суть проблемы, есть 1 сервер и 4 клиента openvpn. 3 клиента прекрасно соединяются, на одном постоянные дисконнекты и как следствие пинг где то 1000. вот конфиги: server
local 192.168.1.2 port 1194 proto udp dev tun comp-lzo duplicate-cn client-to-client ca «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\ca.crt» cert «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\win0.crt» key «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\win0.key» dh «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem» tls-server tls-auth «C:\\Program files\\OpenVPN\\easy-rsa\\keys\\ta.key» 0 tls-timeout 120 server 192.168.10.0 255.255.255.0 ifconfig 192.168.10.2 192.168.10.20 route 192.168.10.0 255.255.255.0 push «route 192.168.10.0 255.255.255.0» keepalive 10 120 auth SHA1 cipher BF-CBC max-clients 5 persist-key persist-tun status «C:\\Program files\\OpenVPN\\log\\status.log» #log-append «C:\\Program files\\OpenVPN\\log\\openvpn.log» client-to-client verb 3
client
client dev tun remote хх.хх.хх.хх proto udp resolv-retry infinite nobind pull comp-lzo persist-key persist-tun verb 3 ns-cert-type server tls-auth «C:\\Program Files\\OpenVPN\\config\\ta.key» 1 ca «C:\\Program Files\\OpenVPN\\config\\ca.crt» cert «C:\\Program Files\\OpenVPN\\config\\client.crt» key «C:\\Program Files\\OpenVPN\\config\\client.key» auth SHA1 cipher BF-CBC route-method exe route-delay 2
перепробовал практически все, менял tun и tap режим, выдавал отдельный ключ, и через статичный пробовал, винду ставил новую(в смысле на клиента) файерволла нет ни на сервере ни на клиенте, сетевую карту пробовал другую, пробовал делать сервером как проблемную, так и другую машину. ничего не помогает. Что это может быть? Заранее спасибо. p/s/ Знаю что форум никсовый, но openvpn одинаково настраивается что в никсах, что в вин32.
вот листинг сервера:
Mon Nov 23 17:26:20 2009 Initialization Sequence Completed Mon Nov 23 17:26:22 2009 MULTI: multi_create_instance called Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Re-using SSL/TLS context Mon Nov 23 17:26:22 2009 77.45.157.238:3686 LZO compression initialized Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Local Options hash (VER=V4): '14168603' Mon Nov 23 17:26:22 2009 77.45.157.238:3686 Expected Remote Options hash (VER=V4): '504e774e' Mon Nov 23 17:26:22 2009 77.45.157.238:3686 TLS: Initial packet from 77.45.157.238:3686, sid=334ab5b7 3bb4f181 Mon Nov 23 17:26:23 2009 77.45.157.238:3686 VERIFY OK: depth=1, /C=RU/ST=VRN/L=VORONEZH/O=OpenVPN/CN=win0/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:23 2009 77.45.157.238:3686 VERIFY OK: depth=0, /C=RU/ST=VRN/O=OpenVPN/CN=client/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:23 2009 77.45.157.238:3686 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Nov 23 17:26:23 2009 77.45.157.238:3686 [client] Peer Connection Initiated with 77.45.157.238:3686 Mon Nov 23 17:26:23 2009 client/77.45.157.238:3686 MULTI: Learn: 192.168.10.6 -> client/77.45.157.238:3686 Mon Nov 23 17:26:23 2009 client/77.45.157.238:3686 MULTI: primary virtual IP for client/77.45.157.238:3686: 192.168.10.6 Mon Nov 23 17:26:26 2009 client/77.45.157.238:3686 PUSH: Received control message: 'PUSH_REQUEST' Mon Nov 23 17:26:26 2009 client/77.45.157.238:3686 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.6 192.168.10.5' (status=1) Mon Nov 23 17:26:46 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Mon Nov 23 17:26:55 2009 MULTI: multi_create_instance called Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Re-using SSL/TLS context Mon Nov 23 17:26:55 2009 77.45.157.238:3771 LZO compression initialized Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ] Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Local Options hash (VER=V4): '14168603' Mon Nov 23 17:26:55 2009 77.45.157.238:3771 Expected Remote Options hash (VER=V4): '504e774e' Mon Nov 23 17:26:55 2009 77.45.157.238:3771 TLS: Initial packet from 77.45.157.238:3771, sid=5ded75b6 f6e792d8 Mon Nov 23 17:26:56 2009 77.45.157.238:3771 VERIFY OK: depth=1, /C=RU/ST=VRN/L=VORONEZH/O=OpenVPN/CN=win0/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:56 2009 77.45.157.238:3771 VERIFY OK: depth=0, /C=RU/ST=VRN/O=OpenVPN/CN=client/emailAddress=12345@RAMBLER.RU Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 23 17:26:56 2009 77.45.157.238:3771 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Nov 23 17:26:56 2009 77.45.157.238:3771 [client] Peer Connection Initiated with 77.45.157.238:3771 Mon Nov 23 17:26:56 2009 client/77.45.157.238:3771 MULTI: Learn: 192.168.10.10 -> client/77.45.157.238:3771 Mon Nov 23 17:26:56 2009 client/77.45.157.238:3771 MULTI: primary virtual IP for client/77.45.157.238:3771: 192.168.10.10 Mon Nov 23 17:26:57 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) Mon Nov 23 17:26:59 2009 client/77.45.157.238:3771 PUSH: Received control message: 'PUSH_REQUEST' Mon Nov 23 17:26:59 2009 client/77.45.157.238:3771 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.10.10 192.168.10.9' (status=1) Mon Nov 23 17:27:07 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)