访问openmediavault Web ui断开VPN连接

我正在寻找分析以下问题的建议。

主持人在玩

  • 答:运行Openmediavault 5和OpenVPN客户端的RPi 4主机
  • (注意:网络流量未通过VPN路由,即默认路由通过eth和网关)
  • B:运行OpenVPN服务器的WRT路由器(华硕WRT路由器)
  • C:B的LAN或VPN内的任何计算机。

事实

C可以通过B联系A的VPN IP。

e.g., from C, it is possible to do ssh A@vpn-ip-addr-ofA

问题

每当我尝试从C访问A的Web ui(端口80)时,A的VPN连接都会中断。

确切地说,服务器B感觉到没有包交换,并且在超时后恢复了A-B连接。

其他方面

  1. 通过C,我可以通过VPN来访问A的其他端口(例如22上的ssh或其他端口上的http服务)。
  2. 如果我尝试以其他方式访问A的端口80(例如ssh代理(-D),ssh端口转发(-L)),则VPN也将掉线。

给定第1点,我怀疑是否有一些针对openmediavault的行为在起作用?

有什么建议吗? 谢谢

技术细节

客户端A openvpn配置:

remote xyz
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 15 60


## should prevent traffic tunnelling
pull-filter ignore redirect-gateway

# for OpenVPN 2.4 or older
comp-lzo yes
# for OpenVPN 2.4 or newer
;compress lzo

## auth-user-pass
auth-user-pass /etc/openvpn/auth.txt
client
auth SHA1
cipher AES-128-CBC
remote-cert-tls server
<ca>
...

服务器B openvpn配置

admin@ZenWiFi_XT8-D8D0:/tmp/etc/openvpn/server1# cat config.ovpn 
# Automatically generated configuration

# Tunnel options
proto udp4
multihome
port xyz
dev tun21
sndbuf 0
rcvbuf 0
keepalive 15 60
up '/etc/openvpn/ovpn-up'
down '/etc/openvpn/ovpn-down'
setenv ovpn_type 0
setenv unit 1
script-security 2
daemon vpnserver1
verb 3
status-version 2
status status 10
compress lzo
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn

# Server Mode
server 10.8.0.0 255.255.255.0
client-config-dir ccd
client-to-client
duplicate-cn
push "route 192.168.50.0 255.255.255.0 vpn_gateway 500"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.50.1"

# Data Channel Encryption Options
auth SHA1
cipher AES-128-CBC

# TLS Mode Options
ca ca.crt
dh dh.pem
cert server.crt
key server.key

# Custom Configuration


B服务器日志

Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 TLS: Initial packet from [AF_INET]192.168.2.254:56408 (via [AF_INET]192.168.1.132%eth0), sid=c7186523 5878c344
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=ZenWiFi_XT8, emailAddress=me@myhost.mydomain
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_VER=2.4.7
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_PLAT=linux
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_PROTO=2
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_NCP=2
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_LZ4=1
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_LZ4v2=1
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_LZO=1
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_COMP_STUB=1
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_COMP_STUBv2=1
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 peer info: IV_TCPNL=1
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 TLS: Username/Password authentication succeeded for username 'xyz' 
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Jul 29 10:35:29 vpnserver1[3578]: 192.168.2.254:56408 [client] Peer Connection Initiated with [AF_INET]192.168.2.254:56408 (via [AF_INET]192.168.1.132%eth0)
Jul 29 10:35:29 vpnserver1[3578]: client/192.168.2.254:56408 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Jul 29 10:35:29 vpnserver1[3578]: client/192.168.2.254:56408 MULTI: Learn: 10.8.0.6 -> client/192.168.2.254:56408
Jul 29 10:35:29 vpnserver1[3578]: client/192.168.2.254:56408 MULTI: primary virtual IP for client/192.168.2.254:56408: 10.8.0.6
Jul 29 10:35:30 vpnserver1[3578]: client/192.168.2.254:56408 PUSH: Received control message: 'PUSH_REQUEST'
Jul 29 10:35:30 vpnserver1[3578]: client/192.168.2.254:56408 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.50.0 255.255.255.0 vpn_gateway 500,redirect-gateway def1,dhcp-option DNS 192.168.50.1,route 10.8.0.0 255.255.255.0,topology net30,ping 15,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Jul 29 10:35:30 vpnserver1[3578]: client/192.168.2.254:56408 Data Channel: using negotiated cipher 'AES-256-GCM'
Jul 29 10:35:30 vpnserver1[3578]: client/192.168.2.254:56408 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 29 10:35:30 vpnserver1[3578]: client/192.168.2.254:56408 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
----> AROUND HERE I MAKE THE request to A from C
Jul 29 10:39:19 vpnserver1[3578]: client/192.168.2.254:56408 [client] Inactivity timeout (--ping-restart), restarting
Jul 29 10:39:19 vpnserver1[3578]: client/192.168.2.254:56408 SIGUSR1[soft,ping-restart] received, client-instance restarting
Jul 29 10:40:17 vpnserver1[3578]: 192.168.2.254:43401 TLS: Initial packet from [AF_INET]192.168.2.254:43401 (via [AF_INET]192.168.1.132%eth0), sid=b4697c1d 94e534f3
Jul 29 10:40:17 vpnserver1[3578]: 192.168.2.254:43401 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=ZenWiFi_XT8, emailAddress=me@myhost.mydomain
Jul 29 10:40:17 vpnserver1[3578]: 192.168.2.254:43401 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain