[linux-users: 108925] CentOS6.4 OpenVPN ブリッジ接続不調
Yoshinori Toba
toba @ blue.ocn.ne.jp
2013年 3月 23日 (土) 13:07:29 JST
戸羽 と申します。
先週、yum update したところ、膨大な数のアップデートがあり、
CentOS6.3 から CentOS6.4 へバージョンが上がった様子です。
そのあと、OpenVPN ブリッジ接続に異常が発生しました。
openvpn-2.2.2-1.el6.rf.x86_64.rpm をインストールしています。
接続は完了しているようなのですが、サーバからパケットが届かなく
なってしまいました。
接続先のブリッジインターフェース(br0)からの ping応答もありません。
解決方法やヒントなどをお持ちの方、ご教示いただけませんでしょうか。
クライアントPCは Windows8 Pro 64bit で、
OpenVPN 2.3.0 I005 (64bit) です。
接続後のログは以下です。
- - - - -
Wed Mar 20 11:38:46 2013 OpenVPN 2.3.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 7 2013
Enter Management Password:
Wed Mar 20 11:38:46 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Mar 20 11:38:46 2013 Need hold release from management interface, waiting...
Wed Mar 20 11:38:46 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'state on'
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'log all on'
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'hold off'
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'hold release'
Wed Mar 20 11:38:46 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Mar 20 11:38:46 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 20 11:38:47 2013 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,RESOLVE,,,
Wed Mar 20 11:38:47 2013 Attempting to establish TCP connection with [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,TCP_CONNECT,,,
Wed Mar 20 11:38:47 2013 TCP connection established with [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:47 2013 TCPv4_CLIENT link local: [undef]
Wed Mar 20 11:38:47 2013 TCPv4_CLIENT link remote: [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,WAIT,,,
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,AUTH,,,
Wed Mar 20 11:38:47 2013 TLS: Initial packet from [AF_INET]118.9.35.210:1194, sid=c3127ae2 9e1eeaa6
Wed Mar 20 11:38:47 2013 VERIFY OK: depth=1, C=JP, ST=Hokkaido, L=Sapporo, O=Mosra, CN=Mosra CA, emailAddress=xxx @ xxx.ne.jp
Wed Mar 20 11:38:47 2013 VERIFY OK: depth=0, C=JP, ST=Hokkaido, L=Sapporo, O=Mosra, CN=server, emailAddress=xxx @ xxx.ocn.ne.jp
Wed Mar 20 11:38:48 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 20 11:38:48 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 20 11:38:48 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 20 11:38:48 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 20 11:38:48 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 20 11:38:48 2013 [server] Peer Connection Initiated with [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:49 2013 MANAGEMENT: >STATE:1363747129,GET_CONFIG,,,
Wed Mar 20 11:38:51 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 20 11:38:51 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 192.168.1.80,ping 10,ping-restart 120,ifconfig 192.168.1.81 255.255.255.0'
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: route options modified
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: route-related options modified
Wed Mar 20 11:38:51 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar 20 11:38:51 2013 MANAGEMENT: >STATE:1363747131,ASSIGN_IP,,192.168.1.81,
Wed Mar 20 11:38:51 2013 open_tun, tt->ipv6=0
Wed Mar 20 11:38:51 2013 TAP-WIN32 device [ローカル エリア接続] opened: \\.\Global\{420EFCDD-AA51-448B-950E-F2E648FCC86D}.tap
Wed Mar 20 11:38:51 2013 TAP-Windows Driver Version 9.9
Wed Mar 20 11:38:51 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.1.81/255.255.255.0 on interface {420EFCDD-AA51-448B-950E-F2E648FCC86D} [DHCP-serv: 192.168.1.0, lease-time: 31536000]
Wed Mar 20 11:38:51 2013 Successful ARP Flush on interface [19] {420EFCDD-AA51-448B-950E-F2E648FCC86D}
Wed Mar 20 11:38:56 2013 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Mar 20 11:38:56 2013 MANAGEMENT: >STATE:1363747136,ADD_ROUTES,,,
Wed Mar 20 11:38:56 2013 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.1.80
Wed Mar 20 11:38:56 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Mar 20 11:38:56 2013 Route addition via IPAPI succeeded [adaptive]
Wed Mar 20 11:38:56 2013 Initialization Sequence Completed
Wed Mar 20 11:38:56 2013 MANAGEMENT: >STATE:1363747136,CONNECTED,SUCCESS,192.168.1.81,118.9.35.210
- - - - -
サーバ側
openvpn-2.2.2-1.el6.rf.x86_64
bridge-utils-1.2-10.el6.x86_64
# ifconfig
br0 Link encap:Ethernet HWaddr XX:XX:XX:02:69:BF
inet addr:192.168.1.80 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::226:87ff:fe02:69bf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32285 errors:0 dropped:0 overruns:0 frame:0
TX packets:909 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1172466 (1.1 MiB) TX bytes:47336 (46.2 KiB)
eth0 Link encap:Ethernet HWaddr XX:XX:XX:02:69:BF
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth1 Link encap:Ethernet HWaddr XX:XX:XX:42:A1:A1
inet addr:192.168.1.111 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:c90:8c62:c4a7:7271:bcff:fe42:a1a1/64 Scope:Global
inet6 addr: fe80::7271:bcff:fe42:a1a1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15817635 errors:0 dropped:0 overruns:0 frame:0
TX packets:10882596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14713650112 (13.7 GiB) TX bytes:3214474878 (2.9 GiB)
Interrupt:29 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3919 errors:0 dropped:0 overruns:0 frame:0
TX packets:3919 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:194355 (189.7 KiB) TX bytes:194355 (189.7 KiB)
tap0 Link encap:Ethernet HWaddr 86:D3:52:8F:38:C1
inet6 addr: fe80::84d3:52ff:fe8f:38c1/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:2487 errors:0 dropped:0 overruns:0 frame:0
TX packets:154 errors:0 dropped:3 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:152280 (148.7 KiB) TX bytes:10260 (10.0 KiB)
linux-users メーリングリストの案内