我想从 centos7 使用 openvpn,但一直面临 TLS 握手错误的问题(以及警告:未启用服务器证书验证方法。)
client.ovpn文件的代码
client
dev tap
proto udp
remote 202.79.XX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
#ca wlink-ca.pem
ca ca.crt
comp-lzo
verb 3
auth-user-pass
route-method exe
route-delay 2
/etc/openvpn 中有 4 个文件
- 证书
- 客户端.ovpn
- easy-rsa
- 自述文件.txt
输出:
sudo openvpn --config client.ovpn
Wed Mar 15 11:22:31 2017 OpenVPN 2.3.14 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 7 2016
Wed Mar 15 11:22:31 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Enter Auth Username: ***************
Enter Auth Password: *****
Wed Mar 15 11:22:45 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Mar 15 11:22:45 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Mar 15 11:22:45 2017 UDPv4 link local: [undef]
Wed Mar 15 11:22:45 2017 UDPv4 link remote: [AF_INET]202.79.XX.XXX:1194
Wed Mar 15 11:22:45 2017 TLS: Initial packet from [AF_INET]202.79.32.115:1194, sid=9b186f7d ff710a3f
Wed Mar 15 11:22:45 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Mar 15 11:22:46 2017 VERIFY OK: depth=1, C=NP, ST=Bagmati, L=Kathmandu, O=Worldlink, OU=System, CN=something, [email protected]
Wed Mar 15 11:22:46 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=NP, ST=Bagmati, O=Worldlink, OU=System, CN=something, [email protected]
Wed Mar 15 11:22:46 2017 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Mar 15 11:22:46 2017 TLS_ERROR: BIO read tls_read_plaintext error
Wed Mar 15 11:22:46 2017 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 15 11:22:46 2017 TLS Error: TLS handshake failed
Wed Mar 15 11:22:46 2017 SIGUSR1[soft,tls-error] received, process restarting
Wed Mar 15 11:22:46 2017 Restart pause, 2 second(s)
^CWed Mar 15 11:22:47 2017 SIGINT[hard,init_instance] received, process exiting
e here
我该如何修复此问题?