我已经绞尽脑汁好几个小时了,已经筋疲力尽了。我对照许多指南仔细检查了我的设置,检查无误,但 OpenVPN 仍然无法启动。症结似乎围绕着我的“up”脚本,以及无法执行外部程序。我一直在 Google 上搜索遇到类似问题的人,但似乎没有一个人与之相关。
系统: 我一直使用旧的 Ubuntu 12.04 家庭服务器进行 SSH 隧道和文件服务。由于物理限制,它通过 Wi-Fi 连接到我的路由器。
笔记: 初始设置由OpenVPN-安装脚本。
/var/log/syslog:
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11
] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: IMPORTANT: OpenVPN's default port number is now 1194, bas
ed on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the defa
ult port.
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: WARNING: --ping should normally be used with --ping-resta
rt or --ping-exit
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: NOTE: the current --script-security setting may allow thi
s configuration to call user-defined scripts
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: WARNING: file 'static.key' is group or others accessible
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1200)
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: TUN/TAP device tun0 opened
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: TUN/TAP TX queue length set to 100
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: /sbin/ifconfig tun0 10.1.0.1 pointopoint 10.1.0.2 mtu 1200
Jul 27 18:53:01 ************* NetworkManager[1154]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Jul 27 18:53:01 ************* NetworkManager[1154]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: /etc/openvpn/office.up tun0 1200 1244 10.1.0.1 10.1.0.2 init
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: WARNING: Failed running command (--up/--down): could not execute external program
Jul 27 18:53:01 ************* ovpn-openvpn[5084]: Exiting
Jul 27 18:53:01 ************* avahi-daemon[1162]: Withdrawing workstation service for tun0.
Jul 27 18:53:01 ************* NetworkManager[1154]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tun0, iface: tun0)
openvpn.conf:
dev tun
# Network interface used by the VPN server on WIFI_SUBNET
# eth1 (192.168.1.1) in the previous example
local 192.168.1.4
# The following line defines two new VPN interfaces
# ifconfig VPN_SERVER VPN_CLIENT
ifconfig 10.1.0.1 10.1.0.2
script-security 3
up /etc/openvpn/office.up
secret static.key
ping 15
tun-mtu 1200
mssfix 1400
verb 3
服务器.conf:
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
办公室:
# office.up
#!/bin/sh
route add -net 10.0.1.0 netmask 255.255.255.0 gw $5