自从我上次系统更新以来,现有的 OpenVPN 连接停止工作,因为它开始请求“私钥密码”(请注意,这不是“用户密码”,正如应该的那样)。
如果我测试连接或配置,OpenVPN 会随时询问我:
Enter Private Key Password: (press TAB for no echo)
嗯,我没有钥匙密码,多年来从未需要过它。我确实有我的用户密码并且配置正确(并且已经工作多年)。
OpenVPN 或 OpenSSL 中是否有任何变化可能导致行为改变?
我怎样才能进一步诊断,也许,从我的客户端解决这个问题(我将无法接触服务器)?
我正在使用 OpenSUSE Tumbleweed 20230409
相关包:
S | Name | Type | Version | Arch | Repository
--+-----------------------+---------+------------+--------+----------------------
i | libopenssl1_1 | package | 1.1.1t-3.1 | x86_64 | Main Repository (OSS)
i | libopenssl3 | package | 3.0.8-2.4 | x86_64 | Main Repository (OSS)
i | libopenssl3-x86-64-v3 | package | 3.0.8-2.4 | x86_64 | Main Repository (OSS)
i | openssl | package | 3.0.8-1.2 | noarch | Main Repository (OSS)
i | openssl-1_1 | package | 1.1.1t-3.1 | x86_64 | Main Repository (OSS)
i | openssl-3 | package | 3.0.8-2.4 | x86_64 | Main Repository (OSS)
i | openvpn | package | 2.5.9-1.2 | x86_64 | Main Repository (OSS)
配置非常简单:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-128-GCM
auth SHA1
tls-client
client
resolv-retry infinite
remote remote.server.com 1194 udp
lport 0
verify-x509-name "remote.server.com" name
auth-user-pass
pkcs12 '/etc/openvpn/my-server-vpn-UDP4-1194-remote.server.com.p12'
tls-auth '/etc/openvpn/my-server-vpn-UDP4-1194-remote.server.com-tls.key' 1
remote-cert-tls server
comp-lzo adaptive
auth-nocache
reneg-sec 36000
keepalive 10 60
auth-user-pass '/etc/openvpn/user-auth'
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
script-security 2
up /etc/openvpn/client.up
up-restart
down /etc/openvpn/client.down
down-pre
完整输出:
localhost:/etc/openvpn # openvpn --verb 6 --config /etc/openvpn/my_server_vpn.conf
2023-04-14 14:48:06 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2023-04-14 14:48:06 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-04-14 14:48:06 us=623497 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-04-14 14:48:06 us=629459 Current Parameter Settings:
2023-04-14 14:48:06 us=629501 config = '/etc/openvpn/my_server_vpn.conf'
2023-04-14 14:48:06 us=629517 mode = 0
2023-04-14 14:48:06 us=629531 persist_config = DISABLED
2023-04-14 14:48:06 us=629543 persist_mode = 1
2023-04-14 14:48:06 us=629557 show_ciphers = DISABLED
2023-04-14 14:48:06 us=629570 show_digests = DISABLED
2023-04-14 14:48:06 us=629584 show_engines = DISABLED
2023-04-14 14:48:06 us=629596 genkey = DISABLED
2023-04-14 14:48:06 us=629609 genkey_filename = '[UNDEF]'
2023-04-14 14:48:06 us=629623 key_pass_file = '[UNDEF]'
2023-04-14 14:48:06 us=629636 show_tls_ciphers = DISABLED
2023-04-14 14:48:06 us=629652 connect_retry_max = 0
2023-04-14 14:48:06 us=629668 Connection profiles [0]:
2023-04-14 14:48:06 us=629683 proto = udp
2023-04-14 14:48:06 us=629697 local = '[UNDEF]'
2023-04-14 14:48:06 us=629711 local_port = '0'
2023-04-14 14:48:06 us=629725 remote = 'remote.server.com'
2023-04-14 14:48:06 us=629738 remote_port = '1194'
2023-04-14 14:48:06 us=629752 remote_float = DISABLED
2023-04-14 14:48:06 us=629765 bind_defined = DISABLED
2023-04-14 14:48:06 us=629779 bind_local = ENABLED
2023-04-14 14:48:06 us=629792 bind_ipv6_only = DISABLED
2023-04-14 14:48:06 us=629806 connect_retry_seconds = 5
2023-04-14 14:48:06 us=629820 connect_timeout = 120
2023-04-14 14:48:06 us=629834 socks_proxy_server = '[UNDEF]'
2023-04-14 14:48:06 us=629847 socks_proxy_port = '[UNDEF]'
2023-04-14 14:48:06 us=629861 tun_mtu = 1500
2023-04-14 14:48:06 us=629874 tun_mtu_defined = ENABLED
2023-04-14 14:48:06 us=629888 link_mtu = 1500
2023-04-14 14:48:06 us=629901 link_mtu_defined = DISABLED
2023-04-14 14:48:06 us=629915 tun_mtu_extra = 0
2023-04-14 14:48:06 us=629929 tun_mtu_extra_defined = DISABLED
2023-04-14 14:48:06 us=629943 mtu_discover_type = -1
2023-04-14 14:48:06 us=629956 fragment = 0
2023-04-14 14:48:06 us=629970 mssfix = 1450
2023-04-14 14:48:06 us=629984 explicit_exit_notification = 0
2023-04-14 14:48:06 us=629997 tls_auth_file = '[INLINE]'
2023-04-14 14:48:06 us=630011 key_direction = 1
2023-04-14 14:48:06 us=630024 tls_crypt_file = '[UNDEF]'
2023-04-14 14:48:06 us=630038 tls_crypt_v2_file = '[UNDEF]'
2023-04-14 14:48:06 us=630052 Connection profiles END
2023-04-14 14:48:06 us=630065 remote_random = DISABLED
2023-04-14 14:48:06 us=630079 ipchange = '[UNDEF]'
2023-04-14 14:48:06 us=630092 dev = 'tun'
2023-04-14 14:48:06 us=630106 dev_type = '[UNDEF]'
2023-04-14 14:48:06 us=630119 dev_node = '[UNDEF]'
2023-04-14 14:48:06 us=630133 lladdr = '[UNDEF]'
2023-04-14 14:48:06 us=630147 topology = 1
2023-04-14 14:48:06 us=630160 ifconfig_local = '[UNDEF]'
2023-04-14 14:48:06 us=630174 ifconfig_remote_netmask = '[UNDEF]'
2023-04-14 14:48:06 us=630188 ifconfig_noexec = DISABLED
2023-04-14 14:48:06 us=630201 ifconfig_nowarn = DISABLED
2023-04-14 14:48:06 us=630214 ifconfig_ipv6_local = '[UNDEF]'
2023-04-14 14:48:06 us=630228 ifconfig_ipv6_netbits = 0
2023-04-14 14:48:06 us=630241 ifconfig_ipv6_remote = '[UNDEF]'
2023-04-14 14:48:06 us=630255 shaper = 0
2023-04-14 14:48:06 us=630269 mtu_test = 0
2023-04-14 14:48:06 us=630282 mlock = DISABLED
2023-04-14 14:48:06 us=630296 keepalive_ping = 10
2023-04-14 14:48:06 us=630309 keepalive_timeout = 60
2023-04-14 14:48:06 us=630323 inactivity_timeout = 0
2023-04-14 14:48:06 us=630336 inactivity_minimum_bytes = 0
2023-04-14 14:48:06 us=630350 ping_send_timeout = 10
2023-04-14 14:48:06 us=630363 ping_rec_timeout = 60
2023-04-14 14:48:06 us=630377 ping_rec_timeout_action = 2
2023-04-14 14:48:06 us=630390 ping_timer_remote = DISABLED
2023-04-14 14:48:06 us=630404 remap_sigusr1 = 0
2023-04-14 14:48:06 us=630417 persist_tun = ENABLED
2023-04-14 14:48:06 us=630431 persist_local_ip = DISABLED
2023-04-14 14:48:06 us=630444 persist_remote_ip = DISABLED
2023-04-14 14:48:06 us=630458 persist_key = ENABLED
2023-04-14 14:48:06 us=630471 passtos = DISABLED
2023-04-14 14:48:06 us=630484 resolve_retry_seconds = 1000000000
2023-04-14 14:48:06 us=630498 resolve_in_advance = DISABLED
2023-04-14 14:48:06 us=630511 username = '[UNDEF]'
2023-04-14 14:48:06 us=630525 groupname = '[UNDEF]'
2023-04-14 14:48:06 us=630538 chroot_dir = '[UNDEF]'
2023-04-14 14:48:06 us=630552 cd_dir = '[UNDEF]'
2023-04-14 14:48:06 us=630565 writepid = '[UNDEF]'
2023-04-14 14:48:06 us=630578 up_script = '/etc/openvpn/client.up'
2023-04-14 14:48:06 us=630592 down_script = '/etc/openvpn/client.down'
2023-04-14 14:48:06 us=630606 down_pre = ENABLED
2023-04-14 14:48:06 us=630620 up_restart = ENABLED
2023-04-14 14:48:06 us=630633 up_delay = DISABLED
2023-04-14 14:48:06 us=630646 daemon = DISABLED
2023-04-14 14:48:06 us=630660 inetd = 0
2023-04-14 14:48:06 us=630673 log = DISABLED
2023-04-14 14:48:06 us=630687 suppress_timestamps = DISABLED
2023-04-14 14:48:06 us=630700 machine_readable_output = DISABLED
2023-04-14 14:48:06 us=630714 nice = 0
2023-04-14 14:48:06 us=630734 verbosity = 6
2023-04-14 14:48:06 us=630748 mute = 0
2023-04-14 14:48:06 us=630762 gremlin = 0
2023-04-14 14:48:06 us=630776 status_file = '[UNDEF]'
2023-04-14 14:48:06 us=630790 status_file_version = 1
2023-04-14 14:48:06 us=630814 status_file_update_freq = 60
2023-04-14 14:48:06 us=630839 occ = ENABLED
2023-04-14 14:48:06 us=630860 rcvbuf = 0
2023-04-14 14:48:06 us=630880 sndbuf = 0
2023-04-14 14:48:06 us=630899 mark = 0
2023-04-14 14:48:06 us=630918 sockflags = 0
2023-04-14 14:48:06 us=630937 fast_io = DISABLED
2023-04-14 14:48:06 us=630957 comp.alg = 2
2023-04-14 14:48:06 us=630980 comp.flags = 1
2023-04-14 14:48:06 us=631002 route_script = '[UNDEF]'
2023-04-14 14:48:06 us=631022 route_default_gateway = '[UNDEF]'
2023-04-14 14:48:06 us=631043 route_default_metric = 0
2023-04-14 14:48:06 us=631066 route_noexec = DISABLED
2023-04-14 14:48:06 us=631089 route_delay = 0
2023-04-14 14:48:06 us=631115 route_delay_window = 30
2023-04-14 14:48:06 us=631142 route_delay_defined = DISABLED
2023-04-14 14:48:06 us=631169 route_nopull = DISABLED
2023-04-14 14:48:06 us=631194 route_gateway_via_dhcp = DISABLED
2023-04-14 14:48:06 us=631220 allow_pull_fqdn = DISABLED
2023-04-14 14:48:06 us=631241 management_addr = '[UNDEF]'
2023-04-14 14:48:06 us=631263 management_port = '[UNDEF]'
2023-04-14 14:48:06 us=631284 management_user_pass = '[UNDEF]'
2023-04-14 14:48:06 us=631305 management_log_history_cache = 250
2023-04-14 14:48:06 us=631331 management_echo_buffer_size = 100
2023-04-14 14:48:06 us=631357 management_write_peer_info_file = '[UNDEF]'
2023-04-14 14:48:06 us=631385 management_client_user = '[UNDEF]'
2023-04-14 14:48:06 us=631411 management_client_group = '[UNDEF]'
2023-04-14 14:48:06 us=631437 management_flags = 0
2023-04-14 14:48:06 us=631466 shared_secret_file = '[UNDEF]'
2023-04-14 14:48:06 us=631490 key_direction = 1
2023-04-14 14:48:06 us=631515 ciphername = 'AES-256-CBC'
2023-04-14 14:48:06 us=631538 ncp_enabled = ENABLED
2023-04-14 14:48:06 us=631563 ncp_ciphers = 'AES-128-GCM:AES-256-CBC'
2023-04-14 14:48:06 us=631591 authname = 'SHA1'
2023-04-14 14:48:06 us=631620 prng_hash = 'SHA1'
2023-04-14 14:48:06 us=631643 prng_nonce_secret_len = 16
2023-04-14 14:48:06 us=631668 keysize = 0
2023-04-14 14:48:06 us=631695 engine = DISABLED
2023-04-14 14:48:06 us=631721 replay = ENABLED
2023-04-14 14:48:06 us=631747 mute_replay_warnings = DISABLED
2023-04-14 14:48:06 us=631773 replay_window = 64
2023-04-14 14:48:06 us=631800 replay_time = 15
2023-04-14 14:48:06 us=631825 packet_id_file = '[UNDEF]'
2023-04-14 14:48:06 us=631851 test_crypto = DISABLED
2023-04-14 14:48:06 us=631878 tls_server = DISABLED
2023-04-14 14:48:06 us=631900 tls_client = ENABLED
2023-04-14 14:48:06 us=631924 ca_file = '[UNDEF]'
2023-04-14 14:48:06 us=631947 ca_path = '[UNDEF]'
2023-04-14 14:48:06 us=631971 dh_file = '[UNDEF]'
2023-04-14 14:48:06 us=631995 cert_file = '[UNDEF]'
2023-04-14 14:48:06 us=632022 extra_certs_file = '[UNDEF]'
2023-04-14 14:48:06 us=632052 priv_key_file = '[UNDEF]'
2023-04-14 14:48:06 us=632076 pkcs12_file = '/etc/openvpn/my-server-vpn-UDP4-1194-remote.server.com.p12'
2023-04-14 14:48:06 us=632133 cipher_list = '[UNDEF]'
2023-04-14 14:48:06 us=632163 cipher_list_tls13 = '[UNDEF]'
2023-04-14 14:48:06 us=632191 tls_cert_profile = '[UNDEF]'
2023-04-14 14:48:06 us=632214 tls_verify = '[UNDEF]'
2023-04-14 14:48:06 us=632238 tls_export_cert = '[UNDEF]'
2023-04-14 14:48:06 us=632261 verify_x509_type = 2
2023-04-14 14:48:06 us=632286 verify_x509_name = 'remote.server.com'
2023-04-14 14:48:06 us=632312 crl_file = '[UNDEF]'
2023-04-14 14:48:06 us=632338 ns_cert_type = 0
2023-04-14 14:48:06 us=632365 remote_cert_ku[i] = 65535
2023-04-14 14:48:06 us=632393 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632420 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632447 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632474 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632511 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632531 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632550 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632571 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632588 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632606 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632628 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632649 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632661 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632671 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632681 remote_cert_ku[i] = 0
2023-04-14 14:48:06 us=632692 remote_cert_eku = 'TLS Web Server Authentication'
2023-04-14 14:48:06 us=632702 ssl_flags = 0
2023-04-14 14:48:06 us=632713 tls_timeout = 2
2023-04-14 14:48:06 us=632724 renegotiate_bytes = -1
2023-04-14 14:48:06 us=632734 renegotiate_packets = 0
2023-04-14 14:48:06 us=632745 renegotiate_seconds = 36000
2023-04-14 14:48:06 us=632755 handshake_window = 60
2023-04-14 14:48:06 us=632765 transition_window = 3600
2023-04-14 14:48:06 us=632775 single_session = DISABLED
2023-04-14 14:48:06 us=632786 push_peer_info = DISABLED
2023-04-14 14:48:06 us=632796 tls_exit = DISABLED
2023-04-14 14:48:06 us=632807 tls_crypt_v2_metadata = '[UNDEF]'
2023-04-14 14:48:06 us=632817 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632828 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632838 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632848 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632859 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632870 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632880 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632890 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632900 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632911 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632921 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632932 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632943 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632953 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632963 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632974 pkcs11_protected_authentication = DISABLED
2023-04-14 14:48:06 us=632985 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=632995 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633006 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633017 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633036 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633053 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633074 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633090 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633101 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633111 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633122 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633132 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633142 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633153 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633163 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633173 pkcs11_private_mode = 00000000
2023-04-14 14:48:06 us=633184 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633194 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633204 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633215 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633225 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633238 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633259 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633280 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633294 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633305 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633315 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633325 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633335 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633346 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633356 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633366 pkcs11_cert_private = DISABLED
2023-04-14 14:48:06 us=633376 pkcs11_pin_cache_period = -1
2023-04-14 14:48:06 us=633385 pkcs11_id = '[UNDEF]'
2023-04-14 14:48:06 us=633400 pkcs11_id_management = DISABLED
2023-04-14 14:48:06 us=633423 server_network = 0.0.0.0
2023-04-14 14:48:06 us=633445 server_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633468 server_network_ipv6 = ::
2023-04-14 14:48:06 us=633479 server_netbits_ipv6 = 0
2023-04-14 14:48:06 us=633490 server_bridge_ip = 0.0.0.0
2023-04-14 14:48:06 us=633501 server_bridge_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633512 server_bridge_pool_start = 0.0.0.0
2023-04-14 14:48:06 us=633523 server_bridge_pool_end = 0.0.0.0
2023-04-14 14:48:06 us=633534 ifconfig_pool_defined = DISABLED
2023-04-14 14:48:06 us=633545 ifconfig_pool_start = 0.0.0.0
2023-04-14 14:48:06 us=633560 ifconfig_pool_end = 0.0.0.0
2023-04-14 14:48:06 us=633582 ifconfig_pool_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633604 ifconfig_pool_persist_filename = '[UNDEF]'
2023-04-14 14:48:06 us=633626 ifconfig_pool_persist_refresh_freq = 600
2023-04-14 14:48:06 us=633642 ifconfig_ipv6_pool_defined = DISABLED
2023-04-14 14:48:06 us=633658 ifconfig_ipv6_pool_base = ::
2023-04-14 14:48:06 us=633674 ifconfig_ipv6_pool_netbits = 0
2023-04-14 14:48:06 us=633690 n_bcast_buf = 256
2023-04-14 14:48:06 us=633707 tcp_queue_limit = 64
2023-04-14 14:48:06 us=633722 real_hash_size = 256
2023-04-14 14:48:06 us=633742 virtual_hash_size = 256
2023-04-14 14:48:06 us=633761 client_connect_script = '[UNDEF]'
2023-04-14 14:48:06 us=633780 learn_address_script = '[UNDEF]'
2023-04-14 14:48:06 us=633800 client_disconnect_script = '[UNDEF]'
2023-04-14 14:48:06 us=633819 client_config_dir = '[UNDEF]'
2023-04-14 14:48:06 us=633838 ccd_exclusive = DISABLED
2023-04-14 14:48:06 us=633856 tmp_dir = '/tmp'
2023-04-14 14:48:06 us=633879 push_ifconfig_defined = DISABLED
2023-04-14 14:48:06 us=633927 push_ifconfig_local = 0.0.0.0
2023-04-14 14:48:06 us=633948 push_ifconfig_remote_netmask = 0.0.0.0
2023-04-14 14:48:06 us=633969 push_ifconfig_ipv6_defined = DISABLED
2023-04-14 14:48:06 us=633991 push_ifconfig_ipv6_local = ::/0
2023-04-14 14:48:06 us=634011 push_ifconfig_ipv6_remote = ::
2023-04-14 14:48:06 us=634034 enable_c2c = DISABLED
2023-04-14 14:48:06 us=634051 duplicate_cn = DISABLED
2023-04-14 14:48:06 us=634067 cf_max = 0
2023-04-14 14:48:06 us=634085 cf_per = 0
2023-04-14 14:48:06 us=634102 max_clients = 1024
2023-04-14 14:48:06 us=634120 max_routes_per_client = 256
2023-04-14 14:48:06 us=634137 auth_user_pass_verify_script = '[UNDEF]'
2023-04-14 14:48:06 us=634161 auth_user_pass_verify_script_via_file = DISABLED
2023-04-14 14:48:06 us=634180 auth_token_generate = DISABLED
2023-04-14 14:48:06 us=634197 auth_token_lifetime = 0
2023-04-14 14:48:06 us=634215 auth_token_secret_file = '[UNDEF]'
2023-04-14 14:48:06 us=634233 port_share_host = '[UNDEF]'
2023-04-14 14:48:06 us=634257 port_share_port = '[UNDEF]'
2023-04-14 14:48:06 us=634280 vlan_tagging = DISABLED
2023-04-14 14:48:06 us=634299 vlan_accept = all
2023-04-14 14:48:06 us=634320 vlan_pvid = 1
2023-04-14 14:48:06 us=634341 client = ENABLED
2023-04-14 14:48:06 us=634364 pull = ENABLED
2023-04-14 14:48:06 us=634383 auth_user_pass_file = '/etc/openvpn/user-auth'
2023-04-14 14:48:06 us=634406 OpenVPN 2.5.9 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 14 2023
2023-04-14 14:48:06 us=634450 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-04-14 14:48:06 us=634748 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Enter Private Key Password: (press TAB for no echo)
Failed to query password: Timer expired
2023-04-14 14:49:36 us=737917 ERROR: Failed retrieving username or password
2023-04-14 14:49:36 us=738065 Exiting due to fatal error
谢谢大家。
答案1
好吧,答案已经在这里很长时间了,我不够聪明,无法理解它:
https://www.reddit.com/r/sysadmin/comments/z9miwu/suddenly_openvpn_client_asks_about_private_key/ https://bbs.archlinux.org/viewtopic.php?id=280970
sudoedit /etc/ssl/openssl.cnf
然后适应这些变化:
[provider_sect]
default = default_sect
legacy = legacy_sect # Add this.
# The fips section name should match the section name inside the
# included fipsmodule.cnf.
# fips = fips_sect
# If no providers are activated explicitly, the default one is activated implicitly.
# See man 7 OSSL_PROVIDER-default for more details.
#
# If you add a section explicitly activating any other provider(s), you most
# probably need to explicitly activate the default provider, otherwise it
# becomes unavailable in openssl. As a consequence applications depending on
# OpenSSL may not work correctly which could lead to significant system
# problems including inability to remotely access the system.
[default_sect]
# activate = 1 # Enable this.
activate = 1
[legacy_sect] # Add these.
activate = 1
重新启动并完成。