我在 WNR3500L 路由器上从 tomato 固件(v1.28.9054 MIPSR2-beta K26 USB vpn3.6)配置 Open VPN 服务器时遇到了一些问题。
我已经像这样设置了服务器:
并且,当从客户端(ubuntu 14.04)连接时。我的 /var/log/syslog 上出现了这个
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: ******* WARNING *******: null MAC specified, no authentication will be used
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: UDPv4 link local: [undef]
Jul 30 14:08:51 thinkpad nm-openvpn[17467]: UDPv4 link remote: [AF_INET]82.239.XX.XXX:1194
Jul 30 14:08:53 thinkpad nm-openvpn[17467]: [Bob] Peer Connection Initiated with [AF_INET]82.239.XX.XXX:1194
Jul 30 14:08:55 thinkpad nm-openvpn[17467]: TUN/TAP device tun0 opened
Jul 30 14:08:55 thinkpad nm-openvpn[17467]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper tun0 1500 1538 10.8.0.6 10.8.0.5 init
Jul 30 14:08:55 thinkpad NetworkManager[1147]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Jul 30 14:08:55 thinkpad NetworkManager[1147]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <warn> /sys/devices/virtual/net/tun0: couldn't determine device driver; ignoring...
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> VPN connection 'home' (IP Config Get) reply received.
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> VPN connection 'home' (IP4 Config Get) reply received.
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> VPN Gateway: 82.239.XX.XXX
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Tunnel Device: tun0
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> IPv4 configuration:
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Internal Gateway: 10.8.0.5
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Internal Address: 10.8.0.6
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Internal Prefix: 32
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Internal Point-to-Point Address: 10.8.0.5
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Maximum Segment Size (MSS): 0
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Static Route: 192.168.0.0/24 Next Hop: 192.168.0.0
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Static Route: 10.8.0.1/32 Next Hop: 10.8.0.1
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Forbid Default Route: no
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> Internal DNS: 192.168.0.1
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> DNS Domain: '(none)'
Jul 30 14:08:55 thinkpad NetworkManager[1147]: <info> No IPv6 configuration
Jul 30 14:08:55 thinkpad nm-openvpn[17467]: Initialization Sequence Completed
Jul 30 14:08:56 thinkpad NetworkManager[1147]: <info> VPN connection 'home' (IP Config Get) complete.
Jul 30 14:08:56 thinkpad NetworkManager[1147]: <info> Policy set 'home' (tun0) as default for IPv4 routing and DNS.
Jul 30 14:08:56 thinkpad NetworkManager[1147]: <info> Writing DNS information to /sbin/resolvconf
Jul 30 14:08:56 thinkpad dnsmasq[2571]: setting upstream servers from DBus
Jul 30 14:08:56 thinkpad dnsmasq[2571]: using nameserver 192.168.0.1#53
看起来很棒,但是我给出的网关没有响应:
~ ping 10.8.0.5
PING 10.8.0.5 (10.8.0.5) 56(84) bytes of data.
^C
--- 10.8.0.5 ping statistics ---
32 packets transmitted, 0 received, 100% packet loss, time 31248ms
ping 10.8.0.1 也没有响应。只有该网络上的我的 IP(10.8.0.6)有响应。
因此,连接到该 VPN 后,我无法连接(无法 ping 本地网络,也无法访问互联网)。
另外,这是我的路线:
~ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.8.0.5 0.0.0.0 UG 0 0 0 tun0
10.8.0.1 10.8.0.5 255.255.255.255 UGH 0 0 0 tun0
10.8.0.5 * 255.255.255.255 UH 0 0 0 tun0
82.239.XX.XXX 192.168.1.1 255.255.255.255 UGH 0 0 0 eth0
192.168.0.0 10.8.0.5 255.255.255.0 UG 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 1 0 0 eth0
我家里的局域网是 192.168.0.0,而我从网络 192.168.1.0 进行连接,因此那里应该不会发生冲突。
知道什么地方出了问题吗?
答案1
查看路由器的日志时,我发现了以下几行:
Aug 1 14:14:57 tomato-router daemon.err openvpn[3785]: thinkpad/88.169.xx.xxx:53216
Authenticate/Decrypt packet error: packet HMAC authentication failed
因此我将 HMAC 客户端配置从“无”更改为“默认”,从而解决了该问题!