OpenVPN TCP 443
OpenVPN TCP 443
提问于 2017-11-10 13:18:36
我正在我的Ubuntu16.04.3上运行一个2.4.4版本的OpenVPN服务器。VPN连接在UDP 1194中工作得非常好,但是当我试图切换到TCP 443时,它就不会连接了。我使用的是apache2,在使用service apache2 stop命令进行测试之前我关闭了它。ufw 443是允许的,但即使我关闭防火墙,它也不会连接。(也在Windows客户端上)
以下是我的服务器配置:
port 443
proto tcp
;proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 213.133.98.98"
push "dhcp-option DNS 213.133.99.99"
push "dhcp-option DNS 213.133.100.100"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
auth SHA512
max-clients 2
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
tls-version-min 1.2
reneg-sec 60
remote-cert-tls client我的客户机配置:
client
dev tun
proto tcp
;proto udp
remote *super secret IP* 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
auth SHA512
key-direction 1
auth-nocache
reneg-sec 60
verb 3客户日志:
Fri Nov 10 13:35:05 2017 SIGUSR1[soft,connection-reset] received, process restarting
Fri Nov 10 13:35:05 2017 MANAGEMENT: >STATE:1510317305,RECONNECTING,connection-reset,,,,,
Fri Nov 10 13:35:05 2017 Restart pause, 5 second(s)
Fri Nov 10 13:35:10 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]*super secret IP*:443
Fri Nov 10 13:35:10 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Nov 10 13:35:10 2017 Attempting to establish TCP connection with [AF_INET]*super secret IP*:443 [nonblock]
Fri Nov 10 13:35:10 2017 MANAGEMENT: >STATE:1510317310,TCP_CONNECT,,,,,,
Fri Nov 10 13:35:11 2017 TCP connection established with [AF_INET]*super secret IP*:443
Fri Nov 10 13:35:11 2017 TCP_CLIENT link local: (not bound)
Fri Nov 10 13:35:11 2017 TCP_CLIENT link remote: [AF_INET]*super secret IP*:443
Fri Nov 10 13:35:11 2017 MANAGEMENT: >STATE:1510317311,WAIT,,,,,,
Fri Nov 10 13:35:11 2017 Connection reset, restarting [0]服务器日志:
Nov 12 18:22:22 ubuntu systemd[1]: Starting OpenVPN connection to server...
Nov 12 18:22:22 ubuntu systemd[1]: Starting OpenVPN service...
Nov 12 18:22:22 ubuntu systemd[1]: Started OpenVPN service.
Nov 12 18:22:22 ubuntu systemd[1]: Failed to start OpenVPN connection to server.ip addr show tun0与UDP 1149:
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
valid_lft forever preferred_lft forever使用TCP443的ip addr show tun0:
Device "tun0" does not exist.有人知道为什么当我切换到TCP 443时它不能工作吗?
回答 2
Server Fault用户
回答已采纳
发布于 2017-11-13 13:12:50
好了,我找到解决办法了!坦克到djsumdog给我的提示与日志附加选项。文件中的错误:Options error: --explicit-exit-notify can only be used with --proto udp,所以当我想要使用TCP时,我不能使用这个选项。现在一切都很好。
Server Fault用户
发布于 2017-11-10 14:17:51
可能openvpn服务器无法将特权端口绑定到:
用户无人分组
试着
用户根组根
看看能不能行。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/882849
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号