openvpn开机rc_startup运行后自动退出

GoogleCodeExporter commented 8 years ago

請描述一下您進行怎樣的操作之後碰到了問題：
openvpn用rc_startup启动
rc_startup=date -s "2010-07-29 12:00:00"; openvpn --config 
/jffs/openvpn/openvpn.conf --daemon &

问题：dd-wrt启动过程中，telnet上去看到openvpn是自动启动并正�
��添加路由。
但启动完成后，openvpn就消失了
root@DD-WRT:~# ps
  PID USER       VSZ STAT COMMAND
    1 root      1468 S    /sbin/init noinitrd 
    2 root         0 SW   [keventd]
    3 root         0 SWN  [ksoftirqd_CPU0]
    4 root         0 SW   [kswapd]
    5 root         0 SW   [bdflush]
    6 root         0 SW   [kupdated]
    9 root         0 SW   [mtdblockd]
   13 root      1504 S    watchdog 
   67 root         0 SWN  [jffs2_gcd_mtd4]
   98 root      1464 S    resetbutton 
  150 root      1172 S    telnetd 
  171 root       816 S    dnsmasq --conf-file=/tmp/dnsmasq.conf 
  198 root      2536 S    httpd -p 80 
  205 root      1676 S    pppd file /tmp/ppp/options.pppoe 
  206 root      1504 S    /tmp/ppp/redial 30 
  219 root      1460 S    ttraff 
  396 root      1460 S    process_monitor 
  649 root      1536 S    upnp -D -W ppp0 
 1932 root      1460 S    wland 
 2256 root      1192 S    -sh 
 2287 root      1176 R    ps 

手工再运行一次openvpn --config /jffs/openvpn/openvpn.conf --daemon &

root@DD-WRT:~# ps
  PID USER       VSZ STAT COMMAND
    1 root      1468 S    /sbin/init noinitrd 
    2 root         0 SW   [keventd]
    3 root         0 RWN  [ksoftirqd_CPU0]
    4 root         0 SW   [kswapd]
    5 root         0 SW   [bdflush]
    6 root         0 SW   [kupdated]
    9 root         0 SW   [mtdblockd]
   13 root      1504 S    watchdog 
   67 root         0 SWN  [jffs2_gcd_mtd4]
   98 root      1464 S    resetbutton 
  150 root      1172 S    telnetd 
  171 root       816 S    dnsmasq --conf-file=/tmp/dnsmasq.conf 
  198 root      2536 S    httpd -p 80 
  205 root      1676 S    pppd file /tmp/ppp/options.pppoe 
  206 root      1504 S    /tmp/ppp/redial 30 
  219 root      1460 S    ttraff 
  396 root      1460 S    process_monitor 
  649 root      1536 S    upnp -D -W ppp0 
 1932 root      1460 S    wland 
 2256 root      1192 S    -sh 
 2299 root      2512 S    openvpn --config /jffs/openvpn/openvpn.conf --daemon 
 2303 root      1176 R    ps 

請提供以下資訊：
1. DD-WRT v24-sp2 Release: 11/02/09 (SVN revision: 13064)
2. autoddvpn的連線模式：openvpn+jffs
3. autoddvpn的運行模式：graceMode
4. DD-WRT WAN口連線模式是 PPPoE ：

开机后的autoddvpn.log
-------------------------start------------------------
root@DD-WRT:/tmp# cat /tmp/autoddvpn.log 
[INFO#642] 26/May/2011:22:02:53 vpnup.sh started
[INFO#642] 26/May/2011:22:02:54 adding the static routes, this may take a while.
[INFO#642] 26/May/2011:22:03:37 loading vpnup_custom if available
[INFO#642] 26/May/2011:22:03:38 preparing the exceptional routes
[INFO#642] 26/May/2011:22:03:38 exceptional routes disabled.
[INFO#642] 26/May/2011:22:03:38 exceptional routes features detail:  
http://goo.gl/fYfJ
[INFO#642] 26/May/2011:22:03:38 vpnup.sh ended
-------------------------end------------------------

开机后的openvpn.log
-------------------------start------------------------
Thu Jul 29 12:00:05 2010 OpenVPN 2.1_rc20 mipsel-unknown-linux-gnu [SSL] [LZO1] 
[EPOLL] built on Nov  2 2009
Thu Jul 29 12:00:05 2010 LZO compression initialized
Thu Jul 29 12:00:06 2010 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 
ET:0 EL:0 ]
Thu Jul 29 12:00:06 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 
ET:0 EL:0 AF:3/1 ]
---omitted---
Thu May 26 22:02:53 2011 iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE; 
/jffs/openvpn/vpnup.sh openvpn tun0 1500 1544 192.168.x.x 192.168.x.x init
+ export PATH=/bin:/sbin:/usr/sbin:/usr/bin
+ LOG=/tmp/autoddvpn.log
+ LOCK=/tmp/autoddvpn.lock
+ PID=642
+ EXROUTEDIR=/jffs/exroute.d
+ INFO=[INFO#642]
+ DEBUG=[DEBUG#642]
+ ERROR=[ERROR#642]
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:02:53 vpnup.sh started
+ [ -f /tmp/autoddvpn.lock ]
+ break
+ [ -f /tmp/autoddvpn.lock ]
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:02:53 vpnup
+ nvram get wan_gateway
+ OLDGW=113.1xx.1xx.x
+ OPENVPNDEV=tun0
+ ifconfig tun0
+ grep -Eo P-t-P:([0-9.]+)
+ cut -d: -f2
+ VPNGW=192.168.x.x
+ VPNUPCUSTOM=/jffs/openvpn/vpnup_custom
+ [ 113.109.120.1 ==  ]
+ echo [INFO#642] OLDGW is 113.1xx.1xx.x
[INFO#642] OLDGW is 113.1xx.1xx.x
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:02:54 adding the static routes, this may take 
a while.
+ route add -host 8.8.8.8 gw 192.168.x.x
---omitted---
+ route add -net 97.74.215.0/24 gw 192.168.x.x
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:03:37 loading vpnup_custom if available
+ export VPNGW=192.168.x.x
+ export OLDGW=113.1xx.1xx.x
+ grep ^route /jffs/openvpn/vpnup_custom
+ /bin/sh -x
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:03:38 preparing the exceptional routes
+ nvram get exroute_enable
+ [ -eq 1 ]
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:03:38 exceptional routes disabled.
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:03:38 exceptional routes features detail:  
http://goo.gl/fYfJ
+ echo [INFO#642] final check the default gw
[INFO#642] final check the default gw
+ true
+ route -n
+ grep ^0.0.0.0
+ awk {print $2}
+ GW=113.1xx.1xx.x
+ echo [DEBUG#642] my current gw is 113.1xx.1xx.x
[DEBUG#642] my current gw is 113.1xx.1xx.x
+ [ 113.1xx.1xx.x == 113.1xx.1xx.x ]
+ echo [DEBUG#642] GOOD
[DEBUG#642] GOOD
+ break
+ echo [INFO#642] static routes added
[INFO#642] static routes added
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#642] 26/May/2011:22:03:38 vpnup.sh ended
+ rm -f /tmp/autoddvpn.lock
-------------------------end------------------------

Original issue reported on code.google.com by xiaozhi...@gmail.com on 26 May 2011 at 2:35

GoogleCodeExporter commented 8 years ago

SVN revision: 13064
這個版本實在太老了，建議使用至少14xxx的版本。

另外你的rc_startup

rc_startup=date -s "2010-07-29 12:00:00"; openvpn --config 
/jffs/openvpn/openvpn.conf --daemon & 

這樣寫可能會有問題，請照這份文件
http://code.google.com/p/autoddvpn/wiki/OpenVPNManualStartUP
ssh進去DDWRT之後
nvram set rc_startup='date -s "2010-07-29 12:00:00"; openvpn --config 
/jffs/openvpn/openvpn.conf --daemon'

用這方式來設置rc_startup內容，最後不需要&符號。

這是我看到可能的原因，供你參考。

Original comment by pahud...@gmail.com on 26 May 2011 at 2:46

GoogleCodeExporter commented 8 years ago

下--daemon的時候就會自動丟到background了， 不需要再&了。FYI

Original comment by pahud...@gmail.com on 26 May 2011 at 2:52

GoogleCodeExporter commented 8 years ago

你好！刚才把dd-wrt更新到最新版本
DD-WRT v24-sp2 vpn (c) 2011 NewMedia-NET GmbH
Release: 05/17/11 (SVN revision: 17084)

可能openvpn版本太新，原配置有点问题
openvpn --config /jffs/openvpn/openvpn.conf --daemon

cat /tmp/openvpn.log 
Fri May 27 23:31:48 2011 OpenVPN 2.2.0 mipsel-linux [SSL] [LZO2] [EPOLL] built 
on May 17 2011
Fri May 27 23:31:48 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or 
higher to call user-defined scripts or executables
Fri May 27 23:31:48 2011 LZO compression initialized
Fri May 27 23:31:48 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 
ET:0 EL:0 ]
Fri May 27 23:31:48 2011 Socket Buffers: R=[43689->65534] S=[16384->65534]
Fri May 27 23:31:48 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 
ET:0 EL:0 AF:3/1 ]
Fri May 27 23:31:48 2011 Local Options hash (VER=V4): '69109d17'
Fri May 27 23:31:48 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri May 27 23:31:48 2011 Attempting to establish TCP connection with 
202.x.xx.xx:443 [nonblock]
Fri May 27 23:31:49 2011 TCP connection established with 202.x.xx.xx:443
Fri May 27 23:31:49 2011 TCPv4_CLIENT link local: [undef]
Fri May 27 23:31:49 2011 TCPv4_CLIENT link remote: 202.x.xx.xx:443
Fri May 27 23:31:49 2011 TLS: Initial packet from 202.x.xx.xx:443, sid=177409bb 
f0bc9020
Fri May 27 23:31:50 2011 VERIFY OK: depth=1, 
/C=CN/ST=GUANGDONG/L=SHENZHEN/O=VPNCUP.COM/CN=VPNCUP.COM_CA/emailAddress=admin@v
pncup.com
Fri May 27 23:31:50 2011 VERIFY OK: nsCertType=SERVER
Fri May 27 23:31:50 2011 VERIFY OK: depth=0, 
/C=CN/ST=GUANGDONG/L=SHENZHEN/O=VPNCUP.COM/CN=server/emailAddress=admin@vpncup.c
om
Fri May 27 23:31:50 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 
128 bit key
Fri May 27 23:31:50 2011 Data Channel Encrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri May 27 23:31:50 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 
128 bit key
Fri May 27 23:31:50 2011 Data Channel Decrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri May 27 23:31:50 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 27 23:31:50 2011 [server] Peer Connection Initiated with 202.x.xx.xx:443
Fri May 27 23:31:53 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri May 27 23:31:53 2011 PUSH: Received control message: 
'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 
8.8.8.8,dhcp-option DNS 8.8.4.4,route 192.168.x.x,topology net30,ping 
10,ping-restart 40,ifconfig 192.168.x.x 192.168.x.x'
Fri May 27 23:31:53 2011 Options error: option 'redirect-gateway' cannot be 
used in this context
Fri May 27 23:31:53 2011 Options error: option 'route' cannot be used in this 
context
Fri May 27 23:31:53 2011 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 27 23:31:53 2011 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 27 23:31:53 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option 
options modified
Fri May 27 23:31:53 2011 TUN/TAP device tun0 opened
Fri May 27 23:31:53 2011 TUN/TAP TX queue length set to 100
Fri May 27 23:31:53 2011 /sbin/ifconfig tun0 192.168.x.x pointopoint 
192.168.x.x mtu 1500
Fri May 27 23:31:53 2011 iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE; 
/jffs/openvpn/vpnup.sh openvpn tun0 1500 1544 192.168.x.x 192.168.x.x init
Fri May 27 23:31:53 2011 WARNING: External program may not be called unless 
'--script-security 2' or higher is enabled.  Use '--script-security 3 system' 
for backward compatibility with 2.1_rc8 and earlier.  See --help text or man 
page for detailed info.
Fri May 27 23:31:53 2011 WARNING: Failed running command (--up/--down): 
external program fork failed
Fri May 27 23:31:53 2011 Exiting

添加--script-security 3之后
openvpn --config /jffs/openvpn/openvpn.conf --script-security 3 --daemon

cat /tmp/openvpn.log 
Fri May 27 23:20:18 2011 OpenVPN 2.2.0 mipsel-linux [SSL] [LZO2] [EPOLL] built 
on May 17 2011
Fri May 27 23:20:18 2011 NOTE: the current --script-security setting may allow 
this configuration to call user-defined scripts
Fri May 27 23:20:18 2011 LZO compression initialized
Fri May 27 23:20:18 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 
ET:0 EL:0 ]
Fri May 27 23:20:18 2011 Socket Buffers: R=[43689->65534] S=[16384->65534]
Fri May 27 23:20:18 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 
ET:0 EL:0 AF:3/1 ]
Fri May 27 23:20:18 2011 Local Options hash (VER=V4): '69109d17'
Fri May 27 23:20:18 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri May 27 23:20:18 2011 Attempting to establish TCP connection with 
202.x.xx.xx:443 [nonblock]
Fri May 27 23:20:19 2011 TCP connection established with 202.x.xx.xx:443
Fri May 27 23:20:19 2011 TCPv4_CLIENT link local: [undef]
Fri May 27 23:20:19 2011 TCPv4_CLIENT link remote: 202.x.xx.xx:443
Fri May 27 23:20:19 2011 TLS: Initial packet from 202.x.xx.xx:443, sid=269c11e6 
a5e7d54a
Fri May 27 23:20:20 2011 VERIFY OK: depth=1, 
/C=CN/ST=GUANGDONG/L=SHENZHEN/O=VPNCUP.COM/CN=VPNCUP.COM_CA/emailAddress=admin@v
pncup.com
Fri May 27 23:20:20 2011 VERIFY OK: nsCertType=SERVER
Fri May 27 23:20:20 2011 VERIFY OK: depth=0, 
/C=CN/ST=GUANGDONG/L=SHENZHEN/O=VPNCUP.COM/CN=server/emailAddress=admin@vpncup.c
om
Fri May 27 23:20:21 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 
128 bit key
Fri May 27 23:20:21 2011 Data Channel Encrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri May 27 23:20:21 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 
128 bit key
Fri May 27 23:20:21 2011 Data Channel Decrypt: Using 160 bit message hash 
'SHA1' for HMAC authentication
Fri May 27 23:20:21 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 27 23:20:21 2011 [server] Peer Connection Initiated with 202.x.xx.xx:443
Fri May 27 23:20:23 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri May 27 23:20:23 2011 PUSH: Received control message: 
'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 
8.8.8.8,dhcp-option DNS 8.8.4.4,route 192.168.x.x,topology net30,ping 
10,ping-restart 40,ifconfig 192.168.x.x 192.168.x.x'
Fri May 27 23:20:23 2011 Options error: option 'redirect-gateway' cannot be 
used in this context
Fri May 27 23:20:23 2011 Options error: option 'route' cannot be used in this 
context
Fri May 27 23:20:23 2011 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 27 23:20:23 2011 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 27 23:20:23 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option 
options modified
Fri May 27 23:20:23 2011 TUN/TAP device tun0 opened
Fri May 27 23:20:23 2011 TUN/TAP TX queue length set to 100
Fri May 27 23:20:23 2011 /sbin/ifconfig tun0 192.168.x.x pointopoint 
192.168.x.x mtu 1500
Fri May 27 23:20:23 2011 iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE; 
/jffs/openvpn/vpnup.sh openvpn tun0 1500 1544 192.168.x.x 192.168.x.x init
Fri May 27 23:20:23 2011 WARNING: Failed running command (--up/--down): could 
not execute external program
Fri May 27 23:20:23 2011 Exiting

Original comment by xiaozhi...@gmail.com on 27 May 2011 at 3:35

GoogleCodeExporter commented 8 years ago

/jffs/openvpn/openvpn.conf 最後一行加上

script-security 3 system

即可

Original comment by pahud...@gmail.com on 29 May 2011 at 6:26

GoogleCodeExporter commented 8 years ago

总结一下：
1.升级到最新版dd-wrt
2.openvpn.conf 加上 script-security 3 system

dd-wrt启动后能自动运行openvpn，搞定，thanks！

Original comment by xiaozhi...@gmail.com on 29 May 2011 at 4:09

GoogleCodeExporter commented 8 years ago

恭喜你！我也因為你升級到svn17xxx版本了。

Original comment by pahud...@gmail.com on 29 May 2011 at 4:13

edge513 / autoddvpn

openvpn开机rc_startup运行后自动退出 #76