Это ситуация, когда я понятия не имею, что происходит:
Я настроил OpenVPN с помощью PKI, все кажется работать, кроме этого:
Dbeaver и Mysql-Workbench зависают после «успешного входа в систему» (я имею в виду, что если я установил неправильный пароль или неправильный разрешенный домен, он говорит, что не может подключиться. Здесь он просто зависает)
Что действительно странно, так это то, что клиент mysql работает как шарм над моей VPN, терпят неудачу только SQL IDE.
Между прочим, у этих IDE нет проблем с подключением через Интернет с использованием общедоступного IPv4.
Любая идея, что я могу сделать, чтобы:
1) Изучите проблему (сначала я настроил VPN ... Возможно, я что-то пропустил или есть какие-то настройки, которые, очевидно, могут привести к такому поведению, о котором я не знаю)
2) Решаем проблему
?
[РЕДАКТИРОВАТЬ]: Для тестов я установил пустой набор правил iptables и отключил fail2ban (и все остальное, что могло вызвать проблемы с брандмауэром):
2018-12-17 11:46:24 root /etc/openvpn/ #>iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
маршруты:
2018-12-17 11:49:17 root /etc/openvpn/ #>ip route
default via 10.16.84.150 dev ens2 proto dhcp src 10.16.84.151 metric 1024
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
10.16.84.150 dev ens2 proto dhcp scope link src 10.16.84.151 metric 1024
10.16.84.150/31 dev ens2 proto kernel scope link src 10.16.84.151
Это те, которые установлены openVPN:
10.8.0.0/24 via 10.8.0.2 dev tun0
10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
[РЕДАКТИРОВАТЬ 2]
Я попробовал программу wirehark на сервере и на своем компьютере, чтобы увидеть, что здесь происходит. Результат после "проверки подключения" с помощью dbeaver:
на Клиент
tshark -i tun0
Running as user "root" and group "root". This could be dangerous.
tshark: Lua: Error during loading:
/usr/share/wireshark/init.lua:32: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Capturing on 'tun0'
1 0.000000000 10.8.0.6 → 10.8.0.1 TCP 60 47148 → 3306 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=999443647 TSecr=0 WS=128
2 0.049160978 10.8.0.1 → 10.8.0.6 TCP 60 3306 → 47148 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1358 SACK_PERM=1 TSval=3444840768 TSecr=999443647 WS=128
3 0.049178626 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=999443696 TSecr=3444840768
4 0.084592971 10.8.0.1 → 10.8.0.6 MySQL 145 Server Greeting proto=10 version=5.5.5-10.1.37-MariaDB
5 0.084630234 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=94 Win=29312 Len=0 TSval=999443731 TSecr=3444840803
6 0.085223320 10.8.0.6 → 10.8.0.1 MySQL 282 Login Request user=root db=fbpl_dataset
7 0.128639717 10.8.0.1 → 10.8.0.6 TCP 52 3306 → 47148 [ACK] Seq=94 Ack=231 Win=30080 Len=0 TSval=3444840848 TSecr=999443732
8 0.128899853 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
9 0.129036157 10.8.0.6 → 10.8.0.1 MySQL 162 Request Query
10 0.166717953 10.8.0.1 → 10.8.0.6 MySQL 422 Response
11 0.167034485 10.8.0.6 → 10.8.0.1 MySQL 168 Request Query
12 0.201992947 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
13 0.202300657 10.8.0.6 → 10.8.0.1 MySQL 100 Request Query
14 0.244425110 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
15 0.244723180 10.8.0.6 → 10.8.0.1 MySQL 73 Request Query
16 0.282299897 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
17 0.282750321 10.8.0.6 → 10.8.0.1 MySQL 63 Request Query
18 0.324337397 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
19 0.325020740 10.8.0.6 → 10.8.0.1 MySQL 88 Request Query
20 0.363417862 10.8.0.1 → 10.8.0.6 MySQL 131 Response
21 0.380069274 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
22 0.426607694 10.8.0.1 → 10.8.0.6 MySQL 1288 Response
23 0.427432886 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
24 0.464371877 10.8.0.1 → 10.8.0.6 TCP 1037 [TCP Previous segment not captured] 3306 → 47148 [PSH, ACK] Seq=3180 Ack=607 Win=30080 Len=985 TSval=3444841181 TSecr=999444074 [TCP segment of a reassembled PDU]
25 0.464403500 10.8.0.6 → 10.8.0.1 TCP 64 [TCP Window Update] 47148 → 3306 [ACK] Seq=607 Ack=1834 Win=35712 Len=0 TSval=999444111 TSecr=3444841142 SLE=3180 SRE=4165
26 0.648240382 10.8.0.6 → 138.201.81.199 TCP 60 47946 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125070191 TSecr=0 WS=128
27 15.154852195 fe80::2b5f:797f:89b6:2163 → ff02::2 ICMPv6 48 Router Solicitation
28 17.460851851 10.8.0.6 → 138.201.81.199 TCP 60 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125087000 TSecr=0 WS=128
29 18.461720007 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125088001 TSecr=0 WS=128
30 20.488217123 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125090027 TSecr=0 WS=128
31 24.541683888 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125094080 TSecr=0 WS=128
32 32.648223719 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125102185 TSecr=0 WS=128
33 76.255359872 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
34 76.594972111 fe80::2b5f:797f:89b6:2163 → ff02::2 ICMPv6 48 Router Solicitation
35 77.255689579 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
36 78.256235262 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
37 79.256582538 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
38 81.468184482 10.8.0.6 → 138.201.81.199 TCP 60 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125150997 TSecr=0 WS=128
39 82.488202760 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125152016 TSecr=0 WS=128
40 84.701712530 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125154230 TSecr=0 WS=128
41 88.754872248 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125158282 TSecr=0 WS=128
42 96.861639556 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125166388 TSecr=0 WS=128
43 196.255874050 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
44 197.257068532 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
45 198.258297209 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
46 199.258728979 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
47 204.595034169 fe80::2b5f:797f:89b6:2163 → ff02::2 ICMPv6 48 Router Solicitation
48 209.531734561 10.8.0.6 → 138.201.81.199 TCP 60 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125279045 TSecr=0 WS=128
49 210.541697498 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125280055 TSecr=0 WS=128
50 212.701695301 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125282215 TSecr=0 WS=128
51 216.755028817 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125286268 TSecr=0 WS=128
52 224.861647492 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2125294374 TSecr=0 WS=128
53 316.256315832 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
54 317.257280083 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
55 318.258064000 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
56 319.258529228 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
На Сервер :
tshark
Running as user "root" and group "root". This could be dangerous.
tshark: Lua: Error during loading:
/usr/share/wireshark/init.lua:32: dofile has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Capturing on 'tun0'
1 0.000000000 10.8.0.6 → 10.8.0.1 TCP 60 47148 → 3306 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=999443647 TSecr=0 WS=128
2 0.000053386 10.8.0.1 → 10.8.0.6 TCP 60 3306 → 47148 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=3444840768 TSecr=999443647 WS=128
3 0.034842750 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=999443696 TSecr=3444840768
4 0.035454228 10.8.0.1 → 10.8.0.6 MySQL 145 Server Greeting proto=10 version=5.5.5-10.1.37-MariaDB
5 0.074777548 10.8.0.6 → 10.8.0.1 TCP 52 47148 → 3306 [ACK] Seq=1 Ack=94 Win=29312 Len=0 TSval=999443731 TSecr=3444840803
6 0.079692859 10.8.0.6 → 10.8.0.1 MySQL 282 Login Request user=root db=fbpl_dataset
7 0.079706973 10.8.0.1 → 10.8.0.6 TCP 52 3306 → 47148 [ACK] Seq=94 Ack=231 Win=30080 Len=0 TSval=3444840848 TSecr=999443732
8 0.079907092 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
9 0.114271069 10.8.0.6 → 10.8.0.1 MySQL 162 Request Query
10 0.116406475 10.8.0.1 → 10.8.0.6 MySQL 422 Response
11 0.153284108 10.8.0.6 → 10.8.0.1 MySQL 168 Request Query
12 0.153484577 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
13 0.194794969 10.8.0.6 → 10.8.0.1 MySQL 100 Request Query
14 0.195012071 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
15 0.232990157 10.8.0.6 → 10.8.0.1 MySQL 73 Request Query
16 0.233240592 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
17 0.274414074 10.8.0.6 → 10.8.0.1 MySQL 63 Request Query
18 0.274611706 10.8.0.1 → 10.8.0.6 MySQL 63 Response OK
19 0.313793459 10.8.0.6 → 10.8.0.1 MySQL 88 Request Query
20 0.314036139 10.8.0.1 → 10.8.0.6 MySQL 131 Response
21 0.373724977 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
22 0.374313462 10.8.0.1 → 10.8.0.6 MySQL 1288 Response
23 0.412753261 10.8.0.6 → 10.8.0.1 MySQL 69 Request Query
24 0.413313088 10.8.0.1 → 10.8.0.6 MySQL 1398 Response
25 0.413332858 10.8.0.1 → 10.8.0.6 MySQL 1037 ResponseResponse
26 0.453471537 10.8.0.6 → 10.8.0.1 TCP 64 [TCP Window Update] 47148 → 3306 [ACK] Seq=607 Ack=1834 Win=35712 Len=0 TSval=999444111 TSecr=3444841142 SLE=3180 SRE=4165
27 0.471486585 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444841239 TSecr=999444111
28 0.653949113 10.8.0.6 → 138.201.81.199 TCP 60 47946 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125070191 TSecr=0 WS=128
29 0.738141927 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444841506 TSecr=999444111
30 1.244791421 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444842013 TSecr=999444111
31 1.564860995 10.8.0.1 → 10.8.0.6 MySQL 1398 Response
32 2.231524259 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444842999 TSecr=999444111
33 4.338152670 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444845106 TSecr=999444111
34 8.391500815 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444849159 TSecr=999444111
35 16.284812186 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444857053 TSecr=999444111
36 17.453808438 10.8.0.6 → 138.201.81.199 TCP 60 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125087000 TSecr=0 WS=128
37 18.442690460 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125088001 TSecr=0 WS=128
38 20.473716795 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125090027 TSecr=0 WS=128
39 24.513887900 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125094080 TSecr=0 WS=128
40 32.284844755 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444873053 TSecr=999444111
41 32.634593171 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47970 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125102185 TSecr=0 WS=128
42 64.711502663 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444905479 TSecr=999444111
43 76.239261484 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
44 77.239606533 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
45 78.248116041 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
46 79.240570533 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
47 81.458991045 10.8.0.6 → 138.201.81.199 TCP 60 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125150997 TSecr=0 WS=128
48 82.473039673 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125152016 TSecr=0 WS=128
49 84.679898494 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125154230 TSecr=0 WS=128
50 88.739155711 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125158282 TSecr=0 WS=128
51 96.840751788 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 47992 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125166388 TSecr=0 WS=128
52 124.444841498 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47008 [ACK] Seq=1 Ack=1 Win=235 Len=1346 TSval=3444965213 TSecr=998700357
53 127.858151192 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3444968626 TSecr=999444111
54 196.234990777 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
55 197.236207702 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
56 198.236346847 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
57 199.235242415 10.8.0.6 → 239.255.255.250 SSDP 193 M-SEARCH * HTTP/1.1
58 209.476349902 10.8.0.6 → 138.201.81.199 TCP 60 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125279045 TSecr=0 WS=128
59 210.509956728 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125280055 TSecr=0 WS=128
60 212.674468626 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125282215 TSecr=0 WS=128
61 216.716790577 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125286268 TSecr=0 WS=128
62 224.828569147 10.8.0.6 → 138.201.81.199 TCP 60 [TCP Retransmission] 48004 → 80 [SYN] Seq=0 Win=29200 Len=0 MSS=1358 SACK_PERM=1 TSval=2125294374 TSecr=0 WS=128
63 260.978128154 10.8.0.1 → 10.8.0.6 TCP 1398 [TCP Retransmission] 3306 → 47148 [ACK] Seq=1834 Ack=607 Win=30080 Len=1346 TSval=3445101746 TSecr=999444111
[Изменить 3] Похоже, на самом деле это проблема сети: с dbeaver происходит обновление окна tcp. Тогда мой компьютер не получает никаких пакетов от соединения. Я также проверил физическую связь, и действительно, больше пакетов udp не получено, поэтому сильно подозреваю, что проблема с MTU. Я протестировал VPN через TCP, и он работает.