[linux-users: 108925] CentOS6.4 OpenVPN ブリッジ接続不調

Yoshinori Toba toba @ blue.ocn.ne.jp
2013年 3月 23日 (土) 13:07:29 JST


戸羽 と申します。

先週、yum update したところ、膨大な数のアップデートがあり、
CentOS6.3 から CentOS6.4 へバージョンが上がった様子です。
そのあと、OpenVPN ブリッジ接続に異常が発生しました。
openvpn-2.2.2-1.el6.rf.x86_64.rpm をインストールしています。
接続は完了しているようなのですが、サーバからパケットが届かなく
なってしまいました。
接続先のブリッジインターフェース(br0)からの ping応答もありません。

解決方法やヒントなどをお持ちの方、ご教示いただけませんでしょうか。

クライアントPCは Windows8 Pro 64bit で、
OpenVPN 2.3.0 I005 (64bit) です。
接続後のログは以下です。
- - - - -
Wed Mar 20 11:38:46 2013 OpenVPN 2.3.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar  7 2013
Enter Management Password:
Wed Mar 20 11:38:46 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Mar 20 11:38:46 2013 Need hold release from management interface, waiting...
Wed Mar 20 11:38:46 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'state on'
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'log all on'
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'hold off'
Wed Mar 20 11:38:46 2013 MANAGEMENT: CMD 'hold release'
Wed Mar 20 11:38:46 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Mar 20 11:38:46 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 20 11:38:47 2013 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,RESOLVE,,,
Wed Mar 20 11:38:47 2013 Attempting to establish TCP connection with [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,TCP_CONNECT,,,
Wed Mar 20 11:38:47 2013 TCP connection established with [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:47 2013 TCPv4_CLIENT link local: [undef]
Wed Mar 20 11:38:47 2013 TCPv4_CLIENT link remote: [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,WAIT,,,
Wed Mar 20 11:38:47 2013 MANAGEMENT: >STATE:1363747127,AUTH,,,
Wed Mar 20 11:38:47 2013 TLS: Initial packet from [AF_INET]118.9.35.210:1194, sid=c3127ae2 9e1eeaa6
Wed Mar 20 11:38:47 2013 VERIFY OK: depth=1, C=JP, ST=Hokkaido, L=Sapporo, O=Mosra, CN=Mosra CA, emailAddress=xxx @ xxx.ne.jp
Wed Mar 20 11:38:47 2013 VERIFY OK: depth=0, C=JP, ST=Hokkaido, L=Sapporo, O=Mosra, CN=server, emailAddress=xxx @ xxx.ocn.ne.jp
Wed Mar 20 11:38:48 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 20 11:38:48 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 20 11:38:48 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 20 11:38:48 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 20 11:38:48 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 20 11:38:48 2013 [server] Peer Connection Initiated with [AF_INET]118.9.35.210:1194
Wed Mar 20 11:38:49 2013 MANAGEMENT: >STATE:1363747129,GET_CONFIG,,,
Wed Mar 20 11:38:51 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 20 11:38:51 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 192.168.1.80,ping 10,ping-restart 120,ifconfig 192.168.1.81 255.255.255.0'
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: route options modified
Wed Mar 20 11:38:51 2013 OPTIONS IMPORT: route-related options modified
Wed Mar 20 11:38:51 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar 20 11:38:51 2013 MANAGEMENT: >STATE:1363747131,ASSIGN_IP,,192.168.1.81,
Wed Mar 20 11:38:51 2013 open_tun, tt->ipv6=0
Wed Mar 20 11:38:51 2013 TAP-WIN32 device [ローカル エリア接続] opened: \\.\Global\{420EFCDD-AA51-448B-950E-F2E648FCC86D}.tap
Wed Mar 20 11:38:51 2013 TAP-Windows Driver Version 9.9 
Wed Mar 20 11:38:51 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.1.81/255.255.255.0 on interface {420EFCDD-AA51-448B-950E-F2E648FCC86D} [DHCP-serv: 192.168.1.0, lease-time: 31536000]
Wed Mar 20 11:38:51 2013 Successful ARP Flush on interface [19] {420EFCDD-AA51-448B-950E-F2E648FCC86D}
Wed Mar 20 11:38:56 2013 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Mar 20 11:38:56 2013 MANAGEMENT: >STATE:1363747136,ADD_ROUTES,,,
Wed Mar 20 11:38:56 2013 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.1.80
Wed Mar 20 11:38:56 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Mar 20 11:38:56 2013 Route addition via IPAPI succeeded [adaptive]
Wed Mar 20 11:38:56 2013 Initialization Sequence Completed
Wed Mar 20 11:38:56 2013 MANAGEMENT: >STATE:1363747136,CONNECTED,SUCCESS,192.168.1.81,118.9.35.210
- - - - -

サーバ側
openvpn-2.2.2-1.el6.rf.x86_64
bridge-utils-1.2-10.el6.x86_64

# ifconfig
br0       Link encap:Ethernet  HWaddr XX:XX:XX:02:69:BF
          inet addr:192.168.1.80  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::226:87ff:fe02:69bf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:32285 errors:0 dropped:0 overruns:0 frame:0
          TX packets:909 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1172466 (1.1 MiB)  TX bytes:47336 (46.2 KiB)

eth0      Link encap:Ethernet  HWaddr XX:XX:XX:02:69:BF
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth1      Link encap:Ethernet  HWaddr XX:XX:XX:42:A1:A1
          inet addr:192.168.1.111  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:c90:8c62:c4a7:7271:bcff:fe42:a1a1/64 Scope:Global
          inet6 addr: fe80::7271:bcff:fe42:a1a1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15817635 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10882596 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14713650112 (13.7 GiB)  TX bytes:3214474878 (2.9 GiB)
          Interrupt:29 Base address:0xa000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3919 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3919 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:194355 (189.7 KiB)  TX bytes:194355 (189.7 KiB)

tap0      Link encap:Ethernet  HWaddr 86:D3:52:8F:38:C1
          inet6 addr: fe80::84d3:52ff:fe8f:38c1/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:2487 errors:0 dropped:0 overruns:0 frame:0
          TX packets:154 errors:0 dropped:3 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:152280 (148.7 KiB)  TX bytes:10260 (10.0 KiB)




linux-users メーリングリストの案内