我正在尝试让 openvpn 服务器工作。我使用了官方说明来安装和使用 Web UI。但是当客户端尝试连接时,输出是:
2023-05-17 23:12:49 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2023-05-17 23:12:49 OpenVPN 2.6_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-05-17 23:12:49 library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
2023-05-17 23:12:49 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:49 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:49 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:49 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:49 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:49 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:12:49 UDPv4 link local: (not bound)
2023-05-17 23:12:49 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:54 Server poll timeout, restarting
2023-05-17 23:12:54 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:12:54 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:54 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:54 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:54 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:54 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:54 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:12:54 UDPv4 link local: (not bound)
2023-05-17 23:12:54 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:12:58 Server poll timeout, restarting
2023-05-17 23:12:58 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:12:58 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:58 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:58 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:12:58 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:12:58 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-17 23:12:58 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 TCP connection established with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 TCPv4_CLIENT link local: (not bound)
2023-05-17 23:12:58 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:12:58 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:443, sid=988cc1d5 c83db546
2023-05-17 23:12:58 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-17 23:12:58 net_route_v4_best_gw result: via 192.168.1.1 dev eno1
2023-05-17 23:12:58 VERIFY OK: depth=1, CN=OpenVPN CA
2023-05-17 23:12:58 VERIFY KU OK
2023-05-17 23:12:58 Validating certificate extended key usage
2023-05-17 23:12:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-05-17 23:12:58 VERIFY EKU OK
2023-05-17 23:12:58 VERIFY OK: depth=0, CN=OpenVPN Server
2023-05-17 23:13:58 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-05-17 23:13:58 TLS Error: TLS handshake failed
2023-05-17 23:13:58 Fatal TLS error (check_tls_errors_co), restarting
2023-05-17 23:13:58 SIGUSR1[soft,tls-error] received, process restarting
2023-05-17 23:13:58 Restart pause, 5 second(s)
2023-05-17 23:14:03 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:03 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:03 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:03 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:03 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:03 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:03 UDPv4 link local: (not bound)
2023-05-17 23:14:03 UDPv4 link remote: [AF_INET]194.147.87.207:1194
2023-05-17 23:14:07 Server poll timeout, restarting
2023-05-17 23:14:07 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:07 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:07 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:07 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:07 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:07 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:07 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:07 UDPv4 link local: (not bound)
2023-05-17 23:14:07 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:11 Server poll timeout, restarting
2023-05-17 23:14:11 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:11 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:11 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:11 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:11 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:11 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:11 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:11 UDPv4 link local: (not bound)
2023-05-17 23:14:11 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:15 Server poll timeout, restarting
2023-05-17 23:14:15 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:15 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:15 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:15 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:15 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:15 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:15 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:15 UDPv4 link local: (not bound)
2023-05-17 23:14:15 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:19 Server poll timeout, restarting
2023-05-17 23:14:19 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:19 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:19 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:19 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:19 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:19 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:19 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:19 UDPv4 link local: (not bound)
2023-05-17 23:14:19 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:23 Server poll timeout, restarting
2023-05-17 23:14:23 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:23 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:23 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:23 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:23 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:23 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:23 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:23 UDPv4 link local: (not bound)
2023-05-17 23:14:23 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:27 Server poll timeout, restarting
2023-05-17 23:14:27 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:27 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:27 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:27 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:27 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:27 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:27 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-05-17 23:14:27 UDPv4 link local: (not bound)
2023-05-17 23:14:27 UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
2023-05-17 23:14:31 Server poll timeout, restarting
2023-05-17 23:14:31 SIGUSR1[soft,server_poll] received, process restarting
2023-05-17 23:14:31 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:31 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:31 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-05-17 23:14:31 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-05-17 23:14:31 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-05-17 23:14:31 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 TCP connection established with [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 TCPv4_CLIENT link local: (not bound)
2023-05-17 23:14:31 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xx.xxx:443
2023-05-17 23:14:31 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:443, sid=35ede51a 08a28ffd
2023-05-17 23:14:31 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-17 23:14:31 net_route_v4_best_gw result: via 192.168.1.1 dev eno1
2023-05-17 23:14:32 VERIFY OK: depth=1, CN=OpenVPN CA
2023-05-17 23:14:32 VERIFY KU OK
2023-05-17 23:14:32 Validating certificate extended key usage
2023-05-17 23:14:32 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-05-17 23:14:32 VERIFY EKU OK
2023-05-17 23:14:32 VERIFY OK: depth=0, CN=OpenVPN Server
ufw status服务器上的输出为:
-- ------ ----
22 ALLOW Anywhere
1194 ALLOW Anywhere
443 ALLOW Anywhere
943 ALLOW Anywhere
945 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
1194 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
943 (v6) ALLOW Anywhere (v6)
945 (v6) ALLOW Anywhere (v6)
在 Web UI 中,当客户端尝试连接时,它会注册为已连接客户端,但一分钟后它就会消失。我不知道我做错了什么。有人可以帮忙吗?