我的 vpn 出了点问题。连接完全正常。我添加了/etc/openvpn/update-systemd-resolved
公司提供的 vpn 配置文件。
当我关闭连接时,问题就出现了。在输出中,我看到一条错误消息:
2024-01-19 09:03:19 us=134616 sitnl_send: rtnl: generic error (-3): No such process>
2024-01-19 09:03:19 us=134629 ERROR: Linux route delete command failed
因此,所有由 vpn 设置的 ip 路由仍然存在。
我的 openvpn 配置文件是:
client
dev tun
proto tcp
verify-x509-name "C=DE, ST=Rheinland-Pfalz, L=Kaiserslautern, O=WIPOTEC GmbH, OU=OU, CN=SophosApplianceCertificate_X650044Y4CQBH3A, [email protected]"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
</ certifactes hidden />
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo yes
;can_save no
;otp no
;run_logon_script no
;auto_connect
route-delay 4
verb 3
reneg-sec 0
remote vpn.wipotec.com 1194
script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre
我在 ubuntu 22.04 上运行 openvpn:
% openvpn --version :( 130 24-01-19 - 9:03:25
OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=yes with_sysroot=no
现在,我需要使用以下命令手动删除 ip-routes:
sudo ip route del <route entry>
非常感谢任何想法和帮助。
整个日志:
2024-01-19 09:20:02 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-01-19 09:20:02 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2024-01-19 09:20:02 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-01-19 09:20:02 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: xxxxxxxxxx