Windows system >> Linux system Tutorial >> About Linux

What should I do if the Linux system Openvpn process exits abnormally?

  
                

In Linux, OpenVPN is a good open source VPN, so it is widely used. However, many users have recently discovered that the OpenVPN service has exited abnormally many times. How to solve this problem? Today Xiaobian teaches you how to solve this problem.

cause of the problem analysis:

1. openvpn server (virtual machine) is not enough memory for only 2G memory

2. I /O is too high, because The reason why the log opens the DEBUG, a lot of write log operations,

3. The file descriptor is not enough, the system defaults to 1024

4. Someone maliciously attacks the openvpn service

4 o'clock, began to deal with:

1. The first choice is to adjust the openpvn server (virtual machine) memory to 4G, restarted and found that the openvpn service is abnormal after a few minutes of startup,

2 Adjusting the log to error, openvpn exits abnormally a few minutes after startup. View log found is

Feb 18 17:17:42 localhost openvpn[1219]: qn_anqiu/xxx.xxx.xxx.xx:27351 CRL: cannot read: /usr/local/cine/etc/keys/Crl.pem: Too many open files (errno=24)

3. There is an error log above, indicating that the third point of the guess is correct. Execute the command:

shell $” ulimit -SHn 65535

After starting the openvpn process, it does not exit again.

4. View the log and find that there is an IP requesting the openvpn server every minute. Filter this IP directly in iptables

Feb 16 13:06:16 localhost openvpn[1219]: 58.244.191.51:47374 WARNING: Bad encapsulated packet length from peer (18245), which must be 》 0 and " = 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this Condition could also indicate a possible active attack on the TCP link -- [Attemping restart. . ]

Feb 16 13:07:21 localhost openvpn[1219]: 58.244.191.51:6043 WARNING: Bad encapsulated packet length from peer (18245), which must be 》 0 and " = 1544 -- please ensure That --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attemping restart. . ]

After the above modification, after two days, openvpn is still abnormally dropped. After viewing the log, it is still an old problem:

Feb 18 17:17:42 localhost openvpn[1219]: qn_anqiu/Xxx.xxx.xxx.xx:27351 CRL: cannot read: /usr/local/cine/etc/keys/crl.pem: Too many open files (errno=24)

Even if the file descriptor process is open It should not be dropped. This means that the openvpn BUG, ​​crl.pem is the logout certificate stored in the file. If the certificate verification is not valid, the openvpn service will refuse to connect. I currently have more than 800 clients. To connect, is it necessary to request that the file is not released for each connection? Isn't it enough to release 65,535 file descriptors?

In order to solve the problem, I have to modify the configuration file to remove the parameters of this verification logout certificate. After restarting the openvpn process, it is normal and there has been no problem. How to produce it requires further observation and research.

This is the way to solve the abnormal exit of the OpenVPN service. If you encounter such a problem, you may wish to try this solution.

About Linux
Windows system
How to set the Grub2 password in Ubuntu

Grub is a bootloader from the Gnu project. It is a multi-boot specification implementation that allo
What about Chinese garbled when creating a website through Tomcat under Ubuntu?

In the Ubuntu system, there are users who have encountered garbled problems after setting up the Dem
How to find executable files under Linux system

                 An executable file is a portable executable file that is used for program execution
Solution for unusable xmanager passive function under Linux

                 xmanager Passive can transfer graphics only when you log in to the ssh character in
RedHat6.5 network card common problems and solutions

                 RedHat is a widely used Linux system. In the version of RedHat6.5, some network car
What should I do if there is garbled code on the Firefox browser page under Linux?

Firefox is a browser that users like very much on Linux systems, but Firefox often has garbled chara
  • Linux system FAQ
  • Linux Tutorial
  • About Linux

    • WinXP play large game pop-up virtual memory shortage solution

    Win10 touchpad gesture operation win10 touchpad gesture operation skills Daquan

    What if the phone cannot connect to Win8?

    Teach you to clear invalid icons in Windows7 notification area

    Quick recovery of accidentally deleted files in the context of Win7 system

    How to do Win3 system Direct3d function is not available

    UWP version of "Voice Wake" on the app store: use Cortana to control PC switch machine

    Excuse me, I used my brother's computer to buy gta5 on steam, then, after I go home, I can play

    Windows 8 M3 Build 7955 leaks cloud roaming function

    How to shut down the Win8 system?

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved