我正在关注指导设置我自己的 vpn 服务器。但最后运行命令:sudo openvpn /etc/openvpn/client/client.conf
得到以下结果:
2022-05-11 15:18:13 Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client/client.conf:19: block-outside-dns (2.5.1)
2022-05-11 15:18:13 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-05-11 15:18:13 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-05-11 15:18:13 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-11 15:18:13 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-11 15:18:13 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-11 15:18:13 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-11 15:18:13 TCP/UDP: Preserving recently used remote address: [AF_INET]154.72.168.219:1194
2022-05-11 15:18:13 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-05-11 15:18:13 UDP link local: (not bound)
2022-05-11 15:18:13 UDP link remote: [AF_INET]154.72.168.219:1194
2022-05-11 15:19:13 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-05-11 15:19:13 TLS Error: TLS handshake failed
2022-05-11 15:19:13 SIGUSR1[soft,tls-error] received, process restarting
2022-05-11 15:19:13 Restart pause, 5 second(s)
消息继续出现,但我的注意力在这里:Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client/client.conf:19: block-outside-dns (2.5.1)
我认为如果解决这个问题就没问题了。这是我的配置文件:
client
proto udp
explicit-exit-notify
remote 154.72.168.219 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_OOQt9gddm6Urx1I9 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIB2DCCAX2gAwIBAgIUaebTDbg0OAAvaZpKFVn4o8QQn08wCgYIKoZIzj0EAwIw
bla blaa
r8EfuIWxE43eAiEAqmivO3Pcxzi2Az3LCc1h2IUO//bx1BRgtD84feZuiIo=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIB3jCCAYSgAwIBAgIRAO6eGQVKtbv9C4zD2FVZPBswCgYIKoZIzj0EAwIwHjEc
MBoGA1UEAwwTY25fQnhxTmdwTE
bla bla
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgEqd6QepY3nvgBD/J
fgvJWf/zVJwxhC8TVbA30ThP+yahRANCAARsASOeP+QTRFPq1utozH+8Cr4iUbhv
F5a1ABanAjO+T3FF1y+LDR7GW1Wr63GiZ/8Bq89koQ1UWrkbLT+gycf+
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
4b1dc16e4b3c65a48853222ce0ea2812
bla bla bla
-----END OpenVPN Static key V1-----
</tls-crypt>
答案1
我找到了这个邮政:因此我通过注释第 19 行来编辑我的配置文件。
# setenv opt block-outside-dns # Prevent Windows 10 DNS leak #line_19
我的 vpn 仍然无法工作,但是不再出现那个错误。
新消息:
022-05-11 15:56:17 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-05-11 15:56:17 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-05-11 15:56:17 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-11 15:56:17 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-11 15:56:17 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-11 15:56:17 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-05-11 15:56:17 TCP/UDP: Preserving recently used remote address: [AF_INET]154.72.168.219:1194
2022-05-11 15:56:17 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-05-11 15:56:17 UDP link local: (not bound)
2022-05-11 15:56:17 UDP link remote: [AF_INET]154.72.168.219:1194
2022-05-11 15:57:17 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-05-11 15:57:17 TLS Error: TLS handshake failed