openVPN unter Stretch IMO viel zu langsam - was tun?

Einrichten des lokalen Netzes, Verbindung zu anderen Computern und Diensten.
dirk11
Beiträge: 2813
Registriert: 02.07.2013 11:47:01

Re: openVPN unter Stretch IMO viel zu langsam - was tun?

Beitrag von dirk11 » 18.11.2018 01:46:43

Ich bin mit dem Thema leider immer noch nicht weiter. Mit den zuletzt genannten Settings sieht eine Verbindung aus dem Ausland zur Zeit so aus:

Code: Alles auswählen

Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 VERIFY OK: [Rest entfernt]
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 Validating certificate key usage
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 ++ Certificate has key usage  0080, expects 0080
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 VERIFY KU OK
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 Validating certificate extended key usage
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 VERIFY EKU OK
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 VERIFY OK: [Rest entfernt]
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 peer info: IV_GUI_VER=OC30Android
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 peer info: IV_VER=3.2
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 peer info: IV_PLAT=android
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 peer info: IV_NCP=2
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 peer info: IV_TCPNL=1
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 peer info: IV_PROTO=2
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 TLS: Username/Password authentication succeeded for username 'AAAA' 
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1464', remote='link-mtu 1431'
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1343', remote='tun-mtu 1407'
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher AES-256-GCM'
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 18 00:40:23 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 18 00:40:24 server ovpn-server-udp[3544]: fon/123.211.21.1:39140 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Eine Verbindung in Deutschland hingegen so:

Code: Alles auswählen

Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1343)
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 TLS: Initial packet from [AF_INET]80.187.11.1:28505, sid=xxxxxx
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 VERIFY OK: [Rest entfernt]
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 Validating certificate key usage
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 ++ Certificate has key usage  0080, expects 0080
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 VERIFY KU OK
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 Validating certificate extended key usage
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 VERIFY EKU OK
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 VERIFY OK: [Rest entfernt]
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 peer info: IV_GUI_VER=OC30Android
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 peer info: IV_VER=3.2
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 peer info: IV_PLAT=android
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 peer info: IV_NCP=2
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 peer info: IV_TCPNL=1
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 peer info: IV_PROTO=2
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 TLS: Username/Password authentication succeeded for username 'BBBB' 
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1343', remote='tun-mtu 1407'
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Nov 18 01:24:02 server ovpn-server-udp[3544]: 80.187.11.1:28505 [gnote] Peer Connection Initiated with [AF_INET]80.187.11.1:28505
Nov 18 01:24:02 server ovpn-server-udp[3544]: note/80.187.11.1:28505 OPTIONS IMPORT: reading client specific options from: ccd/note
Nov 18 01:24:02 server ovpn-server-udp[3544]: note/80.187.11.1:28505 MULTI: Learn: 10.2.0.3 -> gnote/80.187.11.1:28505
Nov 18 01:24:02 server ovpn-server-udp[3544]: note/80.187.11.1:28505 MULTI: primary virtual IP for gnote/80.187.11.1:28505: 10.2.0.3
Nov 18 01:24:02 server ovpn-server-udp[3544]: note/80.187.11.1:28505 PUSH: Received control message: 'PUSH_REQUEST'
Nov 18 01:24:02 server ovpn-server-udp[3544]: note/80.187.11.1:28505 SENT CONTROL [note]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,topology subnet,sndbuf 393216,rcvbuf 393216,route-gateway 10.2.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.2.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Nov 18 01:24:02 server ovpn-server-udp[3544]: note/80.187.11.1:28505 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Nov 18 01:24:02 server ovpn-server-udp[3544]: note/80.187.11.1:28505 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Warum fehlt denn da jetzt die Push-Config im ersten log? Und wieso wurde die entferntere Verbindung aus dem ersten log so merkwürdig fehlerhaft aufgebaut, während die hierzulande aufgebaute Verbindung problemlos und gemäß config aufgebaut wurde?

Antworten