我一直在努力让 OpenVPN 服务器在已经运行 PiHole 的 raspberry-pi 上运行。TLS 密钥协商在 60 秒后超时,我不知道为什么。我在路由器上将其端口转发到端口 1194,用于 ipv4 和 ipv6。
此外,如果我将配置中的 IP(.ovpn 文件)更改为我家庭网络中的服务器本地 IP,它就可以正常工作。如果我尝试通过互联网连接,它就不起作用。我有 ipv6 和 ipv4。如果需要,我可以附加日志,但我需要它们所在的路径。
编辑:我正在使用手机测试其移动数据连接。我的提供商使用 DS-lite,这会造成任何问题吗?
我的 ovpn 文件
dev tun
proto udp
remote my.ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
我的服务器配置
local 192.168.178.32
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
#push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.178.32"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
192.68.178.32是我的 pihole,我将其用作 DNS 和 DHCP 服务器。
我的 ifconfig 输出
root@raspberrypi:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.178.32 netmask 255.255.255.0 broadcast 192.168.178.255
inet6 fe80::8f18:fb44:a5f1:af38 prefixlen 64 scopeid 0x20<link>
inet6 2a02:8071:219f:9000:28f6:566f:32c8:105d prefixlen 64 scopeid 0x0<global>
inet6 2a02:8071:219f:9000::1a1 prefixlen 128 scopeid 0x0<global>
ether b8:27:eb:db:1c:f4 txqueuelen 1000 (Ethernet)
RX packets 96919 bytes 9369972 (8.9 MiB)
RX errors 0 dropped 43039 overruns 0 frame 0
TX packets 61668 bytes 47669565 (45.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Lokale Schleife)
RX packets 139811 bytes 9665320 (9.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 139811 bytes 9665320 (9.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fddd:1194:1194:1194::1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::7ff1:9b78:4550:cf04 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 1 bytes 72 (72.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 83 bytes 15448 (15.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我的电话记录与动词 4
08:05:52.021 -- ----- OpenVPN Start -----
08:05:52.021 -- EVENT: CORE_THREAD_ACTIVE
08:05:52.024 -- OpenVPN core 3.git:released:662eae9a:Release android arm64 64-bit PT_PROXY
08:05:52.024 -- Frame=512/2048/512 mssfix-ctrl=1250
08:05:52.025 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [ignore-unknown-option] [block-outside-dns]
12 [block-outside-dns]
13 [verb] [4]
08:05:52.025 -- EVENT: RESOLVE
08:05:52.028 -- Contacting my.ip via UDP
08:05:52.029 -- EVENT: WAIT
08:05:52.033 -- Connecting to [my.ip]:1194 (my.ip) via UDPv4
08:06:02.025 -- Server poll timeout, trying next remote entry...
08:06:02.027 -- EVENT: RECONNECTING
08:06:02.032 -- EVENT: RESOLVE
08:06:02.050 -- Contacting my.ip:1194 via UDP
08:06:02.051 -- EVENT: WAIT
08:06:02.064 -- Connecting to [my.ip]:1194 (my.ip) via UDPv4
08:06:12.028 -- Server poll timeout, trying next remote entry...
08:06:12.030 -- EVENT: RECONNECTING
08:07:16.869 -- ----- OpenVPN Stop -----
我的电脑与 verb 4 登录同一个局域网
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_private_mode = 00000000
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_cert_private = DISABLED
Tue Feb 23 08:14:48 2021 pkcs11_pin_cache_period = -1
Tue Feb 23 08:14:48 2021 pkcs11_id = '[UNDEF]'
Tue Feb 23 08:14:48 2021 pkcs11_id_management = DISABLED
Tue Feb 23 08:14:48 2021 server_network = 0.0.0.0
Tue Feb 23 08:14:48 2021 server_netmask = 0.0.0.0
Tue Feb 23 08:14:48 2021 server_network_ipv6 = ::
Tue Feb 23 08:14:48 2021 server_netbits_ipv6 = 0
Tue Feb 23 08:14:48 2021 server_bridge_ip = 0.0.0.0
Tue Feb 23 08:14:48 2021 server_bridge_netmask = 0.0.0.0
Tue Feb 23 08:14:48 2021 server_bridge_pool_start = 0.0.0.0
Tue Feb 23 08:14:48 2021 server_bridge_pool_end = 0.0.0.0
Tue Feb 23 08:14:48 2021 ifconfig_pool_defined = DISABLED
Tue Feb 23 08:14:48 2021 ifconfig_pool_start = 0.0.0.0
Tue Feb 23 08:14:48 2021 ifconfig_pool_end = 0.0.0.0
Tue Feb 23 08:14:48 2021 ifconfig_pool_netmask = 0.0.0.0
Tue Feb 23 08:14:48 2021 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Feb 23 08:14:48 2021 ifconfig_pool_persist_refresh_freq = 600
Tue Feb 23 08:14:48 2021 ifconfig_ipv6_pool_defined = DISABLED
Tue Feb 23 08:14:48 2021 ifconfig_ipv6_pool_base = ::
Tue Feb 23 08:14:48 2021 ifconfig_ipv6_pool_netbits = 0
Tue Feb 23 08:14:48 2021 n_bcast_buf = 256
Tue Feb 23 08:14:48 2021 tcp_queue_limit = 64
Tue Feb 23 08:14:48 2021 real_hash_size = 256
Tue Feb 23 08:14:48 2021 virtual_hash_size = 256
Tue Feb 23 08:14:48 2021 client_connect_script = '[UNDEF]'
Tue Feb 23 08:14:48 2021 learn_address_script = '[UNDEF]'
Tue Feb 23 08:14:48 2021 client_disconnect_script = '[UNDEF]'
Tue Feb 23 08:14:48 2021 client_config_dir = '[UNDEF]'
Tue Feb 23 08:14:48 2021 ccd_exclusive = DISABLED
Tue Feb 23 08:14:48 2021 tmp_dir = 'C:\Users\maxim\AppData\Local\Temp\'
Tue Feb 23 08:14:48 2021 push_ifconfig_defined = DISABLED
Tue Feb 23 08:14:48 2021 push_ifconfig_local = 0.0.0.0
Tue Feb 23 08:14:48 2021 push_ifconfig_remote_netmask = 0.0.0.0
Tue Feb 23 08:14:48 2021 push_ifconfig_ipv6_defined = DISABLED
Tue Feb 23 08:14:48 2021 push_ifconfig_ipv6_local = ::/0
Tue Feb 23 08:14:48 2021 push_ifconfig_ipv6_remote = ::
Tue Feb 23 08:14:48 2021 enable_c2c = DISABLED
Tue Feb 23 08:14:48 2021 duplicate_cn = DISABLED
Tue Feb 23 08:14:48 2021 cf_max = 0
Tue Feb 23 08:14:48 2021 cf_per = 0
Tue Feb 23 08:14:48 2021 max_clients = 1024
Tue Feb 23 08:14:48 2021 max_routes_per_client = 256
Tue Feb 23 08:14:48 2021 auth_user_pass_verify_script = '[UNDEF]'
Tue Feb 23 08:14:48 2021 auth_user_pass_verify_script_via_file = DISABLED
Tue Feb 23 08:14:48 2021 auth_token_generate = DISABLED
Tue Feb 23 08:14:48 2021 auth_token_lifetime = 0
Tue Feb 23 08:14:48 2021 auth_token_secret_file = '[UNDEF]'
Tue Feb 23 08:14:48 2021 vlan_tagging = DISABLED
Tue Feb 23 08:14:48 2021 vlan_accept = all
Tue Feb 23 08:14:48 2021 vlan_pvid = 1
Tue Feb 23 08:14:48 2021 client = ENABLED
Tue Feb 23 08:14:48 2021 pull = ENABLED
Tue Feb 23 08:14:48 2021 auth_user_pass_file = '[UNDEF]'
Tue Feb 23 08:14:48 2021 show_net_up = DISABLED
Tue Feb 23 08:14:48 2021 route_method = 3
Tue Feb 23 08:14:48 2021 block_outside_dns = ENABLED
Tue Feb 23 08:14:48 2021 ip_win32_defined = DISABLED
Tue Feb 23 08:14:48 2021 ip_win32_type = 3
Tue Feb 23 08:14:48 2021 dhcp_masq_offset = 0
Tue Feb 23 08:14:48 2021 dhcp_lease_time = 31536000
Tue Feb 23 08:14:48 2021 tap_sleep = 0
Tue Feb 23 08:14:48 2021 dhcp_options = DISABLED
Tue Feb 23 08:14:48 2021 dhcp_renew = DISABLED
Tue Feb 23 08:14:48 2021 dhcp_pre_release = DISABLED
Tue Feb 23 08:14:48 2021 domain = '[UNDEF]'
Tue Feb 23 08:14:48 2021 netbios_scope = '[UNDEF]'
Tue Feb 23 08:14:48 2021 netbios_node_type = 0
Tue Feb 23 08:14:48 2021 disable_nbt = DISABLED
Tue Feb 23 08:14:48 2021 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
Tue Feb 23 08:14:48 2021 Windows version 10.0 (Windows 10 or greater) 64bit
Tue Feb 23 08:14:48 2021 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Tue Feb 23 08:14:48 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Tue Feb 23 08:14:48 2021 Need hold release from management interface, waiting...
Tue Feb 23 08:14:48 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Tue Feb 23 08:14:48 2021 MANAGEMENT: CMD 'state on'
Tue Feb 23 08:14:48 2021 MANAGEMENT: CMD 'log all on'
Tue Feb 23 08:14:48 2021 MANAGEMENT: CMD 'echo all on'
Tue Feb 23 08:14:48 2021 MANAGEMENT: CMD 'bytecount 5'
Tue Feb 23 08:14:48 2021 MANAGEMENT: CMD 'hold off'
Tue Feb 23 08:14:48 2021 MANAGEMENT: CMD 'hold release'
Tue Feb 23 08:14:48 2021 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Feb 23 08:14:48 2021 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb 23 08:14:48 2021 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Feb 23 08:14:48 2021 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb 23 08:14:48 2021 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Tue Feb 23 08:14:48 2021 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Feb 23 08:14:48 2021 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Tue Feb 23 08:14:48 2021 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Tue Feb 23 08:14:48 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]my.ip:1194
Tue Feb 23 08:14:48 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Feb 23 08:14:48 2021 UDP link local: (not bound)
Tue Feb 23 08:14:48 2021 UDP link remote: [AF_INET]my.ip:1194
Tue Feb 23 08:14:48 2021 MANAGEMENT: >STATE:1614064488,WAIT,,,,,,
Tue Feb 23 08:15:48 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Feb 23 08:15:48 2021 TLS Error: TLS handshake failed
Tue Feb 23 08:15:48 2021 TCP/UDP: Closing socket
Tue Feb 23 08:15:48 2021 SIGUSR1[soft,tls-error] received, process restarting
Tue Feb 23 08:15:48 2021 MANAGEMENT: >STATE:1614064548,RECONNECTING,tls-error,,,,,
Tue Feb 23 08:15:48 2021 Restart pause, 5 second(s)
我希望有人知道为什么它不起作用。提前谢谢。
答案1
我修好了。我有一个双栈精简版 (ds lite) 连接,并尝试使用在线端口映射服务,但没有成功... 然后我打电话给我的 ISP,他们给了我双栈 (一个 ipv4 地址和一个 ipv6 地址)。现在它运行得很好。
当我问这个问题时,我不知道我有 ds lite,也不知道它是什么。仍然感谢大家。