Какая-то странная проблема у меня возникла с Openvpn, на одном из серверов постоянно сыплятся следующие ошибки в логах Openvpn:
Oct 27 22:13:44 zozulinci openvpn[1258]: OpenVPN 2.0.6 i386-portbld-freebsd8.0 [SSL] [LZO] built on Oct 25 2009
Oct 27 22:13:44 zozulinci openvpn[1258]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 27 22:13:44 zozulinci openvpn[1258]: WARNING: file '/usr/local/etc/openvpn/client.key' is group or others accessible
Oct 27 22:13:44 zozulinci openvpn[1258]: WARNING: file 'ta.key' is group or others accessible
Oct 27 22:13:44 zozulinci openvpn[1258]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Oct 27 22:13:44 zozulinci openvpn[1258]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Oct 27 22:13:44 zozulinci openvpn[1258]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Oct 27 22:13:44 zozulinci openvpn[1258]: LZO compression initialized
Oct 27 22:13:44 zozulinci openvpn[1258]: Control Channel MTU parms [ L:1538 D:162 EF:62 EB:0 ET:0 EL:0 ]
Oct 27 22:13:45 zozulinci openvpn[1258]: Data Channel MTU parms [ L:1538 D:1450 EF:38 EB:135 ET:0 EL:0 AF:3/1 ]
Oct 27 22:13:45 zozulinci openvpn[1258]: Local Options hash (VER=V4): '03fa487d'
Oct 27 22:13:45 zozulinci openvpn[1258]: Expected Remote Options hash (VER=V4): '1056bce3'
Oct 27 22:13:45 zozulinci openvpn[1259]: UDPv4 link local (bound): [undef]:1194
Oct 27 22:13:45 zozulinci openvpn[1259]: UDPv4 link remote: 95.134.119.205:1194
Oct 27 22:13:45 zozulinci openvpn[1259]: TLS: Initial packet from 95.134.119.205:1194, sid=a1d6b007 2c3faee8
Oct 27 22:14:29 zozulinci openvpn[1259]: event_wait : Interrupted system call (code=4)
Oct 27 22:14:29 zozulinci openvpn[1259]: TCP/UDP: Closing socket
Oct 27 22:14:29 zozulinci openvpn[1259]: SIGTERM[hard,] received, process exiting
Oct 27 22:14:29 zozulinci openvpn[1302]: OpenVPN 2.0.6 i386-portbld-freebsd8.0 [SSL] [LZO] built on Oct 25 2009
Oct 27 22:14:29 zozulinci openvpn[1302]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 27 22:14:29 zozulinci openvpn[1302]: WARNING: file '/usr/local/etc/openvpn/client.key' is group or others accessible
Oct 27 22:14:29 zozulinci openvpn[1302]: WARNING: file 'ta.key' is group or others accessible
Oct 27 22:14:29 zozulinci openvpn[1302]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Oct 27 22:14:29 zozulinci openvpn[1302]: Outgoing Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Oct 27 22:14:29 zozulinci openvpn[1302]: Incoming Control Channel Authentication: Using 128 bit message hash 'MD5' for HMAC authentication
Oct 27 22:14:29 zozulinci openvpn[1302]: LZO compression initialized
Oct 27 22:14:29 zozulinci openvpn[1302]: Control Channel MTU parms [ L:1538 D:162 EF:62 EB:0 ET:0 EL:0 ]
Oct 27 22:14:29 zozulinci openvpn[1302]: Data Channel MTU parms [ L:1538 D:1450 EF:38 EB:135 ET:0 EL:0 AF:3/1 ]
Oct 27 22:14:29 zozulinci openvpn[1302]: Local Options hash (VER=V4): '03fa487d'
Oct 27 22:14:29 zozulinci openvpn[1302]: Expected Remote Options hash (VER=V4): '1056bce3'
Oct 27 22:14:29 zozulinci openvpn[1303]: UDPv4 link local (bound): [undef]:1194
Oct 27 22:14:29 zozulinci openvpn[1303]: UDPv4 link remote: 95.134.119.205:1194
Oct 27 22:14:30 zozulinci openvpn[1303]: TLS: Initial packet from 95.134.119.205:1194, sid=79d54a37 f9f4fe02
Oct 27 22:14:33 zozulinci openvpn[1303]: VERIFY OK: depth=1, /C=UA/ST=Khmelnytskiy/L=Krasyliv/O=KRRVO/OU=Network/CN=core-router/emailAddress=admin@edu.kr.km.ua
Oct 27 22:14:33 zozulinci openvpn[1303]: VERIFY OK: depth=0, /C=UA/ST=Khmelnytskiy/O=KRRVO/OU=Network/CN=core-router/emailAddress=admin@edu.kr.km.ua
Oct 27 22:14:37 zozulinci routed[550]: static route 10.0.0.1/32 --> 94.153.98.71 impossibly lacks ifp
Oct 27 22:14:41 zozulinci openvpn[1303]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Oct 27 22:14:41 zozulinci openvpn[1303]: Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Oct 27 22:14:41 zozulinci openvpn[1303]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Oct 27 22:14:41 zozulinci openvpn[1303]: Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Oct 27 22:14:41 zozulinci openvpn[1303]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Oct 27 22:14:41 zozulinci openvpn[1303]: [core-router] Peer Connection Initiated with 95.134.119.205:1194
Oct 27 22:14:42 zozulinci openvpn[1303]: SENT CONTROL [core-router]: 'PUSH_REQUEST' (status=1)
Oct 27 22:14:43 zozulinci openvpn[1303]: PUSH: Received control message: 'PUSH_REPLY,route 172.16.1.224 255.255.255.224,ping 10,ping-restart 120,route 172.16.0.0 255.240.0.0,route 192.168.0.0 255.255.0.0,ping 10,ping-restart 120,ifconfig 172.16.1.230 172.16.1.229'
Oct 27 22:14:43 zozulinci openvpn[1303]: OPTIONS IMPORT: timers and/or timeouts modified
Oct 27 22:14:43 zozulinci openvpn[1303]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 27 22:14:43 zozulinci openvpn[1303]: OPTIONS IMPORT: route options modified
Oct 27 22:14:43 zozulinci openvpn[1303]: gw 10.0.0.1
Oct 27 22:14:43 zozulinci openvpn[1303]: TUN/TAP device /dev/tun1 opened
Oct 27 22:14:43 zozulinci kernel: tun1: link state changed to UP
Oct 27 22:14:43 zozulinci openvpn[1303]: /sbin/ifconfig tun1 172.16.1.230 172.16.1.229 mtu 1500 netmask 255.255.255.255 up
Oct 27 22:14:43 zozulinci routed[550]: write(rt_sock) RTM_ADD 172.16.1.229/32 -->172.16.1.230 metric=0 flags=0: File exists
Oct 27 22:14:43 zozulinci openvpn[1303]: FreeBSD ifconfig failed: shell command exited with error status: 1
Oct 27 22:14:43 zozulinci kernel: ifa_add_loopback_route: insertion failed
Oct 27 22:14:43 zozulinci kernel: ifa_del_loopback_route: deletion failed
Oct 27 22:14:43 zozulinci kernel: tun1: link state changed to DOWN
Oct 27 22:14:43 zozulinci openvpn[1303]: ExitingИ так практически постоянно, хотя иногда всетаки соединяеться хотя долго связь не держит.
Имею 3 рабочих удаленных сервера с Openvpn с ними все нормально, конфиги на всех идентичные, а этот 4-й ну никак не удаеться запустить нормально с аналогичным конфигом.
Что такое: WARNING: No server certificate verification method has been enabled.?
И как побороть: FreeBSD ifconfig failed: shell command exited with error status: 1? Весь прикол в том что иногда этот интерфейс нормально поднимаеться, но откуда береться этот File exists ума не приложу! Помогите разобраться.
|
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
(ok) on 27-Окт-09, 23:27 
