저는 클라이언트가 몇 번 연결하고 연결을 끊을 때 발생하는 OpenVPN 서버의 연결 지연 문제를 해결하고 있습니다(보통 2~3회에 설명된 동작이 발생함). 이 문서의 서버/클라이언트 이름과 IP 주소가 수정되었습니다.
고객은 단지 필요걸다연결 후 다음과 같이 로그를 확인하세요.
Fri Mar 3 14:39:34 2017 OpenVPN 2.4.0 [git:master/f5bf296bacce76a8+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 29 2016
Fri Mar 3 14:39:34 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.08
Fri Mar 3 14:39:34 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.2:443
Fri Mar 3 14:39:34 2017 UDP link local (bound): [AF_INET][undef]:443
Fri Mar 3 14:39:34 2017 UDP link remote: [AF_INET]127.0.0.2:443
Fri Mar 3 14:39:34 2017 [SERVERNAME] Peer Connection Initiated with [AF_INET]127.0.0.2:443
이 지연 동안 서버 로그에는 다음이 표시됩니다.
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 TLS: new session incoming connection from [AF_INET]127.0.0.2:443
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 VERIFY OK: ~redacted
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 VERIFY OK: ~redacted
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_VER=2.4.0
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_PLAT=linux
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_PROTO=2
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_NCP=2
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_LZ4=1
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_LZ4v2=1
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_LZO=1
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_COMP_STUB=1
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_COMP_STUBv2=1
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 peer info: IV_TCPNL=1
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 TLS: tls_multi_process: untrusted session promoted to semi-trusted
Fri Mar 3 15:05:02 2017 CLIENTNAME/127.0.0.2:443 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4069 bit RSA
Fri Mar 3 15:05:03 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar 3 15:05:08 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar 3 15:05:13 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar 3 15:05:18 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar 3 15:05:23 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
Fri Mar 3 15:05:28 2017 CLIENTNAME/127.0.0.2:443 PUSH: Received control message: 'PUSH_REQUEST'
서버 구성 파일은 다음과 같습니다.
port 443
proto udp
dev tun
server 172.16.0.0 255.255.255.0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh4096.pem
tls-crypt /etc/openvpn/server/tls-crypt.key
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
auth SHA512
verb 3
comp-lzo
duplicate-cn
두 당사자 모두 Debian에서 OpenVPN 2.4.0 및 OpenSSL 1.0.2k를 사용합니다.
이러한 지연의 원인은 무엇이며 이를 방지/줄이는 방법은 무엇입니까?