Имеется настроенный vpn сервер, пользовался несколько месяцев, было все нормально, но после того как он простоял около недели без действия, появились лаги. То есть он нормально подключается, даже грузит, но перед тем как начать грузить сайт он думает секунд 10-15 и скорость около 2мб, хотя раньше 20 была
Код клиента:
client
dev tun
proto udp
remote АДРЕС_СЕРВЕРА 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
verb 3
Код сервера
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
Лог клиента
Sat Nov 21 21:54:20 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sat Nov 21 21:54:20 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Sat Nov 21 21:54:20 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Nov 21 21:54:20 2015 Need hold release from management interface, waiting...
Sat Nov 21 21:54:20 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Nov 21 21:54:20 2015 MANAGEMENT: CMD 'state on'
Sat Nov 21 21:54:20 2015 MANAGEMENT: CMD 'log all on'
Sat Nov 21 21:54:20 2015 MANAGEMENT: CMD 'hold off'
Sat Nov 21 21:54:20 2015 MANAGEMENT: CMD 'hold release'
Sat Nov 21 21:54:24 2015 MANAGEMENT: CMD 'password [...]'
Sat Nov 21 21:54:24 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Nov 21 21:54:24 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Nov 21 21:54:24 2015 UDPv4 link local: [undef]
Sat Nov 21 21:54:24 2015 UDPv4 link remote: [AF_INET]92.63.107.243:1194
Sat Nov 21 21:54:24 2015 MANAGEMENT: >STATE:1448132064,WAIT,,,
Sat Nov 21 21:54:24 2015 MANAGEMENT: >STATE:1448132064,AUTH,,,
Sat Nov 21 21:54:24 2015 TLS: Initial packet from [AF_INET]АДРЕС_СЕРВЕРА:1194, sid=90335cfa 2a12bcc9
Sat Nov 21 21:54:25 2015 VERIFY OK: depth=1, CN=Easy-RSA CA
Sat Nov 21 21:54:25 2015 Validating certificate key usage
Sat Nov 21 21:54:25 2015 ++ Certificate has key usage 00a0, expects 00a0
Sat Nov 21 21:54:25 2015 VERIFY KU OK
Sat Nov 21 21:54:25 2015 Validating certificate extended key usage
Sat Nov 21 21:54:25 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Nov 21 21:54:25 2015 VERIFY EKU OK
Sat Nov 21 21:54:25 2015 VERIFY OK: depth=0, CN=server
Sat Nov 21 21:54:25 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 21 21:54:25 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 21 21:54:25 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 21 21:54:25 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 21 21:54:25 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov 21 21:54:25 2015 [server] Peer Connection Initiated with [AF_INET]АДРЕС_СЕРВЕРА:1194
Sat Nov 21 21:54:26 2015 MANAGEMENT: >STATE:1448132066,GET_CONFIG,,,
Sat Nov 21 21:54:27 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Nov 21 21:54:27 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Nov 21 21:54:27 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sat Nov 21 21:54:27 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sat Nov 21 21:54:27 2015 OPTIONS IMPORT: route options modified
Sat Nov 21 21:54:27 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Nov 21 21:54:27 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov 21 21:54:27 2015 MANAGEMENT: >STATE:1448132067,ASSIGN_IP,,10.8.0.6,
Sat Nov 21 21:54:27 2015 open_tun, tt->ipv6=0
Sat Nov 21 21:54:27 2015 TAP-WIN32 device [Подключение по локальной сети 2] opened: \\.\Global\{48A76E5F-3340-4B4F-ABB7-41F3B4EC0042}.tap
Sat Nov 21 21:54:27 2015 TAP-Windows Driver Version 9.21
Sat Nov 21 21:54:27 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {48A76E5F-3340-4B4F-ABB7-41F3B4EC0042} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sat Nov 21 21:54:27 2015 Successful ARP Flush on interface [33] {48A76E5F-3340-4B4F-ABB7-41F3B4EC0042}
Sat Nov 21 21:54:29 2015 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sat Nov 21 21:54:29 2015 C:\Windows\system32\route.exe ADD АДРЕС_СЕРВЕРА MASK 255.255.255.255 192.168.0.1
Sat Nov 21 21:54:29 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Nov 21 21:54:29 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sat Nov 21 21:54:29 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Nov 21 21:54:29 2015 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sat Nov 21 21:54:29 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Nov 21 21:54:29 2015 MANAGEMENT: >STATE:1448132069,ADD_ROUTES,,,
Sat Nov 21 21:54:29 2015 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sat Nov 21 21:54:29 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Nov 21 21:54:29 2015 Initialization Sequence Completed
Sat Nov 21 21:54:29 2015 MANAGEMENT: >STATE:1448132069,CONNECTED,SUCCESS,10.8.0.6,92.63.107.243
Лог сервера
Sat Nov 21 21:54:34 2015 MULTI: multi_create_instance called
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Re-using SSL/TLS context
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Local Options hash (VER=V4): '239669a8'
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Expected Remote Options hash (VER=V4): '3514370b'
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 TLS: Initial packet from [AF_INET]АДРЕС_КЛИЕНТА:3458, sid=41f83433 c18b7549
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 VERIFY OK: depth=1, /CN=Easy-RSA_CA
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 VERIFY OK: depth=0, /CN=client1
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov 21 21:54:34 2015 АДРЕС_КЛИЕНТА:3458 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov 21 21:54:35 2015 АДРЕС_КЛИЕНТА:3458 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov 21 21:54:35 2015 АДРЕС_КЛИЕНТА:3458 [client1] Peer Connection Initiated with [AF_INET]АДРЕС_КЛИЕНТА:3458
Sat Nov 21 21:54:35 2015 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Sat Nov 21 21:54:35 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=50a5:9d3:2a7f:0:f2b7:6dd2:2a7f:0
Sat Nov 21 21:54:35 2015 MULTI: Learn: 10.8.0.6 -> client1/АДРЕС_КЛИЕНТА:3458
Sat Nov 21 21:54:35 2015 MULTI: primary virtual IP for client1/АДРЕС_КЛИЕНТА:3458: 10.8.0.6
Sat Nov 21 21:54:36 2015 client1/АДРЕС_КЛИЕНТА:3458 PUSH: Received control message: 'PUSH_REQUEST'
Sat Nov 21 21:54:36 2015 client1/АДРЕС_КЛИЕНТА:3458 send_push_reply(): safe_cap=960
Sat Nov 21 21:54:36 2015 client1/АДРЕС_КЛИЕНТА:3458 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)