Open GoogleCodeExporter opened 9 years ago
1.
vpnup_custom自己新增進去即可,預設是沒有的,如果存在這個��
�件則會被加載進去。這方便了大家去稍微定製自己需要的路�
��規則,而不需要去修改公用的vpnup.sh
2. 應該是可以的,但是我沒有這方面的經驗。
3.
這個你可能需要當斷網的時候ssh進入DDWRT裡面進行ping測試了��
�可能可以這樣測試:
斷網的時候你ping WAN gw 以及VPN
gw看看是否都ping得通。graceMode裡面只會加載已知需要翻牆的IP
網段,理論上國內IP不會有任何影響,當你發現所謂的斷網的
時候,你需要判斷是DNS被劫持了,還是IP根本都ping不到,這��
�決定你要怎麼解決問題。ping WAN gw是第一步判斷方式。
如果連ping WAN
gw都不通,而DDWRT路由器在不使用autoddvpn的情況下都可以穩定�
��用,則可能需要觀察/tmp/autoddvpn.log and /tmp/openvpn.log
看看是否因為openvpn連線不穩定造成頻繁的斷線重連造成,這�
��就需要trace一下了。
Original comment by pahud...@gmail.com
on 4 Jan 2012 at 6:05
對一些CPU比較不給力或版本比較舊的DDWRT路由器來說,vpnup.sh�
��加載有可能會造成路由器整個hang住一段時間,所以要觀察lo
g看看是不是vpn線路不穩造成頻繁地加載造成。
Original comment by pahud...@gmail.com
on 4 Jan 2012 at 6:09
[deleted comment]
谢谢,
观察了VPN的log都显示正常。(包含验证证书,被墙的IP地址都
正常。)
还有,采用优雅模式,还需要清空电脑的DNS缓存吗?
晚点,如果还出问题了,我再把你问题3的情况答复你。
ps:如何判断CPU不给力的情况呢?,在DD-WRT
GUI没看出来什么大波动。
Original comment by linjimmyiphone@gmail.com
on 4 Jan 2012 at 8:04
root@DD-WRT:~# route -n | tail -n 20
209.133.27.0 11.93.0.49 255.255.255.0 UG 0 0 0 tun0
122.147.51.0 11.93.0.49 255.255.255.0 UG 0 0 0 tun0
78.129.203.0 11.93.0.49 255.255.255.0 UG 0 0 0 tun0
66.102.0.0 11.93.0.49 255.255.240.0 UG 0 0 0 tun0
64.233.160.0 11.93.0.49 255.255.224.0 UG 0 0 0 tun0
208.117.224.0 11.93.0.49 255.255.224.0 UG 0 0 0 tun0
72.14.192.0 11.93.0.49 255.255.192.0 UG 0 0 0 tun0
184.72.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
173.194.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
69.63.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
69.171.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
66.220.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
74.125.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
203.84.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
116.214.0.0 11.93.0.49 255.255.0.0 UG 0 0 0 tun0
211.0.0.0 11.93.0.49 255.0.0.0 UG 0 0 0 tun0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
202.0.0.0 11.93.0.49 255.0.0.0 UG 0 0 0 tun0
0.0.0.0 113.64.176.1 0.0.0.0 UG 0 0 0 ppp0
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:26
当地首选的DNS
root@DD-WRT:~# ping 202.96.134.133
PING 202.96.134.133 (202.96.134.133): 56 data bytes
接下来是一直等待,没任何回应。
等大概5分钟后,还是没回应。
我取消掉回复这样。
--- 202.96.134.133 ping statistics ---
236 packets transmitted, 0 packets received, 100% packet loss
---------
当地次选的DNS
PING 202.96.128.86 (202.96.128.86): 56 data bytes
等了一分钟后,我取消掉
--- 202.96.128.86 ping statistics ---
77 packets transmitted, 0 packets received, 100% packet loss
----------
root@DD-WRT:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=64 time=0.589 ms
64 bytes from 192.168.1.1: seq=1 ttl=64 time=0.529 ms
64 bytes from 192.168.1.1: seq=2 ttl=64 time=0.532 ms
64 bytes from 192.168.1.1: seq=3 ttl=64 time=0.533 ms
64 bytes from 192.168.1.1: seq=4 ttl=64 time=0.534 ms
64 bytes from 192.168.1.1: seq=5 ttl=64 time=0.537 ms
64 bytes from 192.168.1.1: seq=6 ttl=64 time=0.537 ms
64 bytes from 192.168.1.1: seq=7 ttl=64 time=0.538 ms
64 bytes from 192.168.1.1: seq=8 ttl=64 time=0.540 ms
64 bytes from 192.168.1.1: seq=9 ttl=64 time=0.537 ms
64 bytes from 192.168.1.1: seq=10 ttl=64 time=0.534 ms
64 bytes from 192.168.1.1: seq=11 ttl=64 time=0.533 ms
64 bytes from 192.168.1.1: seq=12 ttl=64 time=0.516 ms
64 bytes from 192.168.1.1: seq=13 ttl=64 time=0.533 ms
64 bytes from 192.168.1.1: seq=14 ttl=64 time=0.542 ms
64 bytes from 192.168.1.1: seq=15 ttl=64 time=0.535 ms
64 bytes from 192.168.1.1: seq=16 ttl=64 time=0.542 ms
64 bytes from 192.168.1.1: seq=17 ttl=64 time=0.540 ms
64 bytes from 192.168.1.1: seq=18 ttl=64 time=0.544 ms
64 bytes from 192.168.1.1: seq=19 ttl=64 time=0.516 ms
64 bytes from 192.168.1.1: seq=20 ttl=64 time=0.535 ms
64 bytes from 192.168.1.1: seq=21 ttl=64 time=0.536 ms
--- 192.168.1.1 ping statistics ---
22 packets transmitted, 22 packets received, 0% packet loss
round-trip min/avg/max = 0.516/0.536/0.589 ms
----------------------------------------------------
root@DD-WRT:~# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:11.93.0.50 P-t-P:11.93.0.49 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:36295 errors:0 dropped:0 overruns:0 frame:0
TX packets:28471 errors:0 dropped:12127 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:34646833 (33.0 MiB) TX bytes:3072121 (2.9 MiB)
--------------------------------------------------------------------------------
--
root@DD-WRT:~# nvram get dnsmasq_options
server=/mobile01.com/208.67.222.222
server=/5i01.com/208.67.222.222
server=/facebook.com/8.8.8.8
server=/fbcdn.net/8.8.8.8
server=/imageshack.us/8.8.8.8
server=/books.com.tw/8.8.8.8
server=/book.com.tw/8.8.8.8
server=/twitter.com/8.8.8.8
server=/youtube.com/8.8.8.8
server=/ytimg.com/8.8.8.8
server=/google.com/8.8.8.8
server=/google.com.hk/8.8.8.8
server=/android.com/8.8.8.8
server=/gvt0.cn/8.8.8.8
server=/gvt0.com/8.8.8.8
server=/ggpht.com/8.8.8.8
server=/googlehosted.com/8.8.8.8
server=/google-analytics.com/8.8.8.8
server=/googleusercontent.com/8.8.8.8
server=/chrome.angrybirds.com/8.8.8.8
address=/encrypted.google.com/72.14.203.100
address=/adcdownload.apple.com/203.69.113.136
address=/deimos3.apple.com/203.69.113.136
address=/movies.apple.com/203.69.113.136
address=/trailers.apple.com/203.69.113.136
address=/developer.apple.com/203.69.113.136
address=/.phobos.apple.com/203.69.113.136
address=/appldnld.apple.com/203.69.113.136
address=/discussions.apple.com/203.69.113.136
address=/km.support.apple.com/203.69.113.136
address=/.phobos.apple.com.edgesuite.net/203.69.113.136
address=/a1.mzstatic.com/203.69.113.128
address=/a2.mzstatic.com/203.69.113.128
address=/a3.mzstatic.com/203.69.113.128
address=/a4.mzstatic.com/203.69.113.128
address=/a5.mzstatic.com/203.69.113.128
address=/a6.mzstatic.com/203.69.113.128
address=/a7.mzstatic.com/203.69.113.128
address=/a8.mzstatic.com/203.69.113.128
address=/www.icloud.com/184.25.218.46
address=/www.me.com/184.30.117.47
-------------------------------------------------------------------------------
root@DD-WRT:~# ping 113.64.176.1
PING 113.64.176.1 (113.64.176.1): 56 data bytes
64 bytes from 113.64.176.1: seq=0 ttl=255 time=6.311 ms
64 bytes from 113.64.176.1: seq=1 ttl=255 time=20.765 ms
64 bytes from 113.64.176.1: seq=2 ttl=255 time=6.286 ms
64 bytes from 113.64.176.1: seq=3 ttl=255 time=6.061 ms
64 bytes from 113.64.176.1: seq=4 ttl=255 time=6.143 ms
64 bytes from 113.64.176.1: seq=5 ttl=255 time=6.419 ms
64 bytes from 113.64.176.1: seq=6 ttl=255 time=6.005 ms
64 bytes from 113.64.176.1: seq=7 ttl=255 time=6.242 ms
64 bytes from 113.64.176.1: seq=8 ttl=255 time=6.327 ms
64 bytes from 113.64.176.1: seq=9 ttl=255 time=6.045 ms
64 bytes from 113.64.176.1: seq=10 ttl=255 time=6.180 ms
64 bytes from 113.64.176.1: seq=11 ttl=255 time=6.417 ms
64 bytes from 113.64.176.1: seq=12 ttl=255 time=5.949 ms
64 bytes from 113.64.176.1: seq=13 ttl=255 time=6.232 ms
64 bytes from 113.64.176.1: seq=14 ttl=255 time=5.797 ms
64 bytes from 113.64.176.1: seq=15 ttl=255 time=6.139 ms
64 bytes from 113.64.176.1: seq=16 ttl=255 time=6.160 ms
64 bytes from 113.64.176.1: seq=17 ttl=255 time=6.198 ms
64 bytes from 113.64.176.1: seq=18 ttl=255 time=5.941 ms
64 bytes from 113.64.176.1: seq=19 ttl=255 time=6.300 ms
64 bytes from 113.64.176.1: seq=20 ttl=255 time=6.046 ms
64 bytes from 113.64.176.1: seq=21 ttl=255 time=6.037 ms
64 bytes from 113.64.176.1: seq=22 ttl=255 time=6.183 ms
64 bytes from 113.64.176.1: seq=23 ttl=255 time=6.144 ms
64 bytes from 113.64.176.1: seq=24 ttl=255 time=5.952 ms
64 bytes from 113.64.176.1: seq=25 ttl=255 time=6.211 ms
64 bytes from 113.64.176.1: seq=26 ttl=255 time=5.830 ms
64 bytes from 113.64.176.1: seq=27 ttl=255 time=6.096 ms
64 bytes from 113.64.176.1: seq=28 ttl=255 time=6.092 ms
64 bytes from 113.64.176.1: seq=29 ttl=255 time=6.213 ms
64 bytes from 113.64.176.1: seq=30 ttl=255 time=5.950 ms
64 bytes from 113.64.176.1: seq=31 ttl=255 time=6.238 ms
64 bytes from 113.64.176.1: seq=32 ttl=255 time=5.795 ms
64 bytes from 113.64.176.1: seq=33 ttl=255 time=6.092 ms
64 bytes from 113.64.176.1: seq=34 ttl=255 time=6.102 ms
64 bytes from 113.64.176.1: seq=35 ttl=255 time=5.739 ms
64 bytes from 113.64.176.1: seq=36 ttl=255 time=5.972 ms
64 bytes from 113.64.176.1: seq=37 ttl=255 time=6.005 ms
64 bytes from 113.64.176.1: seq=38 ttl=255 time=5.776 ms
64 bytes from 113.64.176.1: seq=39 ttl=255 time=6.097 ms
64 bytes from 113.64.176.1: seq=40 ttl=255 time=6.097 ms
64 bytes from 113.64.176.1: seq=41 ttl=255 time=5.670 ms
64 bytes from 113.64.176.1: seq=42 ttl=255 time=7.917 ms
64 bytes from 113.64.176.1: seq=43 ttl=255 time=6.259 ms
64 bytes from 113.64.176.1: seq=44 ttl=255 time=5.771 ms
64 bytes from 113.64.176.1: seq=45 ttl=255 time=5.831 ms
64 bytes from 113.64.176.1: seq=46 ttl=255 time=6.184 ms
64 bytes from 113.64.176.1: seq=47 ttl=255 time=5.697 ms
64 bytes from 113.64.176.1: seq=48 ttl=255 time=5.959 ms
64 bytes from 113.64.176.1: seq=49 ttl=255 time=6.042 ms
64 bytes from 113.64.176.1: seq=50 ttl=255 time=6.306 ms
64 bytes from 113.64.176.1: seq=51 ttl=255 time=5.806 ms
64 bytes from 113.64.176.1: seq=52 ttl=255 time=6.088 ms
--- 113.64.176.1 ping statistics ---
53 packets transmitted, 53 packets received, 0% packet loss
round-trip min/avg/max = 5.670/6.379/20.765 ms
-------------------------------------------------------------------------------
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:40
root@DD-WRT:~# ping 11.93.0.49
PING 11.93.0.49 (11.93.0.49): 56 data bytes
--- 11.93.0.49 ping statistics ---
11 packets transmitted, 0 packets received, 100% packet loss
root@DD-WRT:~# ping 11.93.0.1
PING 11.93.0.1 (11.93.0.1): 56 data bytes
--- 11.93.0.1 ping statistics ---
51 packets transmitted, 0 packets received, 100% packet loss
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:42
你需要ping你的WAN gw, 因為ping當地的DNS也是要先走你的WAN gw,
如果練WAN gw都不通,就是整個ADSL線路有問題了。
Original comment by pahud...@gmail.com
on 6 Jan 2012 at 4:44
如果ping wan gw通而ping DNS不通,你再用traceroute 來測試連到DNS
IP具體的路由是什麼情況,理論上連到國內DNS是走wan
gw然後一路過去,不會經過VPN gw,
這些都是方便debug找出原因的方法。
Original comment by pahud...@gmail.com
on 6 Jan 2012 at 4:46
root@DD-WRT:~# ping qq.com
等待大概1分钟跳到下面的回应
root@DD-WRT:~#
---------------------------
root@DD-WRT:~# ping 163.com
等待大概1分钟跳到下面的回应
root@DD-WRT:~#
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:47
注意看此2图的DNS
多了一个DNS3为:202.96.134.33
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:53
Attachments:
root@DD-WRT:~# ping 113.64.176.1 ----这个是网关
PING 113.64.176.1 (113.64.176.1): 56 data bytes
64 bytes from 113.64.176.1: seq=0 ttl=255 time=6.212 ms
64 bytes from 113.64.176.1: seq=1 ttl=255 time=6.035 ms
64 bytes from 113.64.176.1: seq=2 ttl=255 time=6.076 ms
64 bytes from 113.64.176.1: seq=3 ttl=255 time=5.897 ms
64 bytes from 113.64.176.1: seq=4 ttl=255 time=6.104 ms
64 bytes from 113.64.176.1: seq=5 ttl=255 time=5.666 ms
64 bytes from 113.64.176.1: seq=6 ttl=255 time=6.070 ms
64 bytes from 113.64.176.1: seq=7 ttl=255 time=6.032 ms
64 bytes from 113.64.176.1: seq=8 ttl=255 time=6.069 ms
64 bytes from 113.64.176.1: seq=9 ttl=255 time=5.837 ms
64 bytes from 113.64.176.1: seq=10 ttl=255 time=6.229 ms
64 bytes from 113.64.176.1: seq=11 ttl=255 time=5.676 ms
64 bytes from 113.64.176.1: seq=12 ttl=255 time=5.934 ms
64 bytes from 113.64.176.1: seq=13 ttl=255 time=5.976 ms
64 bytes from 113.64.176.1: seq=14 ttl=255 time=6.136 ms
64 bytes from 113.64.176.1: seq=15 ttl=255 time=5.818 ms
64 bytes from 113.64.176.1: seq=16 ttl=255 time=6.166 ms
64 bytes from 113.64.176.1: seq=17 ttl=255 time=5.678 ms
64 bytes from 113.64.176.1: seq=18 ttl=255 time=5.951 ms
64 bytes from 113.64.176.1: seq=19 ttl=255 time=5.998 ms
64 bytes from 113.64.176.1: seq=20 ttl=255 time=6.081 ms
64 bytes from 113.64.176.1: seq=21 ttl=255 time=5.806 ms
64 bytes from 113.64.176.1: seq=22 ttl=255 time=5.918 ms
64 bytes from 113.64.176.1: seq=23 ttl=255 time=6.414 ms
64 bytes from 113.64.176.1: seq=24 ttl=255 time=5.690 ms
64 bytes from 113.64.176.1: seq=25 ttl=255 time=5.983 ms
64 bytes from 113.64.176.1: seq=26 ttl=255 time=5.637 ms
64 bytes from 113.64.176.1: seq=27 ttl=255 time=5.812 ms
--- 113.64.176.1 ping statistics ---
28 packets transmitted, 28 packets received, 0% packet loss
round-trip min/avg/max = 5.637/5.960/6.414 ms
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:57
看着也连线中,就是奇怪上不去。
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:58
Attachments:
看看系统信息。
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 4:59
Attachments:
root@DD-WRT:~# ping 11.93.0.49
PING 11.93.0.49 (11.93.0.49): 56 data bytes
--- 11.93.0.49 ping statistics ---
29 packets transmitted, 0 packets received, 100% packet loss
root@DD-WRT:~#
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 5:02
[deleted comment]
[deleted comment]
root@DD-WRT:/tmp# vi autoddvpn.log
[INFO#1036] 05/Jan/2012:20:50:27 vpnup.sh started
[INFO#1036] 05/Jan/2012:20:50:28 adding the static routes, this may take a
while.
[INFO#1036] 05/Jan/2012:20:51:18 loading vpnup_custom if available
[INFO#1036] 05/Jan/2012:20:51:18 preparing the exceptional routes
[INFO#1036] 05/Jan/2012:20:51:18 exceptional routes disabled.
[INFO#1036] 05/Jan/2012:20:51:18 exceptional routes features detail:
http://goo.g
[INFO#1036] 05/Jan/2012:20:51:19 vpnup.sh ended
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
- autoddvpn.log 7/7 100%
Delete comment
Comment 17 by linjimmy...@gmail.com, Today (moments ago)
root@DD-WRT:/tmp# cat openvpn.log
Wed Dec 28 00:00:07 2011 OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] built on Dec
20 2011
Wed Dec 28 00:00:07 2011 WARNING: file '/jffs/openvpn/password.txt' is group or
others accessible
Wed Dec 28 00:00:07 2011 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Dec 28 00:00:07 2011 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Wed Dec 28 00:00:07 2011 NOTE: --script-security method='system' is deprecated
due to the fact that passed parameters will be subject to shell expansion
Wed Dec 28 00:00:07 2011 WARNING: file '/jffs/openvpn/client.key' is group or
others accessible
Wed Dec 28 00:00:07 2011 LZO compression initialized
Wed Dec 28 00:00:07 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0
ET:0 EL:0 ]
Wed Dec 28 00:00:07 2011 Socket Buffers: R=[109568->131072] S=[109568->131072]
Wed Dec 28 00:00:08 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]
Wed Dec 28 00:00:08 2011 Local Options hash (VER=V4): '41690919'
Wed Dec 28 00:00:08 2011 Expected Remote Options hash (VER=V4): '530fdded'
Wed Dec 28 00:00:08 2011 UDPv4 link local: [undef]
Wed Dec 28 00:00:08 2011 UDPv4 link remote: 173.230.154.218:443
Wed Dec 28 00:00:09 2011 TLS: Initial packet from 173.230.154.218:443,
sid=768c040c 8fa3b6be
Wed Dec 28 00:00:09 2011 WARNING: this configuration may cache passwords in
memory -- use the auth-nocache option to prevent this
Thu Jan 5 20:49:46 2012 TLS Error: TLS key negotiation failed to occur within
60 seconds (check your network connectivity)
Thu Jan 5 20:49:46 2012 TLS Error: TLS handshake failed
Thu Jan 5 20:49:46 2012 TCP/UDP: Closing socket
Thu Jan 5 20:49:46 2012 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 5 20:49:46 2012 Restart pause, 2 second(s)
Thu Jan 5 20:49:48 2012 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 5 20:49:48 2012 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 5 20:49:48 2012 NOTE: --script-security method='system' is deprecated
due to the fact that passed parameters will be subject to shell expansion
Thu Jan 5 20:49:48 2012 Re-using SSL/TLS context
Thu Jan 5 20:49:48 2012 LZO compression initialized
Thu Jan 5 20:49:48 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0
ET:0 EL:0 ]
Thu Jan 5 20:49:48 2012 Socket Buffers: R=[109568->131072] S=[109568->131072]
Thu Jan 5 20:49:48 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]
Thu Jan 5 20:49:48 2012 Local Options hash (VER=V4): '41690919'
Thu Jan 5 20:49:48 2012 Expected Remote Options hash (VER=V4): '530fdded'
Thu Jan 5 20:49:48 2012 UDPv4 link local: [undef]
Thu Jan 5 20:49:48 2012 UDPv4 link remote: 173.230.154.218:443
Thu Jan 5 20:49:49 2012 TLS: Initial packet from 173.230.154.218:443,
sid=2cb79bcc 0939d5ca
Thu Jan 5 20:50:20 2012 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Jan 5 20:50:20 2012 TCP/UDP: Closing socket
Thu Jan 5 20:50:20 2012 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 5 20:50:20 2012 Restart pause, 2 second(s)
Thu Jan 5 20:50:22 2012 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 5 20:50:22 2012 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Thu Jan 5 20:50:22 2012 NOTE: --script-security method='system' is deprecated
due to the fact that passed parameters will be subject to shell expansion
Thu Jan 5 20:50:22 2012 Re-using SSL/TLS context
Thu Jan 5 20:50:22 2012 LZO compression initialized
Thu Jan 5 20:50:22 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0
ET:0 EL:0 ]
Thu Jan 5 20:50:22 2012 Socket Buffers: R=[109568->131072] S=[109568->131072]
Thu Jan 5 20:50:22 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]
Thu Jan 5 20:50:22 2012 Local Options hash (VER=V4): '41690919'
Thu Jan 5 20:50:22 2012 Expected Remote Options hash (VER=V4): '530fdded'
Thu Jan 5 20:50:22 2012 UDPv4 link local: [undef]
Thu Jan 5 20:50:22 2012 UDPv4 link remote: 173.230.154.218:443
Thu Jan 5 20:50:22 2012 TLS: Initial packet from 173.230.154.218:443,
sid=8784440e d78d59b0
Thu Jan 5 20:50:24 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Thu Jan 5 20:50:24 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Thu Jan 5 20:50:25 2012 TLS Error: Unroutable control packet received from
173.230.154.218:443 (si=3 op=P_CONTROL_V1)
Thu Jan 5 20:50:25 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 20:50:25 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 20:50:25 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 20:50:25 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 20:50:25 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 5 20:50:25 2012 [server] Peer Connection Initiated with
173.230.154.218:443
Thu Jan 5 20:50:27 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jan 5 20:50:27 2012 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway,dhcp-option DNS 8.8.8.8,route 11.93.0.1,topology
net30,ping 10,ping-restart 120,ifconfig 11.93.0.50 11.93.0.49'
Thu Jan 5 20:50:27 2012 Options error: option 'redirect-gateway' cannot be
used in this context
Thu Jan 5 20:50:27 2012 Options error: option 'route' cannot be used in this
context
Thu Jan 5 20:50:27 2012 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 5 20:50:27 2012 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jan 5 20:50:27 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Thu Jan 5 20:50:27 2012 TUN/TAP device tun0 opened
Thu Jan 5 20:50:27 2012 TUN/TAP TX queue length set to 100
Thu Jan 5 20:50:27 2012 /sbin/ifconfig tun0 11.93.0.50 pointopoint 11.93.0.49
mtu 1500
Thu Jan 5 20:50:27 2012 iptables -A POSTROUTING -t nat -o tun0 -j MASQUERADE;
/jffs/openvpn/vpnup.sh openvpn tun0 1500 1542 11.93.0.50 11.93.0.49 init
+ export PATH=/bin:/sbin:/usr/sbin:/usr/bin
+ LOG=/tmp/autoddvpn.log
+ LOCK=/tmp/autoddvpn.lock
+ PID=1036
+ EXROUTEDIR=/jffs/exroute.d
+ INFO=[INFO#1036]
+ DEBUG=[DEBUG#1036]
+ ERROR=[ERROR#1036]
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:50:27 vpnup.sh started
+ [ -f /tmp/autoddvpn.lock ]
+ break
+ [ -f /tmp/autoddvpn.lock ]
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:50:27 vpnup
+ nvram get wan_gateway
+ OLDGW=113.64.176.1
+ OPENVPNDEV=tun0
+ ifconfig tun0
+ grep -Eo P-t-P:([0-9.]+)
+ cut -d: -f2
+ VPNGW=11.93.0.49
+ VPNUPCUSTOM=/jffs/openvpn/vpnup_custom
+ [ 113.64.176.1 == ]
+ echo [INFO#1036] OLDGW is 113.64.176.1
[INFO#1036] OLDGW is 113.64.176.1
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:50:28 adding the static routes, this may take
a while.
+ route add -host 8.8.8.8 gw 11.93.0.49
+ route add -host 8.8.4.4 gw 11.93.0.49
+ route add -host 208.67.222.222 gw 11.93.0.49
中间的我删除了。
+ route add -net 96.44.156.0/24 gw 11.93.0.49
+ route add -net 96.45.180.0/24 gw 11.93.0.49
+ route add -net 97.74.144.0/24 gw 11.93.0.49
+ route add -net 97.74.215.0/24 gw 11.93.0.49
+ route add -net 98.129.229.0/24 gw 11.93.0.49
+ route add -net 98.136.92.0/24 gw 11.93.0.49
+ route add -net 98.139.126.0/24 gw 11.93.0.49
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:51:18 loading vpnup_custom if available
+ export VPNGW=11.93.0.49
+ export OLDGW=113.64.176.1
+ grep ^route /jffs/openvpn/vpnup_custom
+ /bin/sh -x
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:51:18 preparing the exceptional routes
+ nvram get exroute_enable
+ [ -eq 1 ]
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:51:18 exceptional routes disabled.
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:51:18 exceptional routes features detail:
http://goo.gl/fYfJ
+ echo [INFO#1036] final check the default gw
[INFO#1036] final check the default gw
+ true
+ route -n
+ grep ^0.0.0.0
+ awk {print $2}
+ GW=113.64.176.1
+ echo [DEBUG#1036] my current gw is 113.64.176.1
[DEBUG#1036] my current gw is 113.64.176.1
+ [ 113.64.176.1 == 113.64.176.1 ]
+ echo [DEBUG#1036] GOOD
[DEBUG#1036] GOOD
+ break
+ echo [INFO#1036] static routes added
[INFO#1036] static routes added
+ date +%d/%b/%Y:%H:%M:%S
+ echo [INFO#1036] 05/Jan/2012:20:51:19 vpnup.sh ended
+ rm -f /tmp/autoddvpn.lock
Thu Jan 5 20:51:19 2012 Initialization Sequence Completed
Thu Jan 5 21:50:25 2012 TLS: soft reset sec=0 bytes=21433984/0 pkts=36762/0
Thu Jan 5 21:50:26 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Thu Jan 5 21:50:26 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Thu Jan 5 21:50:27 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 21:50:27 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 21:50:27 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 21:50:27 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 21:50:27 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 5 22:50:25 2012 TLS: tls_process: killed expiring key
Thu Jan 5 22:50:27 2012 TLS: soft reset sec=0 bytes=4628893/0 pkts=10448/0
Thu Jan 5 22:50:28 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Thu Jan 5 22:50:28 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Thu Jan 5 22:50:30 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 22:50:30 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 22:50:30 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 22:50:30 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 22:50:30 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 5 23:50:27 2012 TLS: tls_process: killed expiring key
Thu Jan 5 23:50:31 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Thu Jan 5 23:50:31 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Thu Jan 5 23:50:32 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 23:50:32 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 23:50:32 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Jan 5 23:50:32 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Thu Jan 5 23:50:32 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 6 00:50:30 2012 TLS: tls_process: killed expiring key
Fri Jan 6 00:50:32 2012 TLS: soft reset sec=0 bytes=212495/0 pkts=1151/0
Fri Jan 6 00:50:33 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Fri Jan 6 00:50:33 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Fri Jan 6 00:50:34 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 00:50:34 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 00:50:34 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 00:50:34 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 00:50:34 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 6 01:50:32 2012 TLS: tls_process: killed expiring key
Fri Jan 6 01:50:36 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Fri Jan 6 01:50:36 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Fri Jan 6 01:50:37 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 01:50:37 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 01:50:37 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 01:50:37 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 01:50:37 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 6 02:50:35 2012 TLS: tls_process: killed expiring key
Fri Jan 6 02:50:38 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Fri Jan 6 02:50:38 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Fri Jan 6 02:50:39 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 02:50:39 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 02:50:39 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 02:50:39 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 02:50:39 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 6 03:50:37 2012 TLS: tls_process: killed expiring key
Fri Jan 6 03:50:40 2012 VERIFY OK: depth=1,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/emailAddress=me@myh
ost.mydomain
Fri Jan 6 03:50:40 2012 VERIFY OK: depth=0,
/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydom
ain
Fri Jan 6 03:50:42 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 03:50:42 2012 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 03:50:42 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Fri Jan 6 03:50:42 2012 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Fri Jan 6 03:50:42 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 6 04:02:11 2012 [server] Inactivity timeout (--ping-restart),
restarting
Fri Jan 6 04:02:11 2012 TCP/UDP: Closing socket
Fri Jan 6 04:02:11 2012 SIGUSR1[soft,ping-restart] received, process restarting
Fri Jan 6 04:02:11 2012 Restart pause, 2 second(s)
Fri Jan 6 04:02:13 2012 WARNING: No server certificate verification method has
been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jan 6 04:02:13 2012 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Fri Jan 6 04:02:13 2012 NOTE: --script-security method='system' is deprecated
due to the fact that passed parameters will be subject to shell expansion
Fri Jan 6 04:02:13 2012 Re-using SSL/TLS context
Fri Jan 6 04:02:13 2012 LZO compression initialized
Fri Jan 6 04:02:13 2012 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0
ET:0 EL:0 ]
Fri Jan 6 04:02:13 2012 Socket Buffers: R=[109568->131072] S=[109568->131072]
Fri Jan 6 04:02:43 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
Fri Jan 6 04:02:43 2012 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135
ET:0 EL:0 AF:3/1 ]
Fri Jan 6 04:02:43 2012 Local Options hash (VER=V4): '41690919'
Fri Jan 6 04:02:43 2012 Expected Remote Options hash (VER=V4): '530fdded'
Fri Jan 6 04:03:13 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
Fri Jan 6 04:03:48 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
Fri Jan 6 04:04:23 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
Fri Jan 6 04:04:58 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
Fri Jan 6 04:05:33 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
Fri Jan 6 13:04:42 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
---end----
VPN域名,我确定没有故障,我正在用。
Fri Jan 6 04:04:23 2012 RESOLVE: Cannot resolve host address:
VPN域名我删除掉: [HOST_NOT_FOUND] The specified host is unknown.
这个重拨,大约是25秒重拨一次,到现在13:04:42
----------------------------------------------
root@DD-WRT:/tmp# ping 173.230.154.218
PING 173.230.154.218 (173.230.154.218): 56 data bytes
64 bytes from 173.230.154.218: seq=0 ttl=53 time=182.436 ms
64 bytes from 173.230.154.218: seq=1 ttl=53 time=182.572 ms
64 bytes from 173.230.154.218: seq=2 ttl=53 time=182.865 ms
64 bytes from 173.230.154.218: seq=3 ttl=53 time=183.138 ms
64 bytes from 173.230.154.218: seq=4 ttl=53 time=182.699 ms
64 bytes from 173.230.154.218: seq=5 ttl=53 time=182.677 ms
64 bytes from 173.230.154.218: seq=6 ttl=53 time=183.453 ms
64 bytes from 173.230.154.218: seq=7 ttl=53 time=183.322 ms
64 bytes from 173.230.154.218: seq=8 ttl=53 time=184.304 ms
64 bytes from 173.230.154.218: seq=9 ttl=53 time=184.321 ms
64 bytes from 173.230.154.218: seq=10 ttl=53 time=184.128 ms
64 bytes from 173.230.154.218: seq=11 ttl=53 time=183.177 ms
64 bytes from 173.230.154.218: seq=12 ttl=53 time=183.477 ms
64 bytes from 173.230.154.218: seq=13 ttl=53 time=183.179 ms
64 bytes from 173.230.154.218: seq=14 ttl=53 time=182.840 ms
64 bytes from 173.230.154.218: seq=15 ttl=53 time=183.103 ms
64 bytes from 173.230.154.218: seq=16 ttl=53 time=182.668 ms
64 bytes from 173.230.154.218: seq=17 ttl=53 time=182.962 ms
64 bytes from 173.230.154.218: seq=18 ttl=53 time=182.998 ms
64 bytes from 173.230.154.218: seq=19 ttl=53 time=182.518 ms
64 bytes from 173.230.154.218: seq=20 ttl=53 time=182.853 ms
--- 173.230.154.218 ping statistics ---
21 packets transmitted, 21 packets received, 0% packet loss
round-trip min/avg/max = 182.436/183.128/184.321 ms
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 5:18
难道出错在这个地方?11.93.0.50与11.93.0.49
root@DD-WRT:/tmp# ping 11.93.0.50
PING 11.93.0.50 (11.93.0.50): 56 data bytes
64 bytes from 11.93.0.50: seq=0 ttl=64 time=0.658 ms
64 bytes from 11.93.0.50: seq=1 ttl=64 time=0.517 ms
64 bytes from 11.93.0.50: seq=2 ttl=64 time=0.528 ms
64 bytes from 11.93.0.50: seq=3 ttl=64 time=0.535 ms
64 bytes from 11.93.0.50: seq=4 ttl=64 time=0.522 ms
64 bytes from 11.93.0.50: seq=5 ttl=64 time=0.534 ms
64 bytes from 11.93.0.50: seq=6 ttl=64 time=0.534 ms
64 bytes from 11.93.0.50: seq=7 ttl=64 time=0.529 ms
64 bytes from 11.93.0.50: seq=8 ttl=64 time=0.529 ms
64 bytes from 11.93.0.50: seq=9 ttl=64 time=0.525 ms
64 bytes from 11.93.0.50: seq=10 ttl=64 time=0.530 ms
64 bytes from 11.93.0.50: seq=11 ttl=64 time=0.526 ms
64 bytes from 11.93.0.50: seq=12 ttl=64 time=0.534 ms
--- 11.93.0.50 ping statistics ---
13 packets transmitted, 13 packets received, 0% packet loss
round-trip min/avg/max = 0.517/0.538/0.658 ms
root@DD-WRT:/tmp# ping 11.93.0.49
PING 11.93.0.49 (11.93.0.49): 56 data bytes
--- 11.93.0.49 ping statistics ---
21 packets transmitted, 0 packets received, 100% packet loss
root@DD-WRT:/tmp#
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 5:24
root@DD-WRT:/tmp# nslookup 11.93.0.50
Server: 192.168.1.1
Address 1: 192.168.1.1 DD-WRT
Name: 11.93.0.50
Address 1: 11.93.0.50
root@DD-WRT:/tmp# nslookup 11.93.0.49
Server: 192.168.1.1
Address 1: 192.168.1.1 DD-WRT
Name: 11.93.0.49
Address 1: 11.93.0.49
root@DD-WRT:/tmp#
Original comment by linjimmyiphone@gmail.com
on 6 Jan 2012 at 5:32
Original issue reported on code.google.com by
linjimmyiphone@gmail.com
on 4 Jan 2012 at 5:42