无法让 openVPN 正常工作

tag-icon tag-icon openvpn tunnelblick
无法让 openVPN 正常工作

早上好,

我正在尝试配置 VPN 的最低要求。服务器是全新安装的 centos 7(如果更简单,我可以尝试其他版本)我已遵循此网站的说明https://www.cyberciti.biz/faq/centos-7-0-set-up-openvpn-server-in-5-minutes/ 我也尝试过手动方式https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7

但是当我尝试在 Mac 上使用 Tunnelblick 连接时,我只能通过他们的 IP 访问网站(因此存在 DNS 问题),我在我的服务器上添加了一个 PHP 脚本以获取我的公共 IP,但使用的仍然是我的旧公共 IP,而不是新 IP。似乎根本没有使用 VPN

此外,经过一段时间后,控制台中会显示隧道闪烁“

2019-04-05 19:14:50 Tunnelblick[59941] currentIPInfo(Name): IP address info could not be fetched within 34.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600001f05530 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://tunnelblick.net/ipinfo, NSErrorFailingURLKey=https://tunnelblick.net/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-04-05 19:15:25 Tunnelblick[59941] currentIPInfo(Address): IP address info could not be fetched within 35.0 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1001 "The request timed out." UserInfo={NSUnderlyingError=0x600001fc76f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1001 "The request timed out." UserInfo={NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorCodeKey=-2102, _kCFStreamErrorDomainKey=4, NSLocalizedDescription=The request timed out.}}, NSErrorFailingURLStringKey=https://205.233.73.116/ipinfo, NSErrorFailingURLKey=https://205.233.73.116/ipinfo, _kCFStreamErrorDomainKey=4, _kCFStreamErrorCodeKey=-2102, NSLocalizedDescription=The request timed out.}'; the response was '(null)'
2019-04-05 19:15:25 Tunnelblick[59941] An error occured fetching IP address information after connecting

我也尝试过在我的 android 和 virtualbox 中的 linux mint 上使用

openvpn --config cclient.ovpn 
Options error: Unrecognized option or missing parameter(s) in cclient.ovpn:21: tls-crypt (2.3.10)
Use --help for more information.

但第 21 行位于加密密钥的中间

并且 tls-crypt 标签存在但在之后。

<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
f3856bf6762970d83c25eccd966400dc
d6ec43b27660930701d6ebd6efbaa3da
...

这是 ovpn 的全部内容(暂时不关心安全性)

client
proto udp
remote 193.148.68.62 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_BJMqmYrUxDaMZl3k name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwjCCAWegAwIBAgIJAKCDTh1DURAlMAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E2NuXzJaUDlSVFphUGh4NWliNlQwHhcNMTkwNDA1MTU1MjM0WhcNMjkwNDAyMTU1
MjM0WjAeMRwwGgYDVQQDDBNjbl8yWlA5UlRaYVBoeDVpYjZUMFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEynRBDBwK1u00mhLN2jUTGVSHGwVfDaXCbIL/XZBazfvf
79LUoTwGYUKp4ka/Jx/BDF7EKNteWPLziPoBZ/vV06OBjTCBijAdBgNVHQ4EFgQU
4ivwFfTgbZnpzRKkHmGa3VRy+NwwTgYDVR0jBEcwRYAU4ivwFfTgbZnpzRKkHmGa
3VRy+NyhIqQgMB4xHDAaBgNVBAMME2NuXzJaUDlSVFphUGh4NWliNlSCCQCgg04d
Q1EQJTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBG
AiEAtM0HNJRX3xvofmlPwD7rntRj2obwLoY+8td02rDCAbwCIQCxuO1vNOQOrSyy
LshRURfmIyWfsDqamYfn3APUUAvttQ==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBzTCCAXOgAwIBAgIQDcXZ3dwQ3NvBLD/hEJAjlDAKBggqhkjOPQQDAjAeMRww
GgYDVQQDDBNjbl8yWlA5UlRaYVBoeDVpYjZUMB4XDTE5MDQwNTE1NTQwMloXDTIy
MDMyMDE1NTQwMlowETEPMA0GA1UEAwwGY2xpZW50MFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEGbEMBPaSe/l0e7+UzQDW0PIUNTUu5bZqo9pIG/26/Xa38o2Ck+wk
UdcOj8Z9ggbPwHu+x8s1ppTTyxn+ZsNw1aOBnzCBnDAJBgNVHRMEAjAAMB0GA1Ud
DgQWBBSEY73UYBhDTZ54fwnMIFDwAJJWSjBOBgNVHSMERzBFgBTiK/AV9OBtmenN
EqQeYZrdVHL43KEipCAwHjEcMBoGA1UEAwwTY25fMlpQOVJUWmFQaHg1aWI2VIIJ
AKCDTh1DURAlMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggq
hkjOPQQDAgNIADBFAiEA2F1KHsgrhu2foCz7D476A7NEAJ94KAAZ3E+do6hgHysC
IAZBnrKqN+9C60CoJyYA/JCmms/Ed8Q9Fipj4wrvQHLQ
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[private key redacted]
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
f3856bf6762970d83c25eccd966400dc
d6ec43b27660930701d6ebd6efbaa3da
dee8e380cf94855e0f2ce1e9f832c4f6
613c6c51e97904b1e93182b2753bdcb8
c7f6573e74e8ce5640c329438b73241b
494a3935443f03717fd68dfe9c0d2bb5
755e9309b5e12a62452599bfaaef60ef
50f91463958edd07e4014c8503c8ed8f
da1ad0b1d42cdc169c3fbc1703b1662c
9ac3d32aa36254e73659d2f73ff44400
8e0a1692d808f7607111bf5becf32a91
5f2b44906b24a55939de881cb2406c25
80714f5aed426e1790950079f466afa2
7e61c35d2f6939479fab9e714813bb4c
00a71ce2954ff7bf8a0194622d0f21c6
4a00adf365708a59683468060ff23056
-----END OpenVPN Static key V1-----
</tls-crypt>

所以我不太明白为什么它不起作用。我的服务器上没有安装防火墙(没有安装firewalld),tun 已激活。

如果你有办法在 Linux Mint 或 OSX 上解除连接,那将会很有帮助。谢谢

答案1

我最终通过遵循包含客户端软件的完全不同的教程解决了这个问题。 https://www.vultr.com/docs/installing-openvpn-on-centos-7

配置:

  • CentOS Linux 版本 7.6.1810(核心)在开放 VZ 中,内核为 2.6.32-48-pve

  • openVPN 版本 : openvpn-as-2.0.10-CentOS7.x86_64.rpm(新版本存在库依赖问题)

我必须禁用系统完整性保护才能使“OpenVpn Connect”在 Mac 上运行,并避免出现“运行 jsondialog 时出错”

步 :

yum update
yum install net-tools
cd /tmp
wget http://swupdate.openvpn.org/as/openvpn-as-2.0.10-CentOS7.x86_64.rpm
rpm -Uvh openvpn-as-2.0.10-CentOS7.x86_64.rpm

passwd openvpn

选择密码

在 chrome/firefox 或其他浏览器中,转到 yourpublicip:943/admin,使用 openvpn 和所选密码进行连接。接受所有内容,然后单击启动服务器(如果已停止)。

在浏览器中转到yourpublicip:943并再次与用户openvpn连接。

点击下载openvpn连接并输入登录名和密码

对于 Mac

如果有 json 错误http://osxdaily.com/2015/10/05/disable-rootless-system-integrity-protection-mac-os-x/

相关内容