更新

更新

使用 Debian 11。

.ovpn我使用他们在网站上提供的文件、客户端密钥和证书设置了 Cyber​​Ghost VPN 。将所有文件复制到/etc/openvpn/.使用以下命令将允许我在终端中进行连接:

cd /etc/openvpn

sudo openvpn --config openvpn.ovpn

由于某种原因要成功连接,我必须位于/etc/openvpn目录中,否则会说找不到密钥和证书。

当我尝试通过设置中的 GUI(GNOME NetworkManager)进行连接时,连接立即失败。

运行sudo systemctl status NetworkManager出现如下错误:

Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: UID set to nm-openvpn
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: Initialization Sequence Completed
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: event_wait : Interrupted system call (code=4)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: net_addr_v4_del: 10.10.4.64 dev tun0
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info>  [1690369375.0903] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: started (4)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: Linux can't del IP from iface tun0
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info>  [1690369375.0905] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopping (5)
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info>  [1690369375.0905] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopped (6)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: SIGTERM[hard,] received, process exiting

sudo tail -f /var/log/syslog提供更多见解:

Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4656] audit: op="connection-activate" uuid="a278295b-7548-4b85-872a-437b96a2cc46" name="CyberGhost" pid=1975 uid=1000 result="success"
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4681] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: Started the VPN service, PID 6190
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4720] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: Saw the service appear; activating connection
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4979] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: starting (3)
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4979] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN connection: (ConnectInteractive) reply received
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: file '/etc/openvpn/client.key' is group or others accessible
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UDP link local: (not bound)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UDP link remote: [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1553'
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: [belgrade-rack403.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: TUN/TAP device tun0 opened
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 6190 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_6 --tun -- tun0 1500 1552 10.3.4.78 255.255.255.0 init
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8377] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/7)
Jul 26 13:30:16 debian-desktop systemd-udevd[6202]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8417] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN connection: (IP Config Get) reply received.
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8422] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: (IP4 Config Get) reply received
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8425] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: (IP6 Config Get) reply received
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <warn>  [1690371016.8425] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: invalid IP6 config received!
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <warn>  [1690371016.8426] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: did not receive valid IP config information
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: GID set to nm-openvpn
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UID set to nm-openvpn
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: Initialization Sequence Completed
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8438] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: started (4)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: event_wait : Interrupted system call (code=4)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: net_addr_v4_del: 10.3.4.78 dev tun0
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: Linux can't del IP from iface tun0
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8460] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopping (5)
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8461] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopped (6)
Jul 26 13:30:16 debian-desktop gnome-shell[1975]: Removing a network device that was not added
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: SIGTERM[hard,] received, process exiting

我相信这就是发生严重错误的地方:

invalid IP6 config received!
VPN connection: did not receive valid IP config information

该错误似乎出在 IPv6 配置中,但我不太确定原因。 Cyber​​Ghost 建议完全关闭 IPv6 并运行cat /proc/sys/net/ipv6/conf/all/disable_ipv6返回1,这意味着 IPv6 已禁用。启用 IPv6 也会导致同样的问题。

我从文件中导入了 GUI 中的连接.ovpn

软件包是最新的。

编辑:IPv6 在系统和 VPN 配置中被禁用(Cyber​​Ghost 建议禁用它)。所有其他设置均为默认设置。

更新

所以,对于那些像我一样花了几个小时试图解决这个问题的可怜人来说——这里有一个解决方案!问题在于network-manager-openvpnDebian 11 存在有关 IPv6 的错误。为了解决这个问题,我们将从不稳定分支安装更新版本。为此,请按照下列步骤操作:

将以下行添加到/etc/apt/sources.list

deb https://deb.debian.org/debian/ unstable main contrib non-free
deb-src https://deb.debian.org/debian/ unstable main contrib non-free

接下来,创建此文件:/etc/apt/preferences.d/99debian-unstable,向其中添加以下文本:

Package: *
Pin: release a=unstable
Pin-Priority: 50

添加此选项是为了防止系统从不稳定状态中提取所有软件包,并仅安装您指定的软件包。不稳定的软件包,特别是与稳定的软件包混合匹配,可能会损害系统的稳定性,并且从不建议安装它们,但这是唯一的解决方案。

跑步sudo apt update。如果您的系统在添加不稳定分支之前是最新的,并且此命令表示有软件包需要升级,请不要升级。如果发生这种情况,则意味着您没有正确设置首选项,如果您将整个稳定系统升级到不稳定分支,您最终将破坏它。

如果一切正常,请运行以下命令:

sudo apt install -t unstable network-manager-openvpn network-manager-openvpn-gnome

然后运行sudo systemctl restart NetworkManager

你应该可以走了!

相关内容