Здравствуйте уважаемые форумчане. Столкнулся с такой проблемой, пользователь ежедневно отваливается от соединения OpenVPN. Туннель при этом вроде как подключен, но внутри связи нет. После перезапуска службы, соединение восстанавливается. Вот что в логах:
Tue Jun 2 08:48:38 2020 37.194.193.160:51879 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 08:48:38 2020 37.194.193.160:51879 [arm109] Peer Connection Initiated with [AF_INET]37.194.193.160:51879
Tue Jun 2 08:48:38 2020 arm109/37.194.193.160:51879 MULTI_sva: pool returned IPv4=10.10.1.25, IPv6=(Not enabled)
Tue Jun 2 08:48:38 2020 arm109/37.194.193.160:51879 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 2 08:48:38 2020 arm109/37.194.193.160:51879 send_push_reply(): safe_cap=940
Tue Jun 2 08:48:38 2020 arm109/37.194.193.160:51879 SENT CONTROL [arm109]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,sndbuf 524288,rcvbuf 524288,route-gateway 10.10.1.1,ping 10,ping-restart 120,ifconfig 10.10.1.25 255.255.255.0' (status=1)
Tue Jun 2 08:48:38 2020 arm109/37.194.193.160:51879 MULTI: Learn: 00:ff:84:5d:7e:99 -> arm109/37.194.193.160:51879
Tue Jun 2 08:51:48 2020 37.194.193.160:59330 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 08:51:48 2020 37.194.193.160:59330 [arm109] Peer Connection Initiated with [AF_INET]37.194.193.160:59330
Tue Jun 2 08:51:48 2020 MULTI: new connection by client 'arm109' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Tue Jun 2 08:51:49 2020 arm109/37.194.193.160:59330 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 2 08:51:49 2020 arm109/37.194.193.160:59330 send_push_reply(): safe_cap=940
Tue Jun 2 08:51:49 2020 arm109/37.194.193.160:59330 SENT CONTROL [arm109]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,sndbuf 524288,rcvbuf 524288,route-gateway 10.10.1.1,ping 10,ping-restart 120,ifconfig 10.10.1.25 255.255.255.0' (status=1)
Tue Jun 2 08:51:49 2020 arm109/37.194.193.160:59330 MULTI: Learn: 00:ff:84:5d:7e:99 -> arm109/37.194.193.160:59330
Tue Jun 2 09:27:18 2020 37.194.193.160:53330 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 09:27:18 2020 37.194.193.160:53330 [arm109] Peer Connection Initiated with [AF_INET]37.194.193.160:53330
Tue Jun 2 09:27:18 2020 MULTI: new connection by client 'arm109' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Tue Jun 2 09:27:19 2020 arm109/37.194.193.160:53330 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 2 09:27:19 2020 arm109/37.194.193.160:53330 send_push_reply(): safe_cap=940
Tue Jun 2 09:27:19 2020 arm109/37.194.193.160:53330 SENT CONTROL [arm109]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,sndbuf 524288,rcvbuf 524288,route-gateway 10.10.1.1,ping 10,ping-restart 120,ifconfig 10.10.1.25 255.255.255.0' (status=1)
Tue Jun 2 09:27:19 2020 arm109/37.194.193.160:53330 MULTI: Learn: 00:ff:84:5d:7e:99 -> arm109/37.194.193.160:53330
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 TLS: soft reset sec=0 bytes=2252717225/0 pkts=2431319/0
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 VERIFY OK: depth=1, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=ca, name=ca, emailAddress=s_admin@icgipar.ru
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 10:27:18 2020 arm109/37.194.193.160:53330 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jun 2 11:27:17 2020 arm109/37.194.193.160:53330 VERIFY OK: depth=1, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=ca, name=ca, emailAddress=s_admin@icgipar.ru
Tue Jun 2 11:27:17 2020 arm109/37.194.193.160:53330 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 11:27:17 2020 arm109/37.194.193.160:53330 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 11:27:17 2020 arm109/37.194.193.160:53330 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 11:27:17 2020 arm109/37.194.193.160:53330 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 11:27:17 2020 arm109/37.194.193.160:53330 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 11:27:17 2020 arm109/37.194.193.160:53330 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 TLS: soft reset sec=0 bytes=215710634/0 pkts=270354/0
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 VERIFY OK: depth=1, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=ca, name=ca, emailAddress=s_admin@icgipar.ru
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 12:27:17 2020 arm109/37.194.193.160:53330 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jun 2 13:28:16 2020 arm109/37.194.193.160:53330 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 2 13:28:16 2020 arm109/37.194.193.160:53330 TLS Error: TLS handshake failed
Tue Jun 2 13:28:16 2020 arm109/37.194.193.160:53330 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
Tue Jun 2 13:28:31 2020 arm109/37.194.193.160:53330 TLS: Initial packet from [AF_INET]37.194.193.160:53330, sid=a5a4b445 b9454bdc
Tue Jun 2 13:29:31 2020 arm109/37.194.193.160:53330 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 2 13:29:31 2020 arm109/37.194.193.160:53330 TLS Error: TLS handshake failed
Tue Jun 2 13:30:02 2020 37.194.193.160:63668 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 13:30:02 2020 37.194.193.160:63668 [arm109] Peer Connection Initiated with [AF_INET]37.194.193.160:63668
Tue Jun 2 13:30:02 2020 arm109/37.194.193.160:63668 MULTI_sva: pool returned IPv4=10.10.1.48, IPv6=(Not enabled)
Tue Jun 2 13:30:03 2020 arm109/37.194.193.160:63668 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 2 13:30:03 2020 arm109/37.194.193.160:63668 send_push_reply(): safe_cap=940
Tue Jun 2 13:30:03 2020 arm109/37.194.193.160:63668 SENT CONTROL [arm109]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,sndbuf 524288,rcvbuf 524288,route-gateway 10.10.1.1,ping 10,ping-restart 120,ifconfig 10.10.1.48 255.255.255.0' (status=1)
Tue Jun 2 13:30:03 2020 arm109/37.194.193.160:63668 MULTI: Learn: 00:ff:84:5d:7e:99 -> arm109/37.194.193.160:63668
Tue Jun 2 13:30:46 2020 arm109/37.194.193.160:53330 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 2 13:30:46 2020 arm109/37.194.193.160:53330 TLS Error: TLS handshake failed
Tue Jun 2 13:32:01 2020 arm109/37.194.193.160:53330 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 2 13:32:01 2020 arm109/37.194.193.160:53330 TLS Error: TLS handshake failed
Tue Jun 2 13:33:16 2020 arm109/37.194.193.160:53330 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 2 13:33:16 2020 arm109/37.194.193.160:53330 TLS Error: TLS handshake failed
Tue Jun 2 13:33:42 2020 arm109/37.194.193.160:53330 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Jun 2 13:33:42 2020 arm109/37.194.193.160:53330 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 TLS: soft reset sec=0 bytes=2457421938/0 pkts=2600509/0
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 VERIFY OK: depth=1, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=ca, name=ca, emailAddress=s_admin@icgipar.ru
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 14:30:02 2020 arm109/37.194.193.160:63668 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 TLS: soft reset sec=0 bytes=1048504348/0 pkts=1176743/0
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 VERIFY OK: depth=1, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=ca, name=ca, emailAddress=s_admin@icgipar.ru
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 2 15:30:02 2020 arm109/37.194.193.160:63668 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jun 2 16:30:02 2020 arm109/37.194.193.160:63668 TLS: soft reset sec=0 bytes=1191326813/0 pkts=1302428/0
Tue Jun 2 16:31:02 2020 arm109/37.194.193.160:63668 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 2 16:31:02 2020 arm109/37.194.193.160:63668 TLS Error: TLS handshake failed
Tue Jun 2 16:31:02 2020 arm109/37.194.193.160:63668 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
Tue Jun 2 16:31:18 2020 arm109/37.194.193.160:63668 TLS: Initial packet from [AF_INET]37.194.193.160:63668, sid=cda30466 7d3b9916
Tue Jun 2 16:32:17 2020 arm109/37.194.193.160:63668 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 2 16:32:17 2020 arm109/37.194.193.160:63668 TLS Error: TLS handshake failed
Tue Jun 2 16:32:33 2020 arm109/37.194.193.160:63668 TLS: Initial packet from [AF_INET]37.194.193.160:63668, sid=cf900aca 2cf5f7b0
Tue Jun 2 16:33:08 2020 37.194.193.160:65160 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 16:33:08 2020 37.194.193.160:65160 [arm109] Peer Connection Initiated with [AF_INET]37.194.193.160:65160
Tue Jun 2 16:33:08 2020 arm109/37.194.193.160:65160 MULTI_sva: pool returned IPv4=10.10.1.25, IPv6=(Not enabled)
Tue Jun 2 16:33:09 2020 arm109/37.194.193.160:65160 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 2 16:33:09 2020 arm109/37.194.193.160:65160 send_push_reply(): safe_cap=940
Tue Jun 2 16:33:09 2020 arm109/37.194.193.160:65160 SENT CONTROL [arm109]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,sndbuf 524288,rcvbuf 524288,route-gateway 10.10.1.1,ping 10,ping-restart 120,ifconfig 10.10.1.25 255.255.255.0' (status=1)
Tue Jun 2 16:33:19 2020 37.194.193.160:54308 VERIFY OK: depth=0, C=RU, ST=RU, L=Novosibirsk, O=ICGIPAR, CN=arm109, emailAddress=s_admin@icgipar.ru
Tue Jun 2 16:33:19 2020 37.194.193.160:54308 [arm109] Peer Connection Initiated with [AF_INET]37.194.193.160:54308
Tue Jun 2 16:33:19 2020 MULTI: new connection by client 'arm109' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Tue Jun 2 16:33:20 2020 arm109/37.194.193.160:54308 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 2 16:33:20 2020 arm109/37.194.193.160:54308 send_push_reply(): safe_cap=940
Tue Jun 2 16:33:20 2020 arm109/37.194.193.160:54308 SENT CONTROL [arm109]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,sndbuf 524288,rcvbuf 524288,route-gateway 10.10.1.1,ping 10,ping-restart 120,ifconfig 10.10.1.25 255.255.255.0' (status=1)
Tue Jun 2 16:33:20 2020 arm109/37.194.193.160:54308 MULTI: Learn: 00:ff:84:5d:7e:99 -> arm109/37.194.193.160:54308
Проблема была в часов 10 утра и в 13 дня. Я так понял что меняется исходящий порт.. но не понимаю что с этим делать.