我无法连接到我的 VPN 提供商。
我无法使用 CyberGhost 提供的脚本,因为它无法在 Arch Linux 上运行,并且只能在cyberghostvpn: error while loading shared libraries: libz.so.1: failed to map segment from shared object
启动时退出
我正在使用 Gnome NetworkManager 小程序通过 CyberGhost 在其网站上提供的 .ovpn 文件连接到他们。
看起来它能够在短时间内建立网络连接,但随后立即中止并提示服务器配置错误。我以前能够通过这种方式连接,直到我重新安装系统。
NetworkManager 日志:
Mär 08 09:24:23 pwrpc NetworkManager[615]: <info> [1615195463.6919] audit: op="connection-activate" uuid="5ac753b0-ffeb-4bd7-bfd2-a4782fc25797" name="CG_Estland" pid=9655 uid=1000 result="success"
Mär 08 09:24:23 pwrpc NetworkManager[615]: <info> [1615195463.6944] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: Started the VPN service, PID 26820
Mär 08 09:24:23 pwrpc NetworkManager[615]: <info> [1615195463.7017] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: Saw the service appear; activating connection
Mär 08 09:24:23 pwrpc NetworkManager[615]: <info> [1615195463.7572] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: starting (3)
Mär 08 09:24:23 pwrpc NetworkManager[615]: <info> [1615195463.7573] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN connection: (ConnectInteractive) reply received
Mär 08 09:24:23 pwrpc nm-openvpn[26827]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mär 08 09:24:23 pwrpc nm-openvpn[26827]: WARNING: file '/home/leon/CyberGhost/client.key' is group or others accessible
Mär 08 09:24:23 pwrpc nm-openvpn[26827]: OpenVPN 2.5.1 [git:makepkg/f186691b32e68362+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 24 2021
Mär 08 09:24:23 pwrpc nm-openvpn[26827]: library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
Mär 08 09:24:23 pwrpc nm-openvpn[26827]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: TCP/UDP: Preserving recently used remote address: [AF_INET]95.153.32.89:443
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: UDP link local: (not bound)
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: UDP link remote: [AF_INET]95.153.32.89:443
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1549'
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth [null-digest]'
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Mär 08 09:24:24 pwrpc nm-openvpn[26827]: [tallinn-rack404.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]95.153.32.89:443
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: TUN/TAP device tun0 opened
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 26820 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_3 --tun -- tun0 1500 1552 10.203.6.105 255.255.255.0 init
Mär 08 09:24:25 pwrpc NetworkManager[615]: <info> [1615195465.8616] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/5)
Mär 08 09:24:25 pwrpc NetworkManager[615]: <info> [1615195465.8670] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN connection: (IP Config Get) reply received.
Mär 08 09:24:25 pwrpc NetworkManager[615]: <info> [1615195465.8682] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",5:(tun0)]: VPN connection: (IP4 Config Get) reply received
Mär 08 09:24:25 pwrpc NetworkManager[615]: <info> [1615195465.8690] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",5:(tun0)]: VPN connection: (IP6 Config Get) reply received
Mär 08 09:24:25 pwrpc NetworkManager[615]: <warn> [1615195465.8690] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",5:(tun0)]: invalid IP6 config received!
Mär 08 09:24:25 pwrpc NetworkManager[615]: <warn> [1615195465.8691] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",5:(tun0)]: VPN connection: did not receive valid IP config information
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: GID set to nm-openvpn
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: UID set to nm-openvpn
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: Initialization Sequence Completed
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: event_wait : Interrupted system call (code=4)
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: net_addr_v4_del: 10.203.6.105 dev tun0
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Mär 08 09:24:25 pwrpc nm-openvpn[26827]: Linux can't del IP from iface tun0
Mär 08 09:24:25 pwrpc NetworkManager[615]: <info> [1615195465.8709] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: started (4)
Mär 08 09:24:25 pwrpc NetworkManager[615]: <info> [1615195465.8710] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: stopping (5)
Mär 08 09:24:25 pwrpc NetworkManager[615]: <info> [1615195465.8714] vpn-connection[0x56199a770330,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: stopped (6)
Mär 08 09:24:26 pwrpc nm-openvpn[26827]: SIGTERM[hard,] received, process exiting
Mär 08 09:28:03 pwrpc NetworkManager[615]: <info> [1615195683.1628] audit: op="connection-activate" uuid="5ac753b0-ffeb-4bd7-bfd2-a4782fc25797" name="CG_Estland" pid=9655 uid=1000 result="success"
Mär 08 09:28:03 pwrpc NetworkManager[615]: <info> [1615195683.1651] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: Started the VPN service, PID 27397
Mär 08 09:28:03 pwrpc NetworkManager[615]: <info> [1615195683.1724] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: Saw the service appear; activating connection
Mär 08 09:28:03 pwrpc NetworkManager[615]: <info> [1615195683.2141] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: starting (3)
Mär 08 09:28:03 pwrpc NetworkManager[615]: <info> [1615195683.2142] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN connection: (ConnectInteractive) reply received
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: WARNING: file '/home/leon/CyberGhost/client.key' is group or others accessible
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: OpenVPN 2.5.1 [git:makepkg/f186691b32e68362+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 24 2021
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: TCP/UDP: Preserving recently used remote address: [AF_INET]95.153.32.89:443
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: UDP link local: (not bound)
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: UDP link remote: [AF_INET]95.153.32.89:443
Mär 08 09:28:03 pwrpc nm-openvpn[27404]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mär 08 09:28:04 pwrpc nm-openvpn[27404]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1549'
Mär 08 09:28:04 pwrpc nm-openvpn[27404]: WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth [null-digest]'
Mär 08 09:28:04 pwrpc nm-openvpn[27404]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Mär 08 09:28:04 pwrpc nm-openvpn[27404]: [tallinn-rack404.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]95.153.32.89:443
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: TUN/TAP device tun0 opened
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 27397 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_4 --tun -- tun0 1500 1552 10.203.6.105 255.255.255.0 init
Mär 08 09:28:05 pwrpc NetworkManager[615]: <info> [1615195685.2899] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/6)
Mär 08 09:28:05 pwrpc NetworkManager[615]: <info> [1615195685.2962] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN connection: (IP Config Get) reply received.
Mär 08 09:28:05 pwrpc NetworkManager[615]: <info> [1615195685.2968] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",6:(tun0)]: VPN connection: (IP4 Config Get) reply received
Mär 08 09:28:05 pwrpc NetworkManager[615]: <info> [1615195685.2977] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",6:(tun0)]: VPN connection: (IP6 Config Get) reply received
Mär 08 09:28:05 pwrpc NetworkManager[615]: <warn> [1615195685.2978] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",6:(tun0)]: invalid IP6 config received!
Mär 08 09:28:05 pwrpc NetworkManager[615]: <warn> [1615195685.2979] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",6:(tun0)]: VPN connection: did not receive valid IP config information
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: GID set to nm-openvpn
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: UID set to nm-openvpn
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: Initialization Sequence Completed
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: event_wait : Interrupted system call (code=4)
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: net_addr_v4_del: 10.203.6.105 dev tun0
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Mär 08 09:28:05 pwrpc NetworkManager[615]: <info> [1615195685.2995] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: started (4)
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: Linux can't del IP from iface tun0
Mär 08 09:28:05 pwrpc NetworkManager[615]: <info> [1615195685.2995] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: stopping (5)
Mär 08 09:28:05 pwrpc NetworkManager[615]: <info> [1615195685.2995] vpn-connection[0x56199a770540,5ac753b0-ffeb-4bd7-bfd2-a4782fc25797,"CG_Estland",0]: VPN plugin: state changed: stopped (6)
Mär 08 09:28:05 pwrpc nm-openvpn[27404]: SIGTERM[hard,] received, process exiting
我已经在连接编辑器中停用了 ipv6。
以下是 ovpn 文件的内容:
client
remote 87-1-cz.cg-dialup.net 443
dev tun
proto udp
auth-user-pass
resolv-retry infinite
redirect-gateway def1
persist-key
persist-tun
nobind
cipher AES-256-CBC
ncp-disable
auth SHA256
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
verb 4
ca ca.crt
cert client.crt
key client.key
知道为什么会这样吗?有没有更好的方法在 Linux 中连接到 VPN 提供商?
此致
答案1
我问过 CyberGhost,他们告诉我他们可能正在开发 Arch Linux 端口。没什么特别的。
目前我设法通过降级 OpenVPN 来连接这里解释:
sudo pacman -U https://archive.archlinux.org/packages/o/openvpn/openvpn-2.4.9-2-x86_64.pkg.tar.zst
如果使用 GTK 网络编辑器,请在 LAN/WiFi 连接设置中禁用 IPv6 以防止 IP 信息泄露。仅对不支持 IPv6 的 CyberGhost 执行此操作。
不幸的是,我遇到了 IPv4 泄漏。我不记得以前如何修复它,但可能会尝试这个 YouTube 视频。
当我找到解决方法时将更新这个答案。
找到解决泄漏的方法: https://unix.stackexchange.com/questions/434916/how-to-fix-openvpn-dns-leak
查找您已安装的 NetworkManager VPN 连接(“$”只是我的系统提示符,表示您在终端窗口的命令行中):
$ ls -la /etc/NetworkManager/system-connections/*
然后选择您想要修复的那个并在其上运行此命令(或者您可以手动编辑配置文件,因为此命令只在 ipv4 部分下添加一个 dns-priority 条目):
$ sudo nmcli connection modify <vpn-connection-name> ipv4.dns-priority -42
并重新启动:
$ sudo service network-manager restart
不知道这有什么用。所以如果有人有想法,我很想听听。