无法在 Ubuntu 14.04 中使用 OpenVPN 连接到 VPN

无法在 Ubuntu 14.04 中使用 OpenVPN 连接到 VPN

有人能告诉我这里发生了什么事吗?

我在终端运行:

sudo openvpn /etc/openvpn/Free1.UDP.ovpn
.............
OpenVPN static key file
Sun Feb 22 13:00:54 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Feb 22 13:00:54 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Feb 22 13:00:54 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Feb 22 13:00:54 2015 UDPv4 link local: [undef]
Sun Feb 22 13:00:54 2015 UDPv4 link remote: [AF_INET]85.25.151.224:1194
Sun Feb 22 13:01:54 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Feb 22 13:01:54 2015 TLS Error: TLS handshake failed
Sun Feb 22 13:01:54 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 22 13:01:54 2015 Restart pause, 2 second(s)
Sun Feb 22 13:01:56 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Feb 22 13:01:56 2015 UDPv4 link local: [undef]
Sun Feb 22 13:01:56 2015 UDPv4 link remote: [AF_INET]85.25.151.224:1194
Sun Feb 22 13:02:56 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Feb 22 13:02:56 2015 TLS Error: TLS handshake failed
Sun Feb 22 13:02:56 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 22 13:02:56 2015 Restart pause, 2 second(s)
Sun Feb 22 13:02:58 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Feb 22 13:02:58 2015 UDPv4 link local: [undef]
Sun Feb 22 13:02:58 2015 UDPv4 link remote: [AF_INET]85.25.151.224:1194
Sun Feb 22 13:03:58 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Feb 22 13:03:58 2015 TLS Error: TLS handshake failed
Sun Feb 22 13:03:58 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 22 13:03:58 2015 Restart pause, 2 second(s)
Sun Feb 22 13:04:00 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Feb 22 13:04:00 2015 UDPv4 link local: [undef]
Sun Feb 22 13:04:00 2015 UDPv4 link remote: [AF_INET]85.25.151.224:1194

这是一个配置文件,其配置来自:

persist-key
persist-tun
nobind
client
dev tap
pull
comp-lzo
tls-client
tls-remote server
ns-cert-type server
tls-auth ssl/ta.key 1
cert ssl/client.crt
key ssl/client.key
ca ssl/ca.crt
verb 3
mute 10
auth-user-pass
script-security 2
#NT 6.0 Compatability
route-method exe
route-delay 2
remote 85.25.151.224

我有一段时间没用它了,但它一直都有效。不明白现在发生了什么?

更新

最近的更新和升级后我得到了这个:

~$ cd /etc/openvpn && sudo openvpn /etc/openvpn/Free1.UDP.ovpn
Sun Mar  1 19:04:35 2015 DEPRECATED OPTION: --tls-remote, please update your configuration
Sun Mar  1 19:04:35 2015 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Enter Auth Username:[email protected]
Enter Auth Password:
Sun Mar  1 19:04:53 2015 WARNING: file 'ssl/client.key' is group or others accessible
Sun Mar  1 19:04:53 2015 WARNING: file 'ssl/ta.key' is group or others accessible
Sun Mar  1 19:04:53 2015 Control Channel Authentication: using 'ssl/ta.key' as a OpenVPN static key file
Sun Mar  1 19:04:53 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar  1 19:04:53 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar  1 19:04:53 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sun Mar  1 19:04:53 2015 UDPv4 link local: [undef]
Sun Mar  1 19:04:53 2015 UDPv4 link remote: [AF_INET]85.25.151.224:1194
Sun Mar  1 19:04:55 2015 TLS: Initial packet from [AF_INET]85.25.151.224:1194, sid=0c97d825 cd0fef31
Sun Mar  1 19:04:55 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Mar  1 19:04:55 2015 VERIFY OK: depth=1, /C=SC/ST=SC/L=Victoria/O=Kebrum_Corp./CN=kebrum.com/[email protected]
Sun Mar  1 19:04:55 2015 VERIFY OK: nsCertType=SERVER
Sun Mar  1 19:04:55 2015 VERIFY X509NAME OK: /C=SC/ST=SC/L=Victoria/O=Kebrum_Corp./CN=server/[email protected]
Sun Mar  1 19:04:55 2015 VERIFY OK: depth=0, /C=SC/ST=SC/L=Victoria/O=Kebrum_Corp./CN=server/[email protected]
Sun Mar  1 19:04:56 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar  1 19:04:56 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar  1 19:04:56 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar  1 19:04:56 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar  1 19:04:56 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar  1 19:04:56 2015 [server] Peer Connection Initiated with [AF_INET]85.25.151.224:1194
Sun Mar  1 19:04:58 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Mar  1 19:04:58 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DOMAIN keblum,dhcp-option DNS 8.8.8.8,route-gateway 172.16.0.1,ping 10,ping-restart 60,ifconfig 172.16.5.172 255.255.0.0'
Sun Mar  1 19:04:58 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Mar  1 19:04:58 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Mar  1 19:04:58 2015 OPTIONS IMPORT: route options modified
Sun Mar  1 19:04:58 2015 OPTIONS IMPORT: route-related options modified
Sun Mar  1 19:04:58 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Mar  1 19:04:58 2015 ROUTE_GATEWAY 93.77.237.1/255.255.255.0 IFACE=eth0 HWADDR=00:13:d4:66:6f:c6
Sun Mar  1 19:04:58 2015 TUN/TAP device tap0 opened
Sun Mar  1 19:04:58 2015 TUN/TAP TX queue length set to 100
Sun Mar  1 19:04:58 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar  1 19:04:58 2015 /sbin/ip link set dev tap0 up mtu 1500
Sun Mar  1 19:04:58 2015 /sbin/ip addr add dev tap0 172.16.5.172/16 broadcast 172.16.255.255
Sun Mar  1 19:05:00 2015 /sbin/ip route add 85.25.151.224/32 via 93.77.237.1
Sun Mar  1 19:05:00 2015 /sbin/ip route add 0.0.0.0/1 via 172.16.0.1
Sun Mar  1 19:05:00 2015 /sbin/ip route add 128.0.0.0/1 via 172.16.0.1
Sun Mar  1 19:05:00 2015 Initialization Sequence Completed

并且dmesg | tail是:

[10964.298804] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:d4:77:6f:c6:00:04:96:8b:c1:43:07:00 SRC=195.24.233.55 DST=83.77.237.193 LEN=1500 TOS=0x08 PREC=0x80 TTL=54 ID=812 DF PROTO=TCP SPT=80 DPT=45030 WINDOW=14 RES=0x00 ACK URGP=0 
[10964.298917] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:d4:77:6f:c6:00:04:96:8b:c1:43:07:00 SRC=195.24.233.55 DST=83.77.237.193 LEN=1500 TOS=0x08 PREC=0x80 TTL=54 ID=813 DF PROTO=TCP SPT=80 DPT=45030 WINDOW=14 RES=0x00 ACK URGP=0 
[10964.299020] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:d4:77:6f:c6:00:04:96:8b:c1:43:07:00 SRC=195.24.233.55 DST=83.77.237.193 LEN=1290 TOS=0x08 PREC=0x80 TTL=54 ID=814 DF PROTO=TCP SPT=80 DPT=45030 WINDOW=14 RES=0x00 ACK PSH FIN URGP=0 
[10964.647923] [UFW BLOCK] IN=eth0 OUT= MAC=00:13:d4:77:6f:c6:00:04:96:8b:c1:43:07:00 SRC=195.24.233.55 DST=83.77.237.193 LEN=1500 TOS=0x08 PREC=0x80 TTL=54 ID=817 DF PROTO=TCP SPT=80 DPT=45030 WINDOW=14 RES=0x00 ACK URGP=0 
[11042.199178] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:96:8b:c1:43:07:00 SRC=83.77.237.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=7049 PROTO=2 
[11167.287689] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:96:8b:c1:43:07:00 SRC=83.77.237.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=7060 PROTO=2 
[11292.363024] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:96:8b:c1:43:07:00 SRC=83.77.237.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=7071 PROTO=2 
[11417.409445] [UFW BLOCK] IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:04:96:8b:c1:43:07:00 SRC=83.77.237.1 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=7082 PROTO=2

看起来好像正在连接,但连接后却被阻塞或卡住了。需要知道下一步该怎么做。

更新

可以下载完整的配置文件包(非工作文件)这里

答案1

问题肯定出在错误的配置数据文件上,需要完全替换。这是一个管理 openVPN 连接示例解决方案的脚本tcp

client
dev tun3
proto tcp
remote 178.162.193.233 80
remote de233.vpnbook.com 80
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAKRtpjsIvek1MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNV
BAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9vay5j
b20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB2
cG5ib29rLmNvbTAeFw0xMzA0MjQwNDA3NDhaFw0yMzA0MjIwNDA3NDhaMIGgMQsw
CQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDAS
BgNVBAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9v
ay5jb20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1p
bkB2cG5ib29rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNwZEYs6
WN+j1zXYLEwiQMShc1mHmY9f9cx18hF/rENG+TBgaS5RVx9zU+7a9X1P3r2OyLXi
WzqvEMmZIEhij8MtCxbZGEEUHktkbZqLAryIo8ubUigqke25+QyVLDIBuqIXjpw3
hJQMXIgMic1u7TGsvgEUahU/5qbLIGPNDlUCAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBRZ4KGhnll1W+K/KJVFl/C2+KM+JjCB1QYDVR0jBIHNMIHKgBRZ4KGhnll1W+K/
KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmlj
aDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNvbTELMAkGA1UE
CxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2cG5ib29rLmNv
bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCkbaY7CL3pNTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaoCEWk2pitKjbhChjl1rLj
6FwAZ74bcX/YwXM4X4st6k2+Fgve3xzwUWTXinBIyz/WDapQmX8DHk1N3Y5FuRkv
wOgathAN44PrxLAI8kkxkngxby1xrG7LtMmpATxY7fYLOQ9yHge7RRZKDieJcX3j
+ogTneOl2w6P0xP6lyI6
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID6DCCA1GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5i
b29rLmNvbTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYD
VQQpEwt2cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5j
b20wHhcNMTMwNTA2MDMyMTIxWhcNMjMwNTA0MDMyMTIxWjB4MQswCQYDVQQGEwJD
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNVBAoTC3Zw
bmJvb2suY29tMQ8wDQYDVQQDEwZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWFkbWlu
QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTM/8E+JH
CjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwKwv1AHYYU6RHpCxS1qFp3BEKL
vQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqbOwxx2Ye/1WoakSHia0pItoZk
xK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQABo4IBVzCCAVMwCQYDVR0TBAIw
ADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBTDr4BCNSdOEh+Lx6+4RRK11x8XcDCB1QYDVR0jBIHNMIHKgBRZ
4KGhnll1W+K/KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNV
BAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNv
bTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2
cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCk
baY7CL3pNTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
hvcNAQEFBQADgYEAoDgD8mpVPnHUh7RhQziwhp8APC8K3jToZ0Dv4MYXQnzyXziH
QbewJZABCcOKYS0VRB/6zYX/9dIBogA/ieLgLrXESIeOp1SfP3xt+gGXSiJaohyA
/NLsTi/Am8OP211IFLyDLvPqZuqlh/+/GOLcMCeCrMj4RYxWstNxtguGQFc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCkTM/8E+JHCjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwK
wv1AHYYU6RHpCxS1qFp3BEKLvQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqb
Owxx2Ye/1WoakSHia0pItoZkxK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQAB
AoGANX508WQf9nVUUFlJ8LUZnnr4U2sEr5uPPNbcQ7ImTZm8MiMOV6qo/ikesMw5
8qCS+5p26e1PJWRFENPUVhOW9c07z+nRMyHBQzFnNAFD7TiayjNk1gz1oIXarceR
edNGFDdWCwXh+nJJ6whbQn9ioyTg9aqScrcATmHQxTit0GECQQDR5FmwC7g0eGwZ
VHgSc/bZzo0q3VjNGakrA2zSXWUWrE0ybBm2wJNBYKAeskzWxoc6/gJa8mKEU+Vv
ugGb+J/tAkEAyGSEmWROUf4WX5DLl6nkjShdyv4LAQpByhiwLjmiZL7F4/irY4fo
ct2Ii5uMzwERRvHjJ7yzJJic8gkEca2adQJABxjZj4JV8DBCN3kLtlQFfMfnLhPd
9NFxTusGuvY9fM7GrXXKSMuqLwO9ZkxRHNIJsIz2N20Kt76+e1CmzUdS4QJAVvbQ
WKUgHBMRcI2s3PecuOmQspxG+D+UR3kpVBYs9F2aEZIEBuCfLuIW9Mcfd2I2NjyY
4NDSSYp1adAh/pdhVQJBANDrlnodYDu6A+a4YO9otjd+296/T8JpePI/KNxk7N0A
gm7SAhk379I6hr5NXdBbvTedlb1ULrhWV8lpwZ9HW2k=
-----END RSA PRIVATE KEY-----
</key>

将其复制到例如后,name.tcp.ovpn只需/etc/openvpn运行标准:

cd /etc/openvpn && sudo openvpn --config name.tcp.ovpn

大功告成!检查:

curl ifconfig.me

答案2

您已更新openvpn版本,但自从创建配置文件以来,TLS 身份验证模式指令发生了重大变化,而且(主要是)服务器已从使用更改taptun

如果服务器使用tuntap将无法在客户端工作(即使在理论上)。

最后,您的配置缺少cipher指令,这导致openvpn使用默认加密密码。同时,服务器当前使用另一个。

相关内容