为什么我无法 ping 我的 OpenVPN 服务器和客户端?

为什么我无法 ping 我的 OpenVPN 服务器和客户端?

我在主机上配置了服务器,在虚拟机上配置了客户端,服务器和客户端在首次启动时都亮着绿灯,直到日志显示它尝试在服务器计算机 @ 11.11.11.1 之间建立连接时,它尝试建立此连接时出现橙色指示灯,但一直卡在那里。我也无法 ping 任何一台机器。

2021-11-05 00:27:43 TLS: Initial packet from [AF_INET]11.11.11.1:12345, sid=ed0721cc 2e968296
2021-11-05 00:27:43 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=ServerVPN, OU=changeme, CN=ServerVPN, name=changeme, [email protected]
2021-11-05 00:27:43 VERIFY KU OK
2021-11-05 00:27:43 Validating certificate extended key usage
2021-11-05 00:27:43 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-11-05 00:27:43 VERIFY EKU OK
2021-11-05 00:27:43 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=ServerVPN, name=name, [email protected]
2021-11-05 00:27:43 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-11-05 00:27:43 [ServerVPN] Peer Connection Initiated with [AF_INET]11.11.11.1:12345
2021-11-05 00:27:44 MANAGEMENT: >STATE:1636072064,GET_CONFIG,,,,,,
2021-11-05 00:27:44 SENT CONTROL [ServerVPN]: 'PUSH_REQUEST' (status=1)
2021-11-05 00:27:44 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 11.11.11.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.6 10.10.10.5,peer-id 0,cipher AES-256-GCM'
2021-11-05 00:27:44 OPTIONS IMPORT: timers and/or timeouts modified
2021-11-05 00:27:44 OPTIONS IMPORT: --ifconfig/up options modified
2021-11-05 00:27:44 OPTIONS IMPORT: route options modified
2021-11-05 00:27:44 OPTIONS IMPORT: peer-id set
2021-11-05 00:27:44 OPTIONS IMPORT: adjusting link_mtu to 1659
2021-11-05 00:27:44 OPTIONS IMPORT: data channel crypto options modified
2021-11-05 00:27:44 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-11-05 00:27:44 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-11-05 00:27:44 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-11-05 00:27:44 interactive service msg_channel=576
2021-11-05 00:27:44 open_tun
2021-11-05 00:27:44 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-11-05 00:27:44 TAP-Windows Driver Version 9.24 
2021-11-05 00:27:44 Notified TAP-Windows driver to set a DHCP IP/netmask of 111.11.11.6/255.255.255.252 on interface {FB99E491-DFB2-4CE3-A64C-0FB99B07A718} [DHCP-serv: 10.10.10.5, lease-time: 31536000]
2021-11-05 00:27:44 Successful ARP Flush on interface [15] {FB99E491-DFB2-4CE3-A64C-0FB99B07A718}
2021-11-05 00:27:44 MANAGEMENT: >STATE:1636072064,ASSIGN_IP,,11.11.11.6,,,,
2021-11-05 00:27:44 IPv4 MTU set to 1500 on interface 15 using service
2021-11-05 00:27:49 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
2021-11-05 00:27:49 MANAGEMENT: >STATE:1636072069,ADD_ROUTES,,,,,,
2021-11-05 00:27:49 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.10.10.5
2021-11-05 00:27:49 Route addition via service succeeded
2021-11-05 00:27:49 C:\Windows\system32\route.exe ADD 11.11.11.0 MASK 255.255.255.0 10.10.10.5
2021-11-05 00:27:49 Route addition via service succeeded
2021-11-05 00:27:49 Initialization Sequence Completed
2021-11-05 00:27:49 MANAGEMENT: >STATE:1636072069,CONNECTED,SUCCESS,11.11.11.6,11.11.11.1,12345,11.1.2.15,53242
2021-11-05 00:28:11 read TCPv4_CLIENT: Unknown error (code=10060)
2021-11-05 00:28:11 Connection reset, restarting [-1]
2021-11-05 00:28:11 SIGUSR1[soft,connection-reset] received, process restarting
2021-11-05 00:28:11 MANAGEMENT: >STATE:1636072091,RECONNECTING,connection-reset,,,,,
2021-11-05 00:28:11 Restart pause, 5 second(s)
2021-11-05 00:28:16 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-11-05 00:28:16 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-11-05 00:28:16 TCP/UDP: Preserving recently used remote address: [AF_INET]11.11.11.1:12345
2021-11-05 00:28:16 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-11-05 00:28:16 Attempting to establish TCP connection with [AF_INET]11.11.11.1:12345 [nonblock]
2021-11-05 00:28:16 MANAGEMENT: >STATE:1636072096,TCP_CONNECT,,,,,,

服务器配置文件

dev-node "ServerVPN"
mode server
port 12345

proto tcp4-server
# tunnel mode, creates routed ip tunnel
dev tun

tls-server
#set to 0 for server and should be 1 on the clients
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

# Passing keys
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh2048.pem"

# range of address allocated for vpn network
server 11.11.11.1 255.255.255.0

# allowing client to see each other
client-to-client 
keepalive 11 120

#Encryption cypher chosen
cipher AES-128-CBC
comp-lzo

# will persist these when data connection is broken
persist-key
persist-tun 


client-config-dir "C:\\Program Files\\OpenVPN\\config"

verb 3

#time for creation
route-delay 5
route-method exe

#lets client know about the servers subnet
push "route 192.168.0.0 255.255.255.0"

#enables visability for the network server and client addresses
route 192.168.182.0 255.255.255.0

客户端配置文件

#address of the server to connect to
remote 11.11.11.1
client
#port for openVPN
port 12345

#protocol for OpenVPN
proto tcp4-client
dev tun

#transmission protocol
tls-client
#this is the client so 1 needs to be inputted
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1 
remote-cert-tls server

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

#Paths to keys
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"

#Choice of encryption cipher
cipher AES-128-CBC
comp-lzo

#Will persist these if connection is broken
persist-key
persist-tun

#debugging level
verb 3
mute 20

>STATE:1636148317, CONNECTED, SUCCESS, 11.11.11.6, 11.11.11.1, 12345, 11.0.2.15, 50033
read TCPv4_CLIENT: Unknown error (code=10060)
Connection reset, restarting [-1]
SIGUSR1[soft,connection-reset] received, process restarting
>STATE:1636148339,RECONNECTING, CONNECTION-RESET,,,,,
Restart Pause, 5 second(s)
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
TCP/UDP: Preserving recently used remote address: [AF_INET] 11.11.11.1:12345
Socket Buffers: R=[65536->65536] S=[65536->65536]
Attempting to establish TCP connection with [AF_INET] 11.11.11.1:12345 [nonblock]
>STATE:1636148344,TCP_CONNECT,,,,,,

相关内容