使用Azure VPN网关的OpenVPN每分钟至少断开一次连接

Question

我已经使用OpenVPN和OpenVPN连接到Azure VPN网关(虚拟网络网关)。这是一个基于证书的点2站点设置。这种连接是有效的，除了它几乎每隔一分钟就会断开连接和重新连接(我不是在夸张)！

这是来自OpenVPN连接客户端的日志(出于隐私原因，我删除了公共IP地址和URL)。

29.4.2021, 10:54:40 Session invalidated: KEEPALIVE_TIMEOUT
⏎29.4.2021, 10:54:40 Client terminated, restarting in 2000 ms...
⏎29.4.2021, 10:54:40 SetupClient: signaling tun destroy event
⏎29.4.2021, 10:54:42 EVENT: RECONNECTING ⏎29.4.2021, 10:54:42 EVENT: RESOLVE ⏎29.4.2021, 10:54:42 EVENT: WAIT ⏎29.4.2021, 10:54:42 WinCommandAgent: transmitting bypass route to ---
{
    "host" : "---",
    "ipv6" : false
}

⏎29.4.2021, 10:54:42 Connecting to [---]:443 (---) via TCPv4
⏎29.4.2021, 10:54:42 EVENT: CONNECTING ⏎29.4.2021, 10:54:42 Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client
⏎29.4.2021, 10:54:42 Creds: UsernameEmpty/PasswordEmpty
⏎29.4.2021, 10:54:42 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.2.3-1851
IV_SSO=openurl

⏎29.4.2021, 10:54:42 SSL Handshake: CN=---, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
⏎29.4.2021, 10:54:42 Session is ACTIVE
⏎29.4.2021, 10:54:42 EVENT: GET_CONFIG ⏎29.4.2021, 10:54:42 Sending PUSH_REQUEST to server...
⏎29.4.2021, 10:54:42 EVENT: ASSIGN_IP ⏎29.4.2021, 10:54:42 OPTIONS:
0 [route] [10.0.1.0] [255.255.255.0] 
1 [route] [10.0.0.0] [255.255.255.0] 
2 [route-gateway] [10.0.3.1] 
3 [topology] [subnet] 
4 [ifconfig] [10.0.3.3] [255.255.255.0] 
5 [cipher] [AES-256-GCM] 

⏎29.4.2021, 10:54:42 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  compress: NONE
  peer ID: -1
⏎29.4.2021, 10:54:42 CAPTURED OPTIONS:
Session Name: ---
Layer: OSI_LAYER_3
Remote Address: ---
Tunnel Addresses:
  10.0.3.3/24 -> 10.0.3.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
  10.0.1.0/24
  10.0.0.0/24
Exclude Routes:
DNS Servers:
Search Domains:

⏎29.4.2021, 10:54:43 SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
    "confirm_event" : "080c000000000000",
    "destroy_event" : "fc0b000000000000",
    "tun" : 
    {
        "adapter_domain_suffix" : "",
        "add_routes" : 
        [
            {
                "address" : "10.0.1.0",
                "gateway" : "",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 24
            },
            {
                "address" : "10.0.0.0",
                "gateway" : "",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 24
            }
        ],
        "block_ipv6" : false,
        "layer" : 3,
        "mtu" : 0,
        "remote_address" : 
        {
            "address" : "---",
            "ipv6" : false
        },
        "reroute_gw" : 
        {
            "flags" : 256,
            "ipv4" : false,
            "ipv6" : false
        },
        "route_metric_default" : -1,
        "session_name" : "---",
        "tunnel_address_index_ipv4" : 0,
        "tunnel_address_index_ipv6" : -1,
        "tunnel_addresses" : 
        [
            {
                "address" : "10.0.3.3",
                "gateway" : "10.0.3.1",
                "ipv6" : false,
                "metric" : -1,
                "net30" : false,
                "prefix_length" : 24
            }
        ]
    },
    "wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{B8EEBC7D-DB5C-4060-9588-97ECEE24AE24}' index=22 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{B8EEBC7D-DB5C-4060-9588-97ECEE24AE24}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=22
netsh interface ip set interface 22 metric=1
Ok.
netsh interface ip set address 22 static 10.0.3.3 255.255.255.0 gateway=10.0.3.1 store=active
IPHelper: add route 10.0.1.0/24 22 10.0.3.1 metric=-1
IPHelper: add route 10.0.0.0/24 22 10.0.3.1 metric=-1
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 340d000000000000
⏎29.4.2021, 10:54:43 Connected via TUN_WIN
⏎29.4.2021, 10:54:43 EVENT: CONNECTED ---:443 (---) via /TCPv4 on TUN_WIN/10.0.3.3/ gw=[10.0.3.1/]⏎

有谁知道这是怎么回事吗？

Answer 1

不完全确定，但我在配置了Azure证书的VPN上获得了相同的行为。但是，如果您返回到使用OpenVPN程序的v2，情况似乎要简单得多。它连接并保持连接，没有问题。我知道Azure不会故意切断你与他们之间的联系。

我会检查你的OpenVPN版本。

有3个版本(其中2个仍在使用中，正在发布中)可能与此有关。^_^

网址：https://openvpn.net/downloads/openvpn-connect-v3-windows.msi：

1. v3 -简称"OpenVPN连接“

1. v2 -此处为"OpenVPN连接客户端“网址：https://openvpn.net/downloads/openvpn-connect-v2-windows.msi

Picture of explanation of Versions

Showing the download of v3 and v2

下载可以在他们的下载页面上找到。“不要与Community Edition下载页面混淆。”或者如上所示。Click either Download to download the latest v3 version or Click on the Alternate Versions

我注意到3.2.1版本对于某些人来说是完美的。当我更新到3.3.X时，我们的Azure甚至无法连接，因为它无法验证证书。祝你一路走好！

Answer 2

我也遇到过类似的问题，在看到“会话无效: KEEPALIVE_TIMEOUT”日志消息后，我尽了最大努力向OpenVPN服务器发送持续不间断的ping "-t“，以保持通信活动。它看起来很有魔力，但我给它“死亡的ping”让它活着！