OpenVPN 客户端卡在 TLS:来自 [AF_INET] 的初始数据包

tag-icon tag-icon 16.04 openvpn
OpenVPN 客户端卡在 TLS:来自 [AF_INET] 的初始数据包

我正在尝试设置OpenVPN服务器Ubuntu,但每次我尝试连接到服务器时它都卡在

...TLS: Initial packet from [AF_INET]...

这是我正在使用的日志和配置:

[email protected] - OpenVPN connection to server
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-09-19 22:12:53 EET; 1h 50min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 5730 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid (code=exited, status=0/SUCCESS)
Main PID: 5735 (openvpn)
CGroup: /system.slice/system-openvpn.slice/[email protected]
`-5735 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
Sep 19 22:15:29 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx TLS Error: TLS handshake failed
Sep 19 22:15:29 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx SIGUSR1[soft,tls-error] received, client-instance restarting
Sep 19 23:57:50 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx TLS: Initial packet from [AF_INET6]::ffff:xx.xxx.xxx.xxx:25213, sid=7a7bb80e 6f956981
Sep 19 23:58:50 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx TLS: Initial packet from [AF_INET6]::ffff:xx.xxx.xxx.xxx:25296, sid=4f196da9 f6415403
Sep 19 23:58:50 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep 19 23:58:50 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx TLS Error: TLS handshake failed
Sep 19 23:58:50 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx SIGUSR1[soft,tls-error] received, client-instance restarting
Sep 19 23:59:50 vmi89168.host ovpn-server[5735]: ::ffff:xx.xxx.xxx.xxx TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

xx.xxx.xxx.xxx 是我的笔记本电脑尝试连接的 IP

你能 ping 通服务器吗?是的

openvpn 是否在服务器上运行?(ps faux | grep openvpn)

root@vmi89168:~# ps faux | grep openvpn
root      5471  0.0  0.3 538924 38072 tty1     Sl   Sep19   0:04 mousepad /etc/openvpn/server.conf
root      7304  0.0  0.0  16664  2100 pts/8    S+   10:14   0:00      \_ grep --color=auto openvpn
nobody    5735  0.0  0.0  43880  5548 ?        Ss   Sep19   0:01 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

服务器上是否存在某种防火墙或 NAT?

没有

你能执行 nmap 吗?(sudo nmap -sU -p 1194)

Host is up.
PORT     STATE         SERVICE
1194/udp open|filtered openvpn

Nmap done: 1 IP address (1 host up) scanned in 2.24 seconds

cat /etc/openvpn/server.conf

port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "dhcp-option DNS 9.9.9.9"
push "dhcp-option DNS 149.112.112.112"
push "redirect-gateway def bypass-dhcp" 
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
crl-verify /etc/openvpn/crl.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server_dxay7Ay5T2qC2jkP.crt
key /etc/openvpn/server_dxay7Ay5T2qC2jkP.key
tls-auth /etc/openvpn/tls-auth.key 0
dh /etc/openvpn/dh.pem
auth SHA256
cipher AES-128-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3

iptables -nvL

Chain INPUT (policy ACCEPT 2121K packets, 175M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0           
   46  4067 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:1194

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0   tun0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  tun0   eth0    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 2061K packets, 1841M bytes)
 pkts bytes target     prot opt in     out     source               destination

我搜索了很多并尝试了所有可能的解决方案,但都没有用,有人能指出我这里的问题出在哪里吗?

相关内容