OpenVPN安装程序莫名其妙地停止工作
OpenVPN安装程序莫名其妙地停止工作
提问于 2023-01-29 14:45:04
经过几个月前的挣扎,我建立了一个openVPN服务器和客户端来远程连接到我的第一个PC构建。所有的东西都在运行Ubuntu 20,直到现在它运行得很好,允许我从我尝试过的每一个远程位置连接。我最初是用本教程来自数字海洋来设置的。我现在有TLS问题,不知道如何进行,所以我在这里张贴。
我没有明确地接触到与openVPN相关的任何东西,也没有在我的服务器机器上做任何其他大规模安装,但是我不能再从我的笔记本客户端连接到它。我试图设置第二个膝上型计算机客户端,看看它是否是客户端的错误,但第二台笔记本电脑也没有工作。然后,我在两端卸载和重新安装openvpn,并从零开始创建新的键和一切。在这个客户端输出中,我仍然得到如下所示的TLS握手错误。
Clue 1:正如尼基塔所指出的,服务器输出没有显示任何试图连接的客户端。在过去,我曾在服务器输出中看到过尝试。在服务器和客户端上发出openvpn *conf命令之后,我在服务器上发布了一些tcpdump命令(尽管我对此知之甚少)。
~$ sudo tcpdump -D
[sudo] password for adnan:
1.enp5s0 [Up, Running]
2.tun0 [Up, Running]
3.lo [Up, Running, Loopback]
4.any (Pseudo-device that captures on all interfaces) [Up, Running]
5.wlo1 [Up]
6.docker0 [Up]
7.br-d2c78a773ae5 [Up]
8.br-4b07fa21428c [Up]
9.bluetooth-monitor (Bluetooth Linux Monitor) [none]
10.nflog (Linux netfilter log (NFLOG) interface) [none]
11.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
12.bluetooth0 (Bluetooth adapter number 0) [none]
~$ sudo tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes和客户
~$ sudo tcpdump -D
1.wlo1 [Up, Running]
2.lo [Up, Running, Loopback]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.docker0 [Up]
5.br-4fe775d77579 [Up]
6.bluetooth-monitor (Bluetooth Linux Monitor) [none]
7.nflog (Linux netfilter log (NFLOG) interface) [none]
8.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
9.bluetooth0 (Bluetooth adapter number 0) [none]Clue 2:在再次阅读本教程时,我确实注意到了一件事:ip route list default的输出似乎已经从enp4s0更改为enp5s0,但我不知道这是否相关。
Clue 3?:上面的教程建议在客户端运行systemd-resolve --status tun0,但它返回Failed to resolve interface "tun0", ignoring: No such device。但我不知道该怎么认真对待这个..。在进一步阅读时,我想,只有当我试图通过VPN来推动所有流量时,这才是相关的,而我不是。所以也许这是无关的。
客户端输出是
client$ openvpn laptop_client.conf
Sun Jan 29 08:12:29 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Sun Jan 29 08:12:29 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sun Jan 29 08:12:29 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jan 29 08:12:29 2023 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sun Jan 29 08:12:29 2023 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 29 08:12:29 2023 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sun Jan 29 08:12:29 2023 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Jan 29 08:12:29 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]140.141.196.45:11111
Sun Jan 29 08:12:29 2023 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Jan 29 08:12:29 2023 UDP link local: (not bound)
Sun Jan 29 08:12:29 2023 UDP link remote: [AF_INET]140.141.196.45:11111
Sun Jan 29 08:12:29 2023 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sun Jan 29 08:13:29 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jan 29 08:13:29 2023 TLS Error: TLS handshake failed
Sun Jan 29 08:13:29 2023 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 29 08:13:29 2023 Restart pause, 5 second(s)
Sun Jan 29 08:13:34 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jan 29 08:13:34 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]140.141.196.45:11111
Sun Jan 29 08:13:34 2023 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Jan 29 08:13:34 2023 UDP link local: (not bound)
Sun Jan 29 08:13:34 2023 UDP link remote: [AF_INET]140.141.196.45:11111
Sun Jan 29 08:14:34 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jan 29 08:14:34 2023 TLS Error: TLS handshake failed
Sun Jan 29 08:14:34 2023 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 29 08:14:34 2023 Restart pause, 5 second(s)
Sun Jan 29 08:14:39 2023 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jan 29 08:14:39 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]140.141.196.45:11111
Sun Jan 29 08:14:39 2023 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Jan 29 08:14:39 2023 UDP link local: (not bound)
Sun Jan 29 08:14:39 2023 UDP link remote: [AF_INET]140.141.196.45:11111服务器输出是
root@build1:/etc/openvpn/server# openvpn server_build1.conf
Sat Jan 28 21:48:58 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Sat Jan 28 21:48:58 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sat Jan 28 21:48:58 2023 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Jan 28 21:48:58 2023 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 28 21:48:58 2023 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Jan 28 21:48:58 2023 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Jan 28 21:48:58 2023 ROUTE_GATEWAY 10.1.2.1/255.255.255.0 IFACE=enp5s0 HWADDR=d8:bb:c1:d9:d3:33
Sat Jan 28 21:48:58 2023 TUN/TAP device tun0 opened
Sat Jan 28 21:48:58 2023 TUN/TAP TX queue length set to 100
Sat Jan 28 21:48:58 2023 /sbin/ip link set dev tun0 up mtu 1500
Sat Jan 28 21:48:58 2023 /sbin/ip addr add dev tun0 local 10.8.1.1 peer 10.8.1.2
Sat Jan 28 21:48:58 2023 /sbin/ip route add 10.8.1.0/24 via 10.8.1.2
Sat Jan 28 21:48:58 2023 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Jan 28 21:48:58 2023 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jan 28 21:48:58 2023 UDPv4 link local (bound): [AF_INET][undef]:11111
Sat Jan 28 21:48:58 2023 UDPv4 link remote: [AF_UNSPEC]
Sat Jan 28 21:48:58 2023 GID set to nogroup
Sat Jan 28 21:48:58 2023 UID set to nobody
Sat Jan 28 21:48:58 2023 MULTI: multi_init called, r=256 v=256
Sat Jan 28 21:48:58 2023 IFCONFIG POOL: base=10.8.1.4 size=62, ipv6=0
Sat Jan 28 21:48:58 2023 IFCONFIG POOL LIST
Sat Jan 28 21:48:58 2023 Initialization Sequence Completedlaptop_client.conf文件中包含(我已经编辑了一些我认为我应该做的事情)
client
dev tun
proto udp
remote REDACTED 11111
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
verb 3
key-direction 1
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
Certificate:
Data:
REDACTED
...
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
REDACTED
-----END PRIVATE KEY-----
-----BEGIN OpenVPN Static key V1-----
REDACTED
-----END OpenVPN Static key V1-----server_build1.conf文件是
port 11111
proto udp
dev tun
ca ca.crt
cert server_build1.crt
key server_build1.key # This file should be kept secret
dh none
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.1.2.0 255.255.255.0"
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1如果它是相关的,服务器防火墙似乎正在工作
root@build1:/etc/openvpn/server# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
11111/udp ALLOW Anywhere
5900/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
11111/udp (v6) ALLOW Anywhere (v6)
5900/tcp (v6) ALLOW Anywhere (v6) 回答 1
Server Fault用户
回答已采纳
发布于 2023-02-02 02:55:29
这个答案不太可能对其他人有所帮助,但这个问题与我使用no-ip.com给我一个遵循我的动态IP的域名有关。我更改了帐户上的密码,因为我忘记了密码,但又忘记了路由器需要密码才能与no-ip通信。即使在更改了no-ip上的密码之后,IP也没有在no-ip上更新,所以我不得不点击网站上的几个按钮来更新它。然后一切都开始运作了!
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1121427
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号