Bonjour,
J’ai un nouveau soucis embêtant avec mon nouveau serveur. Le VPN Client semble buguer de temps à autre et mon serveur devient inaccessible via son IPv4 de VPN.
Un email du diagnostique de Yunohost m’est envoyé (mais que je ne le reçois pas avant d’avoir rétabli la situation, bien évidement) :
Issues found by automatic diagnosis on domain.tld
The automatic diagnosis on your YunoHost server identified some issues on your server. You will find a description of the issues below. You can manage those issues in the ‘Diagnosis’ section in your webadmin.
=================================
Connectivité Internet (ip)
[ERROR] Le serveur ne dispose pas d’une adresse IPv4.
Afin de résoudre mon problème, je suis obligé de me connecter au serveur par l’adresse IP locale et de lancer
sudo service ynh-vpnclient restart
Alors, le serveur est de nouveau accessible sur son IPv4 de VPN.
J’ai regardé dans les logs de /var/log/openvpn-client.log et j’y trouve ça
Fri Sep 11 00:08:18 2020 133 variation(s) on previous 5 message(s) suppressed by --mute
Fri Sep 11 00:08:18 2020 [vpn.provider.com] Inactivity timeout (–ping-restart), restarting
Fri Sep 11 00:08:18 2020 /sbin/ip route del XXX.XXX.XXX.XXX/32
Fri Sep 11 00:08:18 2020 /sbin/ip route del 0.0.0.0/1
Fri Sep 11 00:08:18 2020 /sbin/ip route del 128.0.0.0/1
Fri Sep 11 00:08:18 2020 Closing TUN/TAP interface
Fri Sep 11 00:08:18 2020 /sbin/ip addr del dev tun0 89.234.177.95/26
Fri Sep 11 00:08:18 2020 SIGUSR1[soft,ping-restart] received, process restarting
Fri Sep 11 00:08:18 2020 Restart pause, 5 second(s)
Fri Sep 11 00:08:23 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 00:08:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:443
Fri Sep 11 00:08:23 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]
Fri Sep 11 00:08:23 2020 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]
Fri Sep 11 00:08:55 2020 TCP: connect to [AF_INET]XXX.XXX.XXX.XXX:443 failed: Connection timed out
Fri Sep 11 00:08:55 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Fri Sep 11 00:08:55 2020 Restart pause, 5 second(s)
Fri Sep 11 00:09:00 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 00:09:20 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 00:09:40 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 05:49:12 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 05:49:32 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 05:49:52 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 05:49:52 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 05:49:52 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 05:49:52 2020 Restart pause, 300 second(s)
Fri Sep 11 05:54:52 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 05:55:12 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 05:55:32 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 05:55:32 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 05:55:32 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 05:55:32 2020 Restart pause, 300 second(s)
Fri Sep 11 06:00:32 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 06:00:52 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:01:12 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:01:12 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 06:01:12 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 06:01:12 2020 Restart pause, 300 second(s)
Fri Sep 11 06:06:12 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 06:06:32 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:06:52 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:06:52 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 06:06:52 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 06:06:52 2020 Restart pause, 300 second(s)
Fri Sep 11 06:11:52 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 06:11:53 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:11:53 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:11:53 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 06:11:53 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 06:11:53 2020 Restart pause, 300 second(s)
Fri Sep 11 06:16:53 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 06:16:53 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:16:53 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:16:53 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 06:16:53 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 06:16:53 2020 Restart pause, 300 second(s)
Fri Sep 11 06:21:53 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 06:21:53 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:21:53 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:21:53 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 06:21:53 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 06:21:53 2020 Restart pause, 300 second(s)
Fri Sep 11 06:26:53 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 06:26:53 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:26:54 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:26:54 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 06:26:54 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 06:26:54 2020 Restart pause, 300 second(s)
Fri Sep 11 06:31:54 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Sep 11 06:31:54 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:31:54 2020 RESOLVE: Cannot resolve host address: vpn.provider.com:443 (Temporary failure in name resolution)
Fri Sep 11 06:31:54 2020 Could not determine IPv4/IPv6 protocol
Fri Sep 11 06:31:54 2020 SIGUSR1[soft,init_instance] received, process restarting
Fri Sep 11 06:31:54 2020 Restart pause, 300 second(s)
mon fournisseur de VPN m’a demandé de regarder ce qui est contenu dans
/etc/resolv.conf et dans /etc/resolv.dnsmasq.conf quand le service ynh-vpnclient est en fonctionnement et quand je l’arrête.
/etc/resolv.conf a le même contenu dans les deux cas,
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
mais le contenu de /etc/resolv.dnsmasq.conf change.
Quand le service ynh-vpnclient est en fonctionnement, il contient les deux adresse ip des deux serveur DNS renseigné dans l’application VPN-Client
Quand le le service ynh-vpnclient est à l’arrêt, son contenu est celui par défaut de Yunohost (je crois) à savoir
nameserver 80.67.190.200
nameserver 84.200.70.40
nameserver 80.67.188.188
nameserver 2001:67c:28a4::
nameserver 2a0c:e300::100
nameserver 185.233.100.101
nameserver 2001:910:800::40
nameserver 2a00:5881:8100:1000::3
nameserver 2001:910:800::12
nameserver 80.67.169.12
nameserver 80.67.169.40
nameserver 194.150.168.168
nameserver 89.233.43.71
nameserver 2001:1608:10:25::1c04:b12f
nameserver 91.239.100.100
nameserver 84.200.69.80
nameserver 2a00:5884:8218::1
nameserver 2001:1608:10:25::9249:d69b
nameserver 2a0c:e300::101
nameserver 2001:913::8
nameserver 89.234.141.66
nameserver 195.160.173.53
nameserver 85.214.20.141
nameserver 185.233.100.100
nameserver 2a01:3a0:53:53::
Ils m’ont ensuite dit cette phrase mystérieuse mais que certains ici comprendront peut-être:
Okay. pour contourner le problème il faudrait que tu dises à resolvconf de rajouter un serveur DNS en fallback quand tu es connecté au VPN. comme ça, quand le client réinitialisera sa connexion il aura un serveur utilisable malgré les deux premiers qui le rejetteront
le plus propre ce serait qu’openvpn nettoie ses changements resolvconf avant de réinitialiser sa connexion, mais jene vois pas comment faire ça proprement, là
Un idée de comment résoudre mon problème?