为什么我收到 OpenVPN 握手失败错误?

为什么我收到 OpenVPN 握手失败错误?

我正在尝试使我的 openVPN 工作但出现了我无法理解的错误。

我的配置文件如下:

client
auth-user-pass userpass.data
management 127.0.0.1 5001
management-log-cache 50
dev tun
proto udp
comp-lzo
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
cipher bf-cbc
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append /var/log/piavpn.log
ca ca.rsa.4096.crt
status-version 3
daemon
up up.sh
down-pre
down down.sh
remote sweden.privateinternetaccess.com 1194

错误日志显示以下内容:

Sun Feb 11 17:35:50 2018 us=595361 Current Parameter Settings:
Sun Feb 11 17:35:50 2018 us=595759   config = '/etc/openvpn/pia.conf'
Sun Feb 11 17:35:50 2018 us=595880   mode = 0
Sun Feb 11 17:35:50 2018 us=595952   persist_config = DISABLED
Sun Feb 11 17:35:50 2018 us=596019   persist_mode = 1
Sun Feb 11 17:35:50 2018 us=596083 NOTE: --mute triggered...
Sun Feb 11 17:35:50 2018 us=596753 271 variation(s) on previous 5 message(s) suppressed by --mute
Sun Feb 11 17:35:50 2018 us=596935 OpenVPN 2.3.10 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on$
Sun Feb 11 17:35:50 2018 us=597053 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Sun Feb 11 17:35:50 2018 us=598601 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:5001
Sun Feb 11 17:35:50 2018 us=599683 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Feb 11 17:35:50 2018 us=603245 LZO compression initialized
Sun Feb 11 17:35:50 2018 us=603839 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Feb 11 17:35:50 2018 us=604078 Socket Buffers: R=[514400->514400] S=[514400->514400]
Sun Feb 11 17:35:50 2018 us=674607 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Sun Feb 11 17:35:50 2018 us=674807 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,a$
Sun Feb 11 17:35:50 2018 us=674897 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,ciphe$
Sun Feb 11 17:35:50 2018 us=675028 Local Options hash (VER=V4): '41690919'
Sun Feb 11 17:35:50 2018 us=675124 Expected Remote Options hash (VER=V4): '530fdded'
Sun Feb 11 17:35:50 2018 us=675199 UDPv4 link local: [undef]
Sun Feb 11 17:35:50 2018 us=675474 UDPv4 link remote: [AF_INET]5.157.7.2:1194
Sun Feb 11 17:35:50 2018 us=715018 TLS: Initial packet from [AF_INET]5.157.7.2:1194, sid=343edf17 fa762022
Sun Feb 11 17:35:50 2018 us=715507 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent th$
Sun Feb 11 17:35:50 2018 us=761693 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=$
Sun Feb 11 17:35:50 2018 us=762665 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:$
Sun Feb 11 17:35:50 2018 us=762820 TLS Error: TLS object -> incoming plaintext read error
Sun Feb 11 17:35:50 2018 us=762909 TLS Error: TLS handshake failed
Sun Feb 11 17:35:50 2018 us=763289 TCP/UDP: Closing socket
Sun Feb 11 17:35:50 2018 us=763564 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 11 17:35:50 2018 us=763686 Restart pause, 2 second(s)
Sun Feb 11 17:35:52 2018 us=765867 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Feb 11 17:35:52 2018 us=766082 Re-using SSL/TLS context
Sun Feb 11 17:35:52 2018 us=766275 LZO compression initialized
Sun Feb 11 17:35:52 2018 us=766595 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Feb 11 17:35:52 2018 us=766764 Socket Buffers: R=[514400->514400] S=[514400->514400]
Sun Feb 11 17:35:52 2018 us=831005 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Sun Feb 11 17:35:52 2018 us=831181 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,a$
Sun Feb 11 17:35:52 2018 us=831253 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,ciphe$
Sun Feb 11 17:35:52 2018 us=831354 Local Options hash (VER=V4): '41690919'
Sun Feb 11 17:35:52 2018 us=831457 Expected Remote Options hash (VER=V4): '530fdded'
Sun Feb 11 17:35:52 2018 us=831536 UDPv4 link local: [undef]
Sun Feb 11 17:35:52 2018 us=831664 UDPv4 link remote: [AF_INET]91.108.183.74:1194
Sun Feb 11 17:35:52 2018 us=871090 TLS: Initial packet from [AF_INET]91.108.183.74:1194, sid=42f64ed4 7d9b0b45
Sun Feb 11 17:35:52 2018 us=920373 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=$
Sun Feb 11 17:35:52 2018 us=920728 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:$
Sun Feb 11 17:35:52 2018 us=920813 TLS Error: TLS object -> incoming plaintext read error
Sun Feb 11 17:35:52 2018 us=920892 TLS Error: TLS handshake failed
Sun Feb 11 17:35:52 2018 us=921306 TCP/UDP: Closing socket
Sun Feb 11 17:35:52 2018 us=921538 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 11 17:35:52 2018 us=921678 Restart pause, 2 second(s)
Sun Feb 11 17:35:53 2018 us=277634 SIGTERM[hard,init_instance] received, process exiting

我不确定问题出在哪里。我做了一些研究,结果显示错误出在证书上,但我没有创建任何证书,而是使用了 PIA 的 zip 文件提供的证书。

任何能够解决为什么这不起作用的帮助都将不胜感激。

我在 Odroid 设备上使用 Ubuntu 16.04.03。

谢谢

答案1

最有可能的是,你的证书配置不正确,证书;事实上你从上游收到它,并不意味着它不可能被弄坏。

要诊断此问题:记下错误消息

验证错误:深度=1,错误=证书链中的自签名证书:C=US,ST=OH,L=Columbus,O=$

然后运行以下命令:

openssl x509 -subject -issuer -noout -in ca.crt

在副本上证书在你手中。在输出中C=美国,...字段必须一致恰恰与错误消息的比较。例如,你应该不是俄亥俄州代替, 等等。

如果两个输出确实不同,则必须写信给客户支持,并要求他们发送适当的证书证书。

相关内容