openvpn --config conf.ovpn 结果为“RTNETLINK 答案:文件存在”

openvpn --config conf.ovpn 结果为“RTNETLINK 答案:文件存在”

我正在尝试配置一个 VPN 客户端(首先且仅适用于该服务器)。服务器在配置了 PiVPN 的 Raspberry 3 Pi 上运行,它也生成了客户端配置文件。

这是输出openvpn --config conf.ovpn

Tue Jun 27 21:35:42 2017 OpenVPN 2.4.0 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 22 2017
Tue Jun 27 21:35:42 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.08
Enter Private Key Password: *************
Tue Jun 27 21:35:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:45 2017 UDP link local: (not bound)
Tue Jun 27 21:35:45 2017 UDP link remote: [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:46 2017 [server] Peer Connection Initiated with [AF_INET]2.x.x.x:1194
Tue Jun 27 21:35:47 2017 TUN/TAP device tun0 opened
Tue Jun 27 21:35:47 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jun 27 21:35:47 2017 /sbin/ip link set dev tun0 up mtu 1500
Tue Jun 27 21:35:47 2017 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Tue Jun 27 21:35:47 2017 ERROR: Linux route add command failed: external  program exited with error status: 2
Tue Jun 27 21:35:47 2017 Initialization Sequence Completed

在客户端:

root@kali:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 1c:75:08:fa:3b:7e brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether ec:55:f9:79:b5:dc brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.64/24 brd 192.168.1.255 scope global dynamic wlan0
       valid_lft 2511sec preferred_lft 2511sec
    inet6 2001:b07:2e0:81c6:7341:e6d7:dab4:9e57/64 scope global noprefixroute dynamic 
       valid_lft 25114sec preferred_lft 10714sec
    inet6 fe80::de7a:3e8b:1eb4:4163/64 scope link 
       valid_lft forever preferred_lft forever

在服务器端:

pi@raspberrypi:~ $ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:70:cf:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.67/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2001:b07:2e0:81c6:4efb:fa6b:69b7:a22b/64 scope global noprefixroute dynamic 
       valid_lft 24935sec preferred_lft 10535sec
    inet6 fe80::4137:8750:ed76:79cf/64 scope link 
       valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:25:9a:a6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::8d7:6c11:f28e:eea0/64 scope link tentative 
       valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::1c6c:2047:3987:5469/64 scope link flags 800 
       valid_lft forever preferred_lft forever

编辑:

conf.ovpn的内容:

client
dev tun
proto udp
remote 2.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
auth-nocache

server.conf的内容:

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 84.200.69.80"
push "dhcp-option DNS 84.200.70.40"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1

答案1

查看您的日志:

Tue Jun 27 21:35:47 2017 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
RTNETLINK answers: File exists
Tue Jun 27 21:35:47 2017 ERROR: Linux route add command failed: 
external  program exited with error status: 2

这个特定的日志片段表明您正在尝试创建一条已经存在的路线(RTNETLINK answers: File exists)。当您在服务器和客户端(或客户端将使用的池)定义 IP 地址时,将根据该“LAN”网络掩码按需创建用于在这些 IP 之间进行通信的路由。服务器配置中的这一行:

server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2

考虑到这一点,您不需要强制将路由推送到具有掩码/32或 的同一网络中的 IP 地址/24。您只需删除或注释服务器配置文件中的以下行:

push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"

现在,不会再有重复的路线了:)

相关内容