我通过 CLI 建立了有效的 VPN 连接:
sudo openvpn myconfigfile.ovpn
我在 Network Manager GUI 中导入了该文件,但每次尝试使用它时,总是会失败,但我找不到原因。我通过以下方式查看了 NetworkManager 的日志:
journalctl -u NetworkManager
结果是:
sept. 06 09:30:56 alt-machine NetworkManager[19942]: <info> [1504683056.7617] audit: op="connection-activate" uuid="24fc3644-b324-46a4-9ce1-c1a0fcea1b75" name="name-of-connection" pid=3406 uid=1000 result="success"
sept. 06 09:30:56 alt-machine NetworkManager[19942]: <info> [1504683056.7900] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: Started the VPN service, PID 23791
sept. 06 09:30:56 alt-machine NetworkManager[19942]: <info> [1504683056.8118] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: Saw the service appear; activating connection
sept. 06 09:30:56 alt-machine nm-openvpn[23798]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 22 2017
sept. 06 09:30:56 alt-machine nm-openvpn[23798]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
sept. 06 09:30:56 alt-machine NetworkManager[19942]: <info> [1504683056.9251] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: VPN plugin: state changed: starting (3)
sept. 06 09:30:56 alt-machine NetworkManager[19942]: <info> [1504683056.9251] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: VPN connection: (ConnectInteractive) reply received
sept. 06 09:30:57 alt-machine nm-openvpn[23798]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
sept. 06 09:30:57 alt-machine nm-openvpn[23798]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:port
sept. 06 09:30:57 alt-machine nm-openvpn[23798]: UDP link local: (not bound)
sept. 06 09:30:57 alt-machine nm-openvpn[23798]: UDP link remote: [AF_INET]x.x.x.x:port
sept. 06 09:30:57 alt-machine nm-openvpn[23798]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
sept. 06 09:30:57 alt-machine nm-openvpn[23798]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
sept. 06 09:31:56 alt-machine NetworkManager[19942]: <warn> [1504683116.7116] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: VPN connection: connect timeout exceeded.
sept. 06 09:31:56 alt-machine nm-openvpn-serv[23791]: Connect timer expired, disconnecting.
sept. 06 09:31:56 alt-machine NetworkManager[19942]: <warn> [1504683116.7199] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: VPN plugin: failed: connect-failed (1)
sept. 06 09:31:56 alt-machine NetworkManager[19942]: <info> [1504683116.7208] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: VPN plugin: state changed: stopping (5)
sept. 06 09:31:56 alt-machine NetworkManager[19942]: <info> [1504683116.7210] vpn-connection[0x55e876784720,24fc3644-b324-46a4-9ce1-c1a0fcea1b75,"name-of-connection",0]: VPN plugin: state changed: stopped (6)
还有其他日志我可以看看吗?
答案1
对我来说,观察员的回答就是解决方案。他解决了问题并提交了一份错误报告。
https://bugs.launchpad.net/ubuntu/+source/network-manager-openvpn/+bug/1847144
详细说一下解决问题的步骤:
我使用的是 KDE。可能是网络管理器界面不同。我就是这么做的。将 openvpn 配置文件导入 networkmanger。它建立了连接,但超时了,而且无论调试级别如何,都没有给出任何提示。从命令行连接可以正常工作。
我编辑了 openvpn 文件,并将密钥块提取到一个文件中。它是中间的密钥块,所以我的文本文件如下所示:
-----BEGIN OpenVPN Static key V1-----
92e2de5ae643729863zzzz4a0ebe952
.
.
.
cc05zxzxczczxxczxzxczxce902b498a5
-----END OpenVPN Static key V1-----
我将其保存为 openvpn_cryptkey.key
然后
- 打开已经导入networkmanager的openvpn连接
- 在 VPM(openvpn)选项卡上选择“高级...”,选择“TLS 设置”,然后仅更改两项
模式为 TLS-Crypt
和密钥文件,使用刚刚创建的密钥文件的路径。
连接立即就成功了
答案2
我最近在使用 PiVPN 时也遇到了类似的问题。它创建的 ovpn 文件有一个 tls-crypt 部分,而网络管理器不会提取该密钥并将其设置在它创建的 vpn 配置文件中。手动提取并手动设置后,vpn 就可以正常工作了。
为此,我在启动板中提交了一个针对它的错误。
答案3
更改 NetworkManager 的日志级别以仔细检查系统日志中发生的情况:
终端:
sudo NetworkManager --log-level=DEBUG
sudo tail -f /var/log/syslog
尝试通过 NetworkManger 再次连接 VPN,并查看nm-openvpn系统日志中的相关消息。在我的情况下,它是 .crt 文件路径中的一个字母空格:
nm-openvpn[1957]: Options error: --ca fails with '/home/user/IPVanish%20config/ca.ipvanish.com.crt': No such file or directory (errno=2)
因此,我通过删除配置文件路径中的字母空格解决了这个问题。
更多的: https://forums.linuxmint.com/viewtopic.php?f=90&t=272916#p1510747
稍后将日志级别重置回 INFO。
答案4
通过 CLI 而不是 GUI 导入 openvpn 文件
sudo nmcli connection import type openvpn file [client].ovpn