In Linux, OpenVPN is a good open source VPN, so it is widely used. However, many users have recently discovered that the OpenVPN service has exited abnormally many times. How to solve this problem? Today Xiaobian teaches you how to solve this problem.
cause of the problem analysis:
1. openvpn server (virtual machine) is not enough memory for only 2G memory
2. I /O is too high, because The reason why the log opens the DEBUG, a lot of write log operations,
3. The file descriptor is not enough, the system defaults to 1024
4. Someone maliciously attacks the openvpn service
4 o'clock, began to deal with:
1. The first choice is to adjust the openpvn server (virtual machine) memory to 4G, restarted and found that the openvpn service is abnormal after a few minutes of startup,
2 Adjusting the log to error, openvpn exits abnormally a few minutes after startup. View log found is
Feb 18 17:17:42 localhost openvpn[1219]: qn_anqiu/xxx.xxx.xxx.xx:27351 CRL: cannot read: /usr/local/cine/etc/keys/Crl.pem: Too many open files (errno=24)
3. There is an error log above, indicating that the third point of the guess is correct. Execute the command:
shell $” ulimit -SHn 65535
After starting the openvpn process, it does not exit again.
4. View the log and find that there is an IP requesting the openvpn server every minute. Filter this IP directly in iptables
Feb 16 13:06:16 localhost openvpn[1219]: 58.244.191.51:47374 WARNING: Bad encapsulated packet length from peer (18245), which must be 》 0 and " = 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this Condition could also indicate a possible active attack on the TCP link -- [Attemping restart. . ]
Feb 16 13:07:21 localhost openvpn[1219]: 58.244.191.51:6043 WARNING: Bad encapsulated packet length from peer (18245), which must be 》 0 and " = 1544 -- please ensure That --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attemping restart. . ]
After the above modification, after two days, openvpn is still abnormally dropped. After viewing the log, it is still an old problem:
Feb 18 17:17:42 localhost openvpn[1219]: qn_anqiu/Xxx.xxx.xxx.xx:27351 CRL: cannot read: /usr/local/cine/etc/keys/crl.pem: Too many open files (errno=24)
Even if the file descriptor process is open It should not be dropped. This means that the openvpn BUG, crl.pem is the logout certificate stored in the file. If the certificate verification is not valid, the openvpn service will refuse to connect. I currently have more than 800 clients. To connect, is it necessary to request that the file is not released for each connection? Isn't it enough to release 65,535 file descriptors?
In order to solve the problem, I have to modify the configuration file to remove the parameters of this verification logout certificate. After restarting the openvpn process, it is normal and there has been no problem. How to produce it requires further observation and research.
This is the way to solve the abnormal exit of the OpenVPN service. If you encounter such a problem, you may wish to try this solution.
Grub is a bootloader from the Gnu project. It is a multi-boot specification implementation that allo
In the Ubuntu system, there are users who have encountered garbled problems after setting up the Dem
An executable file is a portable executable file that is used for program execution
xmanager Passive can transfer graphics only when you log in to the ssh character in
How to deal with the problem of starting weblogic server error in Linux
Linux recovery steps for deleting files by lsof command
Linux mint how to solve the problem of no sound in the root login
How to install different versions of Linux system on the same computer
How to make RPM using FPM under Linux system
How to use the command to delete and create the Linux folder
How Linux uses the at command to perform tasks
How to install and configure Vim IDE for Linux systems
Does Linux use the ODBC method or the DBI way to install the R language extension package?
Linux how to use the whereis command to quickly find the file
WinXP play large game pop-up virtual memory shortage solution
Win10 touchpad gesture operation win10 touchpad gesture operation skills Daquan
What if the phone cannot connect to Win8?
Teach you to clear invalid icons in Windows7 notification area
Quick recovery of accidentally deleted files in the context of Win7 system
How to do Win3 system Direct3d function is not available
UWP version of "Voice Wake" on the app store: use Cortana to control PC switch machine
Excuse me, I used my brother's computer to buy gta5 on steam, then, after I go home, I can play