奇怪的是,我似乎能够成功连接到 VPN,但所有请求都超时了(升级之前 14.04 中一切都很好)
NetworkManager[26605]: <info> [1475104045.6096] audit: op="connection-activate" uuid="f3e592de-b14e-4775-8950-cdedac3b5a28" name="AirVPN_United-Kingdom_UDP-443" pid=2156 uid=1000 result="success"
NetworkManager[26605]: <info> [1475104045.6166] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: Started the VPN service, PID 4493
NetworkManager[26605]: <info> [1475104045.6237] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: Saw the service appear; activating connection
NetworkManager[26605]: nm-openvpn-Message: openvpn[4496] started
NetworkManager[26605]: <info> [1475104045.6310] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN plugin: state changed: starting (3)
NetworkManager[26605]: <info> [1475104045.6313] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN connection: (ConnectInteractive) reply received
nm-openvpn[4496]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
nm-openvpn[4496]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
nm-openvpn[4496]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nm-openvpn[4496]: Control Channel Authentication: using '/home/lee/.cert/nm-openvpn/AirVPN_United-Kingdom_UDP-443-tls-auth.pem' as a OpenVPN static key file
nm-openvpn[4496]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
nm-openvpn[4496]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
nm-openvpn[4496]: UDPv4 link local: [undef]
nm-openvpn[4496]: UDPv4 link remote: [AF_INET]185.103.96.133:443
nm-openvpn[4496]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
nm-openvpn[4496]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
nm-openvpn[4496]: [server] Peer Connection Initiated with [AF_INET]185.103.96.133:443
nm-openvpn[4496]: TUN/TAP device tun0 opened
nm-openvpn[4496]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --bus-name org.freedesktop.NetworkManager.openvpn.Connection_5 --tun -- tun0 1500 1557 10.4.9.184 255.255.0.0 init
NetworkManager[26605]: <info> [1475104048.1017] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/5)
NetworkManager[26605]: <info> [1475104048.1177] devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
NetworkManager[26605]: <info> [1475104048.1178] device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
NetworkManager[26605]: <info> [1475104048.1261] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",0]: VPN connection: (IP Config Get) reply received.
nm-openvpn[4496]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
nm-openvpn[4496]: GID set to nm-openvpn
NetworkManager[26605]: <info> [1475104048.1346] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN connection: (IP4 Config Get) reply received
nm-openvpn[4496]: UID set to nm-openvpn
NetworkManager[26605]: <info> [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: VPN Gateway: 185.103.96.133
nm-openvpn[4496]: Initialization Sequence Completed
NetworkManager[26605]: <info> [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Tunnel Device: tun0
NetworkManager[26605]: <info> [1475104048.1359] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: IPv4 configuration:
NetworkManager[26605]: <info> [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Gateway: 10.4.0.1
NetworkManager[26605]: <info> [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Address: 10.4.9.184
NetworkManager[26605]: <info> [1475104048.1360] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Prefix: 16
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal Point-to-Point Address: 10.4.9.184
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Maximum Segment Size (MSS): 0
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Forbid Default Route: no
NetworkManager[26605]: <info> [1475104048.1361] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: Internal DNS: 10.4.0.1
NetworkManager[26605]: <info> [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: DNS Domain: '(none)'
NetworkManager[26605]: <info> [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: Data: No IPv6 configuration
NetworkManager[26605]: <info> [1475104048.1362] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN plugin: state changed: started (4)
NetworkManager[26605]: <info> [1475104048.1387] vpn-connection[0x19f55c0,f3e592de-b14e-4775-8950-cdedac3b5a28,"AirVPN_United-Kingdom_UDP-443",7:(tun0)]: VPN connection: (IP Config Get) complete
NetworkManager[26605]: <info> [1475104048.1392] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
NetworkManager[26605]: <info> [1475104048.1500] manager: NetworkManager state is now CONNECTED_LOCAL
NetworkManager[26605]: <info> [1475104048.1502] manager: NetworkManager state is now CONNECTED_GLOBAL
NetworkManager[26605]: <info> [1475104048.1505] dns-mgr: Writing DNS information to /sbin/resolvconf
dnsmasq[26678]: setting upstream servers from DBus
dnsmasq[26678]: using nameserver 10.4.0.1#53
dbus[804]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
NetworkManager[26605]: <info> [1475104048.1769] keyfile: add connection in-memory (40a6043d-7871-4195-8e3e-d7ea59e00877,"tun0")
NetworkManager[26605]: <info> [1475104048.1786] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
NetworkManager[26605]: <info> [1475104048.1852] device (tun0): Activation: starting connection 'tun0' (40a6043d-7871-4195-8e3e-d7ea59e00877)
NetworkManager[26605]: <info> [1475104048.1890] device (tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
NetworkManager[26605]: <info> [1475104048.1894] device (tun0): state change: prepare -> config (reason 'none') [40 50 0]
NetworkManager[26605]: <info> [1475104048.1897] device (tun0): state change: config -> ip-config (reason 'none') [50 70 0]
NetworkManager[26605]: <info> [1475104048.1901] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
NetworkManager[26605]: <info> [1475104048.1904] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
NetworkManager[26605]: <info> [1475104048.1907] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
NetworkManager[26605]: <info> [1475104048.1935] manager: NetworkManager state is now CONNECTED_LOCAL
NetworkManager[26605]: <info> [1475104048.1936] manager: NetworkManager state is now CONNECTED_GLOBAL
NetworkManager[26605]: <info> [1475104048.1937] policy: set 'tun0' (tun0) as default for IPv4 routing and DNS
NetworkManager[26605]: <info> [1475104048.1938] device (tun0): Activation: successful, device activated.
systemd[1]: Starting Network Manager Script Dispatcher Service...
dbus[804]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
systemd[1]: Started Network Manager Script Dispatcher Service.
nm-dispatcher: req:1 'vpn-up' [tun0]: new request (2 scripts)
nm-dispatcher: req:1 'vpn-up' [tun0]: start running ordered scripts...
nm-dispatcher: req:2 'up' [tun0]: new request (2 scripts)
wpa_supplicant[1266]: wlp4s0: Failed to initiate sched scan
nm-openvpn[4496]: write to TUN/TAP : Invalid argument (code=22)
nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts...
whoopsie[881]: [] Cannot reach: https://daisy.ubuntu.com
whoopsie[881]: [] offline
whoopsie[881]: [] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/6
whoopsie[881]: [] Network connection may be a paid data plan: /org/freedesktop/NetworkManager/Devices/5
whoopsie[881]: [] The default IPv4 route is: /org/freedesktop/NetworkManager/ActiveConnection/6
whoopsie[881]: [] Network connection may be a paid data plan: /org/freedesktop/NetworkManager/Devices/5
nm-openvpn[4496]: write to TUN/TAP : Invalid argument (code=22)
这是一个 AirVPN vpn,ovpn 文件是通过以下方式生成的他们的配置生成器对于 Linux,选择英国国家/地区和 UDP(相同配置在我的 Android 手机 openvpn 上工作正常)。我尝试使用工作 VPN ovpn 文件,结果类似。
我已经安装network-manager-openvpn了
network-manager-openvpn-gnome
ifconfig 还显示:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.4.16.251 P-t-P:10.4.16.251 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:1860 (1.8 KB)
iptables 刷新:
[ root@myhostname: /home/lee ]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
route -n(不使用VPN):
[ root@myhostname: ~ ]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 enp3s0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp3s0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0
路线-n(使用VPN):
[ root@myhostname: ~ ]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.4.0.1 0.0.0.0 UG 50 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 enp3s0
10.4.0.0 0.0.0.0 255.255.0.0 U 50 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp3s0
185.103.96.130 192.168.0.1 255.255.255.255 UGH 100 0 0 enp3s0
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0
AirVPN ovpn 看起来像(我删除了最后的 crts 和密钥):
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 28th of September 2016 11:02:52 PM
# OpenVPN Client Configuration.
# AirVPN_United-Kingdom_UDP-443
# --------------------------------------------------------
client
dev tun
proto udp
remote gb.vpn.airdns.org 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
编辑: 我发现如果我更改配置以comp-lzo启用它(或在网络管理器设置中使用 LZO 数据压缩),一切就会正常。我不确定为什么会出现这个问题,以及为什么在 16.04 上需要偏离 AirVPN 自动生成的设置。
答案1
那么“comp-lzo”到底是什么?
根据 OpenVPN 的网站:
Use fast LZO compression -- may add up to 1 byte per packet for incompressible data.
但这并不能真正解决问题,所以让我们从“LZO 压缩”这个名称开始......
Lempel–Ziv–Oberhumer,合理缩写为 LZO...
... 是一种压缩算法,直到今天仍然特别快,特别是在解压缩数据时 - 这使得它非常适合可以经常发送许多小数据包的 VPN 系统。
那么使用压缩的意义是什么……?
启用压缩只是一种权衡 - 您将连接速度降低一点点,并使用稍微多一点的处理能力,但作为回报,占用的带宽更少。当然,一些服务器提供商会使用它来允许更多用户在给定带宽下同时连接。
好的,那么这里的问题是什么/为什么我需要启用它?
简而言之,如果客户端没有向等待压缩数据包的服务器发送压缩数据包,服务器将视其为错误并拒绝继续 - 同样,如果服务器等待未压缩的数据并收到压缩数据,它将无法理解所发出的请求并会直接丢弃它。
如果你想知道为什么服务器和客户端不被编程为自动检测和处理压缩,我怀疑它的优化 - 审核每个数据包的压缩会减慢一切,因此让用户手动指定系统是最有效的,如果对传统人为错误的抵抗力较差。
我怀疑 AirVPN 最近更改了此设置,但没有修改配置制作工具!