OpenVPN错误状态: 2,在使用
OpenVPN错误状态: 2,在使用
提问于 2017-08-14 04:19:33
我最近安装了openVPN并将其配置为client1.ovpn文件:
client
dev tun
proto udp
remote 10.8.0.1 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
key-direction 1
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf我的server.conf文件:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC # AES
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3当我执行命令时
sudo openvpn --config client1.ovpn我在终端中发现了这个错误:
Sat Aug 12 21:57:10 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL
(OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sat Aug 12 21:57:10 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016,
LZO 2.08
Sat Aug 12 21:57:10 2017 Control Channel Authentication: tls-auth
using INLINE static key file
Sat Aug 12 21:57:10 2017 Outgoing Control Channel Authentication:
Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Aug 12 21:57:10 2017 Incoming Control Channel Authentication:
Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Aug 12 21:57:10 2017 Socket Buffers: R=[212992->212992] S=[212992-
>212992]
Sat Aug 12 21:57:10 2017 NOTE: UID/GID downgrade will be delayed
because of --client, --pull, or --up-delay
Sat Aug 12 21:57:10 2017 UDPv4 link local: [undef]
Sat Aug 12 21:57:10 2017 UDPv4 link remote: [AF_INET]10.8.0.1:1194
Sat Aug 12 21:57:10 2017 TLS: Initial packet from
[AF_INET]10.8.0.1:1194, sid=640d1419 b8d9a3ee
Sat Aug 12 21:57:10 2017 VERIFY OK: depth=1, C=US, ST=CA, L=Los
Angeles, O=Fort-Funston, OU=Community, CN=Fort-Funston CA,
name=Server, emailAddress=fasching.ryan@gmail.com
Sat Aug 12 21:57:10 2017 Validating certificate key usage
Sat Aug 12 21:57:10 2017 ++ Certificate has key usage 00a0, expects
00a0
Sat Aug 12 21:57:10 2017 VERIFY KU OK
Sat Aug 12 21:57:10 2017 Validating certificate extended key usage
Sat Aug 12 21:57:10 2017 ++ Certificate has EKU (str) TLS Web Server
Authentication, expects TLS Web Server Authentication
Sat Aug 12 21:57:10 2017 VERIFY EKU OK
Sat Aug 12 21:57:10 2017 VERIFY OK: depth=0, C=US, ST=CA, L=Los
Angeles, O=Fort-Funston, OU=Community, CN=Ryan, name=Server,
emailAddress=fasching.ryan@gmail.com
Sat Aug 12 21:57:10 2017 Data Channel Encrypt: Cipher 'AES-128-CBC'
initialized with 128 bit key
Sat Aug 12 21:57:10 2017 Data Channel Encrypt: Using 256 bit message
hash 'SHA256' for HMAC authentication
Sat Aug 12 21:57:10 2017 Data Channel Decrypt: Cipher 'AES-128-CBC'
initialized with 128 bit key
Sat Aug 12 21:57:10 2017 Data Channel Decrypt: Using 256 bit message
hash 'SHA256' for HMAC authentication
Sat Aug 12 21:57:10 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3
DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Aug 12 21:57:10 2017 [Ryan] Peer Connection Initiated with
[AF_INET]10.8.0.1:1194
Sat Aug 12 21:57:12 2017 SENT CONTROL [Ryan]: 'PUSH_REQUEST'
(status=1)
Sat Aug 12 21:57:12 2017 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS
208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology
net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Aug 12 21:57:12 2017 OPTIONS IMPORT: timers and/or timeouts
modified
Sat Aug 12 21:57:12 2017 OPTIONS IMPORT: --ifconfig/up options
modified
Sat Aug 12 21:57:12 2017 OPTIONS IMPORT: route options modified
Sat Aug 12 21:57:12 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-
option options modified
Sat Aug 12 21:57:12 2017 WARNING: potential conflict between --remote
address [10.8.0.1] and --ifconfig address pair [10.8.0.6, 10.8.0.5] --
this is a warning only that is triggered when local/remote addresses
exist within the same /24 subnet as --ifconfig endpoints. (silence
this warning with --ifconfig-nowarn)
Sat Aug 12 21:57:12 2017 ROUTE_GATEWAY 10.15.65.1/255.255.255.0
IFACE=wlp1s0 HWADDR=d0:57:7b:09:c7:c0
Sat Aug 12 21:57:12 2017 TUN/TAP device tun1 opened
Sat Aug 12 21:57:12 2017 TUN/TAP TX queue length set to 100
Sat Aug 12 21:57:12 2017 do_ifconfig, tt->ipv6=0, tt-
>did_ifconfig_ipv6_setup=0
Sat Aug 12 21:57:12 2017 /sbin/ip link set dev tun1 up mtu 1500
Sat Aug 12 21:57:12 2017 /sbin/ip addr add dev tun1 local 10.8.0.6
peer 10.8.0.5
Sat Aug 12 21:57:12 2017 /sbin/ip route add 10.8.0.1/32 via 10.15.65.1
RTNETLINK answers: File exists
Sat Aug 12 21:57:12 2017 ERROR: Linux route add command failed:
external program exited with error status: 2
Sat Aug 12 21:57:12 2017 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Sat Aug 12 21:57:12 2017 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Sat Aug 12 21:57:12 2017 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
RTNETLINK answers: File exists
Sat Aug 12 21:57:12 2017 ERROR: Linux route add command failed:
external program exited with error status: 2
Sat Aug 12 21:57:12 2017 GID set to nogroup
Sat Aug 12 21:57:12 2017 UID set to nobody
Sat Aug 12 21:57:12 2017 Initialization Sequence Completed当openvpn在终端上使用时,我也无法连接到互联网。直到我点击crtl+c才能再次连接到互联网。
在ctrl+c之后,我也得到了这些错误:
^CSat Aug 12 21:57:56 2017 event_wait : Interrupted system call
(code=4)
Sat Aug 12 21:57:56 2017 /sbin/ip route del 10.8.0.1/32
RTNETLINK answers: Operation not permitted
Sat Aug 12 21:57:56 2017 ERROR: Linux route delete command failed:
external program exited with error status: 2
Sat Aug 12 21:57:56 2017 /sbin/ip route del 0.0.0.0/1
RTNETLINK answers: Operation not permitted
Sat Aug 12 21:57:56 2017 ERROR: Linux route delete command failed:
external program exited with error status: 2
Sat Aug 12 21:57:56 2017 /sbin/ip route del 128.0.0.0/1
RTNETLINK answers: Operation not permitted
Sat Aug 12 21:57:56 2017 ERROR: Linux route delete command failed:
external program exited with error status: 2
Sat Aug 12 21:57:56 2017 Closing TUN/TAP interface
Sat Aug 12 21:57:56 2017 /sbin/ip addr del dev tun1 local 10.8.0.6
peer 10.8.0.5
RTNETLINK answers: Operation not permitted
Sat Aug 12 21:57:56 2017 Linux ip addr del failed: external program
exited with error status: 2
Sat Aug 12 21:57:56 2017 SIGINT[hard,] received, process exiting我一直试图在谷歌上找到这个问题的答案,但没有运气。是什么导致这个错误的“错误: Linux路由添加命令失败:外部程序退出与错误状态: 2”以及能够连接到互联网时使用。谢谢。
回答 1
Unix & Linux用户
发布于 2020-08-05 23:10:34
问题是,您试图使用与客户端LAN相同的VPN传输子网。
Sat Aug 12 21:57:12 2017警告:远程地址10.8.0.1和--ifconfig地址对10.8.0.6 10.8.0.5之间的潜在冲突--这是一个仅当本地/远程地址存在于与--ifconfig端点相同的/24子网中时触发的警告。
将此错误与服务器配置中的指令相结合,将所有出站流量路由到VPN隧道,这并不奇怪您在隧道关闭时丢失了internet访问。
页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/385966
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号