我一直试图在运行 Xubuntu 14.04 的服务器和运行 Mac OSX Yosemite 的客户端之间配置 VPN 连接,但没有成功。我正尝试使用 Tunnelblick 建立连接。我的防火墙日志没有相关信息可发布。我已为 Mac 打开了端口 1194、443 和 943。我似乎无法解决这个问题。我将感谢所有帮助,我不想因此而失败。
这是SERVER.CONF:
mode server
local 192.168.1.XXX #ip of your openvpn server
port 1194
proto udp
dev tun
ca ca.crt
cert reinhardtserver.crt
cert reinhardtserver.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 255.255.255.0
push "dhcp-option DOMAIN coryreinhardt.com"
push "dhcp-option DNS 10.6.11.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-server
tls-auth ta.key 0
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb1
client-to-client
push "route 192.168.0.0 255.255.255.0"`
客户端配置:
client
proto udp
dev tun
port 1194
remote 192.168.1.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
;mute-replay-warnings
tls-client
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
comp-lzo
verb 3
隧道跟踪日志:
2015-08-29 20:40:42 *Tunnelblick: openvpnstart starting OpenVPN
2015-08-29 20:40:42 *Tunnelblick: OS X 10.10.5; Tunnelblick 3.5.3 (build 4270.4371); prior version 3.4.2 (build 4055.4161)
2015-08-29 20:40:42 *Tunnelblick: Attempting connection with server using shadow copy; Set nameserver = 1; monitoring connection
2015-08-29 20:40:42 *Tunnelblick: openvpnstart start server.tblk 1337 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6
2015-08-29 20:40:44 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sreinhardt-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sserver.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16688.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/reinhardt/server.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Users/reinhardt/server.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Users/reinhardt/server.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -d -f -m -w -ptADGNWradsgnw
2015-08-29 20:40:43 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jul 10 2015
2015-08-29 20:40:43 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
2015-08-29 20:40:43 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2015-08-29 20:40:43 Need hold release from management interface, waiting...
2015-08-29 20:40:44 *Tunnelblick: Established communication with OpenVPN
2015-08-29 20:40:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2015-08-29 20:40:44 MANAGEMENT: CMD 'pid'
2015-08-29 20:40:44 MANAGEMENT: CMD 'state on'
2015-08-29 20:40:44 MANAGEMENT: CMD 'state'
2015-08-29 20:40:44 MANAGEMENT: CMD 'bytecount 1'
2015-08-29 20:40:44 MANAGEMENT: CMD 'hold release'
2015-08-29 20:40:44 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2015-08-29 20:40:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-08-29 20:40:44 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
2015-08-29 20:40:44 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-08-29 20:40:44 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-08-29 20:40:44 Socket Buffers: R=[196724->65536] S=[9216->65536]
2015-08-29 20:40:44 UDPv4 link local: [undef]
2015-08-29 20:40:44 UDPv4 link remote: [AF_INET]192.168.1.236:1194
2015-08-29 20:40:44 MANAGEMENT: >STATE:1440906044,WAIT,,,
2015-08-29 20:41:45 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2015-08-29 20:41:45 TLS Error: TLS handshake failed
2015-08-29 20:41:45 SIGUSR1[soft,tls-error] received, process restarting
2015-08-29 20:41:45 MANAGEMENT: >STATE:1440906105,RECONNECTING,tls-error,,
2015-08-29 20:41:45 MANAGEMENT: CMD 'hold release'
2015-08-29 20:41:45 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2015-08-29 20:41:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-08-29 20:41:45 Socket Buffers: R=[196724->65536] S=[9216->65536]
2015-08-29 20:41:45 UDPv4 link local: [undef]
2015-08-29 20:41:45 UDPv4 link remote: [AF_INET]192.168.1.236:1194
2015-08-29 20:41:45 MANAGEMENT: >STATE:1440906105,WAIT,,,
2015-08-29 20:42:46 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2015-08-29 20:42:46 TLS Error: TLS handshake failed
2015-08-29 20:42:46 SIGUSR1[soft,tls-error] received, process restarting
2015-08-29 20:42:46 MANAGEMENT: >STATE:1440906166,RECONNECTING,tls-error,,
2015-08-29 20:42:46 MANAGEMENT: CMD 'hold release'
2015-08-29 20:42:46 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2015-08-29 20:42:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-08-29 20:42:46 Socket Buffers: R=[196724->65536] S=[9216->65536]
2015-08-29 20:42:46 UDPv4 link local: [undef]
2015-08-29 20:42:46 UDPv4 link remote: [AF_INET]192.168.1.236:1194
2015-08-29 20:42:46 MANAGEMENT: >STATE:1440906166,WAIT,,,
2015-08-29 20:42:47 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2015-08-29 20:42:47 *Tunnelblick: Disconnecting using 'kill'
2015-08-29 20:42:47 event_wait : Interrupted system call (code=4)
2015-08-29 20:42:47 SIGTERM[hard,] received, process exiting
2015-08-29 20:42:47 MANAGEMENT: >STATE:1440906167,EXITING,SIGTERM,,
2015-08-29 20:42:49 *Tunnelblick: No 'post-disconnect.sh' script to execute
2015-08-29 20:42:49 *Tunnelblick: Expected disconnection occurred.
这里是来自 Xubuntu 的 ifconfig :
root@reinhardt:/etc/openvpn# ifconfig
eth0 Link encap:Ethernet HWaddr 00:26:22:1e:c6:58
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.X.X Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3290 errors:0 dropped:0 overruns:0 frame:0
TX packets:3290 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:308681 (308.6 KB) TX bytes:308681 (308.6 KB)
wlan0 Link encap:Ethernet HWaddr 00:26:5e:69:27:0d
inet addr:192.168.1.XXX Bcast:192.168.1.XXX Mask:255.255.XXX.X
inet6 addr: 2602:30a:2e8c:9a20:5c1a:7c51:8bcc:8720/64 Scope:Global
inet6 addr: 2602:30a:2e8c:9a20:226:5eff:fe69:270d/64 Scope:Global
inet6 addr: fe80::226:5eff:fe69:270d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41514 errors:0 dropped:0 overruns:0 frame:0
TX packets:16935 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11636203 (11.6 MB) TX bytes:2545476 (2.5 MB)