使用 Debian 11。
.ovpn
我使用他们在网站上提供的文件、客户端密钥和证书设置了 CyberGhost VPN 。将所有文件复制到/etc/openvpn/
.使用以下命令将允许我在终端中进行连接:
cd /etc/openvpn
sudo openvpn --config openvpn.ovpn
由于某种原因要成功连接,我必须位于/etc/openvpn
目录中,否则会说找不到密钥和证书。
当我尝试通过设置中的 GUI(GNOME NetworkManager)进行连接时,连接立即失败。
运行sudo systemctl status NetworkManager
出现如下错误:
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: UID set to nm-openvpn
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: Initialization Sequence Completed
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: event_wait : Interrupted system call (code=4)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: net_addr_v4_del: 10.10.4.64 dev tun0
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info> [1690369375.0903] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: started (4)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: Linux can't del IP from iface tun0
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info> [1690369375.0905] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopping (5)
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info> [1690369375.0905] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopped (6)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: SIGTERM[hard,] received, process exiting
sudo tail -f /var/log/syslog
提供更多见解:
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.4656] audit: op="connection-activate" uuid="a278295b-7548-4b85-872a-437b96a2cc46" name="CyberGhost" pid=1975 uid=1000 result="success"
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.4681] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: Started the VPN service, PID 6190
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.4720] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: Saw the service appear; activating connection
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.4979] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: starting (3)
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.4979] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN connection: (ConnectInteractive) reply received
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: file '/etc/openvpn/client.key' is group or others accessible
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UDP link local: (not bound)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UDP link remote: [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1553'
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: [belgrade-rack403.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: TUN/TAP device tun0 opened
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 6190 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_6 --tun -- tun0 1500 1552 10.3.4.78 255.255.255.0 init
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.8377] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/7)
Jul 26 13:30:16 debian-desktop systemd-udevd[6202]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.8417] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN connection: (IP Config Get) reply received.
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.8422] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: (IP4 Config Get) reply received
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.8425] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: (IP6 Config Get) reply received
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <warn> [1690371016.8425] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: invalid IP6 config received!
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <warn> [1690371016.8426] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: did not receive valid IP config information
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: GID set to nm-openvpn
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UID set to nm-openvpn
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: Initialization Sequence Completed
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.8438] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: started (4)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: event_wait : Interrupted system call (code=4)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: net_addr_v4_del: 10.3.4.78 dev tun0
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: Linux can't del IP from iface tun0
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.8460] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopping (5)
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info> [1690371016.8461] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopped (6)
Jul 26 13:30:16 debian-desktop gnome-shell[1975]: Removing a network device that was not added
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: SIGTERM[hard,] received, process exiting
我相信这就是发生严重错误的地方:
invalid IP6 config received!
VPN connection: did not receive valid IP config information
该错误似乎出在 IPv6 配置中,但我不太确定原因。 CyberGhost 建议完全关闭 IPv6 并运行cat /proc/sys/net/ipv6/conf/all/disable_ipv6
返回1
,这意味着 IPv6 已禁用。启用 IPv6 也会导致同样的问题。
我从文件中导入了 GUI 中的连接.ovpn
。
软件包是最新的。
编辑:IPv6 在系统和 VPN 配置中被禁用(CyberGhost 建议禁用它)。所有其他设置均为默认设置。
更新
所以,对于那些像我一样花了几个小时试图解决这个问题的可怜人来说——这里有一个解决方案!问题在于network-manager-openvpn
Debian 11 存在有关 IPv6 的错误。为了解决这个问题,我们将从不稳定分支安装更新版本。为此,请按照下列步骤操作:
将以下行添加到/etc/apt/sources.list
:
deb https://deb.debian.org/debian/ unstable main contrib non-free
deb-src https://deb.debian.org/debian/ unstable main contrib non-free
接下来,创建此文件:/etc/apt/preferences.d/99debian-unstable
,向其中添加以下文本:
Package: *
Pin: release a=unstable
Pin-Priority: 50
添加此选项是为了防止系统从不稳定状态中提取所有软件包,并仅安装您指定的软件包。不稳定的软件包,特别是与稳定的软件包混合匹配,可能会损害系统的稳定性,并且从不建议安装它们,但这是唯一的解决方案。
跑步sudo apt update
。如果您的系统在添加不稳定分支之前是最新的,并且此命令表示有软件包需要升级,请不要升级。如果发生这种情况,则意味着您没有正确设置首选项,如果您将整个稳定系统升级到不稳定分支,您最终将破坏它。
如果一切正常,请运行以下命令:
sudo apt install -t unstable network-manager-openvpn network-manager-openvpn-gnome
然后运行sudo systemctl restart NetworkManager
你应该可以走了!