Ubuntu 22.10OpenVPN不能作为客户端进行连接
Ubuntu 22.10OpenVPN不能作为客户端进行连接
提问于 2022-10-20 17:17:16
在更新到Ubuntu22.10之后,openvpn无法使用Ubuntu22.04LTS中相同的旧工作的ovpn配置文件作为客户端连接到服务器。
我经常会犯错误:
2022-10-20 20:10:04 TCPv4_CLIENT link remote: [AF_INET]xx.xxx.xxx.xxx:1194
2022-10-20 20:10:04 Connection reset, restarting [0]
2022-10-20 20:10:04 SIGUSR1[soft,connection-reset] received, process restarting我试着重新安装openvpn,但是没有帮助。
我的配置:
client
dev tun
proto tcp
remote xx.xxx.xxx.x 1194
user nobody
group nogroup
persist-key
persist-tun
pkcs12 /home/dyedfox/openvpn/opvn-client1.p12
auth-user-pass /home/dyedfox/openvpn/auth.cfg
askpass /home/dyedfox/openvpn/keypass.cfg
remote-cert-tls server
route 10.0.0.0 255.255.0.0 10.8.8.1
route 10.176.64.16 255.255.255.248 10.8.8.1
route 10.210.4.200 255.255.255.248 10.8.8.1
cipher AES-256-CBC请你帮我解决这个问题好吗?
P.S.全部产出:
2022-10-20 21:36:40 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2022-10-20 21:36:40 WARNING: file '/home/dyedfox/openvpn/opvn-client1.p12' is group or others accessible
2022-10-20 21:36:40 WARNING: file '/home/dyedfox/openvpn/keypass.cfg' is group or others accessible
2022-10-20 21:36:40 WARNING: file '/home/dyedfox/openvpn/auth.cfg' is group or others accessible
2022-10-20 21:36:40 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2022-10-20 21:36:40 library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
2022-10-20 21:36:40 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-10-20 21:36:40 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:40 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:40 TCP connection established with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:40 TCPv4_CLIENT link local: (not bound)
2022-10-20 21:36:40 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:40 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2022-10-20 21:36:41 Connection reset, restarting [0]
2022-10-20 21:36:41 SIGUSR1[soft,connection-reset] received, process restarting
2022-10-20 21:36:46 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:46 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:46 TCP connection established with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:46 TCPv4_CLIENT link local: (not bound)
2022-10-20 21:36:46 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:47 Connection reset, restarting [0]
2022-10-20 21:36:47 SIGUSR1[soft,connection-reset] received, process restarting
2022-10-20 21:36:52 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:52 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:52 TCP connection established with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:52 TCPv4_CLIENT link local: (not bound)
2022-10-20 21:36:52 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:53 Connection reset, restarting [0]
2022-10-20 21:36:53 SIGUSR1[soft,connection-reset] received, process restarting
2022-10-20 21:36:58 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:58 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:58 TCP connection established with [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:58 TCPv4_CLIENT link local: (not bound)
2022-10-20 21:36:58 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.x:1194
2022-10-20 21:36:58 Connection reset, restarting [0]
2022-10-20 21:36:58 SIGUSR1[soft,connection-reset] received, process restarting回答 7
Ask Ubuntu用户
发布于 2022-10-21 11:21:24
这里是起因于 臭虫 in network-manager-openvpn。
Ubuntu22.10更新为更新的OpenVPN (2.6)版本,它不支持cipher选项,忽略它,并期待更新的data-ciphers选项,如下面的输出所示:
2022-10-20 21:36:40 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.问题是旧选项是在network-manager-openvpn中硬编码的,因此对新选项的重写将无法工作,除非使用命令行传递它。
目前,您应该降级到OpenVPN 2.5.5。以下是基于这个答案的步骤,这些步骤对我也有很大帮助:https://askubuntu.com/a/1406472/1589545
- 如果安装了,请卸载当前的OpenVPN版本:
sudo apt remove openvpn - 安装OpenVPN 2.5.5
- 转到https://launchpad.net/ubuntu/jammy/amd64/openvpn/2.5.5-1ubuntu3
- 在“可下载文件”部分下载
openvpn_2.5.5-1ubuntu3_amd64.deb文件 - 双击文件并使用软件安装(GUI)打开
- 可选:标记OpenVPN不更新:
sudo apt-mark hold openvpn - 重新安装NetworkManager OpenVPN GUI:
sudo apt install network-manager-openvpn-gnome
Ask Ubuntu用户
发布于 2022-10-27 13:19:37
我已经找到了一种不降低OpenVPN版本的工作方式,使用OpenVPN 2.6。
看起来,NetworkManager并没有从ovpn文件中读取所有选项(比如data-ciphers选项)。其想法是手动将所需的选项直接放入NetworkManager配置文件中。
以下是说明:
- 您的OpenVPN连接应该已经显示在网络管理器的VPN连接列表中。如果OpenVPN连接未在NetworkManager中显示,则可以使用"Import文件.“创建它。菜单项(
Settings->Network->VPN-> VPN+->Import from file...) - 运行gnome终端:在键盘上按
Alt-F2,键入gnome-terminal,然后按Enter - 在终端应用程序中,请运行以下命令来编辑NetworkManager连接文件:当系统要求输入Ubuntu用户密码并按Enter (密码或星号将不显示在终端中)时,请输入Ubuntu用户的密码。
- 将以下行添加到
[vpn]部分:数据加密=AES-256-CBC,而不是AES-256-CBC,请设置OpenVPN服务器或OpenVPN服务供应商支持的数据加密值。您应该能够在VPN服务供应商提供的ovpn文件中找到这个值。 - 按键盘上的
F2,然后按y和Enter保存文件。 - 通过运行以下命令重新启动NetworkManager服务: systemctl重新启动NetworkManager
- 尝试从网络管理器连接OpenVPN连接。
Ask Ubuntu用户
发布于 2022-11-02 15:53:58
我刚加了
data-ciphers=AES-128-CBC中的原始密码条目下面
/etc/NetworkManager/system-connections/MYVPN.nmconnection而且起作用了。
cipher=AES-128-CBC
data-ciphers=AES-128-CBC页面原文内容由Ask Ubuntu提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://askubuntu.com/questions/1436407
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号