывода openvpn
Код: Выделить всё
Sun Sep 5 14:42:17 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Sep 5 14:42:17 2010 Re-using SSL/TLS context
Sun Sep 5 14:42:17 2010 LZO compression initialized
Sun Sep 5 14:42:17 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Sep 5 14:42:17 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Sep 5 14:42:17 2010 Local Options hash (VER=V4): 'ee93268d'
Sun Sep 5 14:42:17 2010 Expected Remote Options hash (VER=V4): 'bd577cd1'
Sun Sep 5 14:42:17 2010 Attempting to establish TCP connection with [AF_INET]212.192.248.36:1194 [nonblock]
Sun Sep 5 14:42:18 2010 TCP connection established with [AF_INET]212.192.248.36:1194
Sun Sep 5 14:42:18 2010 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Sep 5 14:42:18 2010 TCPv4_CLIENT link local: [undef]
Sun Sep 5 14:42:18 2010 TCPv4_CLIENT link remote: [AF_INET]212.192.248.36:1194
Sun Sep 5 14:42:18 2010 TLS: Initial packet from [AF_INET]212.192.248.36:1194, sid=37de06a2 2703aa3e
Sun Sep 5 14:42:20 2010 VERIFY OK: depth=1, /C=RU/ST=Moscow/L=Moscow/O=MSU_CMC/OU=CMC/CN=*****/name=*****/emailAddress=*****
Sun Sep 5 14:42:20 2010 VERIFY OK: nsCertType=SERVER
Sun Sep 5 14:42:20 2010 VERIFY OK: depth=0, /C=RU/ST=Moscow/L=Moscow/O=MSU_CMC/CN=server/emailAddress=*****
Sun Sep 5 14:42:22 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 5 14:42:22 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 5 14:42:22 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 5 14:42:22 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 5 14:42:22 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 5 14:42:22 2010 [server] Peer Connection Initiated with [AF_INET]212.192.248.36:1194
Sun Sep 5 14:42:24 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Sep 5 14:42:25 2010 PUSH: Received control message: 'PUSH_REPLY,route 10.3.0.0 255.255.0.0,route 10.6.6.96 255.255.255.240,route 10.6.7.0 255.255.255.0,dhcp-option DNS 10.3.0.1,route 10.20.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.20.205.37 10.20.205.38'
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: route options modified
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 5 14:42:25 2010 Preserving previous TUN/TAP instance: tun0
Sun Sep 5 14:42:25 2010 Initialization Sequence Completed
Sun Sep 5 14:42:33 2010 Connection reset, restarting [0]
Sun Sep 5 14:42:33 2010 TCP/UDP: Closing socket
Sun Sep 5 14:42:33 2010 SIGUSR1[soft,connection-reset] received, process restarting
Sun Sep 5 14:42:33 2010 Restart pause, 5 second(s)
