需要帮助在 Ubuntu 服务器上设置 OpenVPN

编辑：

好的，感谢大家的帮助，我取得了一些进展。我通过在接口文件中手动设置桥接器并编辑桥接启动和桥接停止脚本以仅添加/删除分接器接口来解决了桥接器的连接问题（请参阅下文了解这些文件的当前版本。）

现在我可以连接到服务器，但连接不断断开。这是密钥问题吗？我尝试重新生成密钥，但没有用。

尝试连接到我的服务器时来自 Tunnelbrick 的日志：

2010-09-19 10:08:05 *Tunnelblick: OS X 10.6.4; Tunnelblick 3.0 (build 1437); OpenVPN 2.1.1
2010-09-19 10:08:07 *Tunnelblick: Attempting connection with evan's apartment.conf; Set nameserver = 1; monitoring connection
2010-09-19 10:08:07 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start evan's\ apartment.conf 1338 1 0 0 0
2010-09-19 10:08:07 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpn --management-query-passwords --cd /Users/evan/Library/Application Support/Tunnelblick/Configurations --daemon --management-hold --management 127.0.0.1 1338 --config /Users/evan/Library/Application Support/Tunnelblick/Configurations/evan's apartment.conf --script-security 2 --up "/Applications/Tunnelblick.app/Contents/Resources/client.up.osx.sh" --down "/Applications/Tunnelblick.app/Contents/Resources/client.down.osx.sh" --up-restart
2010-09-19 10:08:07 SUCCESS: pid=2376
2010-09-19 10:08:07 SUCCESS: real-time state notification set to ON
2010-09-19 10:08:07 SUCCESS: real-time log notification set to ON
2010-09-19 10:08:07 OpenVPN 2.1.1 i386-apple-darwin10.2.0 [SSL] [LZO2] [PKCS11] built on Feb 24 2010
2010-09-19 10:08:07 MANAGEMENT: TCP Socket listening on 127.0.0.1:1338
2010-09-19 10:08:07  waiting...
2010-09-19 10:08:07 MANAGEMENT: Client connected from 127.0.0.1:1338
2010-09-19 10:08:07 MANAGEMENT: CMD 'pid'
2010-09-19 10:08:07 MANAGEMENT: CMD 'state on'
2010-09-19 10:08:07 MANAGEMENT: CMD 'log on all'
2010-09-19 10:08:07 END
2010-09-19 10:08:07 MANAGEMENT: CMD 'hold release'
2010-09-19 10:08:07 SUCCESS: hold release succeeded
2010-09-19 10:08:07 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2010-09-19 10:08:07 Control Channel Authentication: using '/Users/evan/VPN/ta.key' as a OpenVPN static key file
2010-09-19 10:08:07 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2010-09-19 10:08:07 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2010-09-19 10:08:07 LZO compression initialized
2010-09-19 10:08:07 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
2010-09-19 10:08:07 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
2010-09-19 10:08:07 Local Options hash (VER=V4): 'e39a3273'
2010-09-19 10:08:07 Expected Remote Options hash (VER=V4): '3c14feac'
2010-09-19 10:08:07  or --up-delay
2010-09-19 10:08:07 Attempting to establish TCP connection with 192.168.0.2:1194 [nonblock]
2010-09-19 10:08:07 
2010-09-19 10:08:08 TCP connection established with 192.168.0.2:1194
2010-09-19 10:08:08 Socket Buffers: R=[525624->65536] S=[131768->65536]
2010-09-19 10:08:08 TCPv4_CLIENT link local: [undef]
2010-09-19 10:08:08 TCPv4_CLIENT link remote: 192.168.0.2:1194
2010-09-19 10:08:08 
2010-09-19 10:08:08  restarting [0]
2010-09-19 10:08:08 TCP/UDP: Closing socket
2010-09-19 10:08:08  process restarting
2010-09-19 10:08:08 
2010-09-19 10:08:08 MANAGEMENT: CMD 'hold release'
2010-09-19 10:08:08 SUCCESS: hold release succeeded
2010-09-19 10:08:08 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2010-09-19 10:08:08 Re-using SSL/TLS context
2010-09-19 10:08:08 LZO compression initialized
2010-09-19 10:08:08 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
2010-09-19 10:08:08 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
2010-09-19 10:08:08 Local Options hash (VER=V4): 'e39a3273'
2010-09-19 10:08:08 Expected Remote Options hash (VER=V4): '3c14feac'
2010-09-19 10:08:08 Attempting to establish TCP connection with 192.168.0.2:1194 [nonblock]
2010-09-19 10:08:08 
2010-09-19 10:08:09 TCP connection established with 192.168.0.2:1194
2010-09-19 10:08:09 Socket Buffers: R=[525624->65536] S=[131768->65536]
2010-09-19 10:08:09 TCPv4_CLIENT link local: [undef]
2010-09-19 10:08:09 TCPv4_CLIENT link remote: 192.168.0.2:1194
2010-09-19 10:08:09 
2010-09-19 10:08:09  restarting [0] ... (just keeps repeating from here)

以下是我更改的更新文件：

接口

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1

# Bridge for OpenVPN
auto br0
iface br0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1
bridge_ports eth0

桥接启动

#!/bin/bash

#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.0.2"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.0.255"
eth_gateway="192.168.0.1"
eth_network="192.168.0.0"

for t in $tap; do
    openvpn --mktun --dev $t
done

#brctl addbr $br
#brctl addif $br $eth

for t in $tap; do
    brctl addif $br $t
done

for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done

ifconfig $eth 0.0.0.0 promisc up

#ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast gateway $eth_gateway

桥站

#!/bin/bash

####################################
# Tear Down Ethernet bridge on Linux
####################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged together
tap="tap0"

#ifconfig $br down
#brctl delbr $br

for t in $tap; do
    openvpn --rmtun --dev $t
done

我的 server.conf 文件看起来像 aleroot 建议的那样。

感谢您迄今为止的所有帮助，我想我现在已经很接近了:)。

原始问题：

我正在尝试让我的 Ubuntu 10.04 服务器充当 OpenVPN 服务器，这样我最终可以在工作时通过 samba 将数据挂载到我的笔记本电脑上。我已按照说明操作这里已经尝试过几次了，但都没有成功。

我相当确定问题与设置桥接器和 tap 接口有关。我之所以这么想，是因为一旦我设置了桥接器（使用这些脚本 - http openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernetbridging.html#linuxscript - 抱歉，我目前只能建立一个链接 :)）并启动服务器（启动时没有错误），我就会丢失我的 eth0 连接（当我运行 ifconfig 时，只有新的 br0 有 IP 地址）。此外，在启用桥接器后，我无法再通过 ssh 连接到我的服务器，当我停止 openvpn 服务器并运行 bridge-stop 脚本时，服务器会再次开始工作。

我觉得我对于哪个 IP 地址应该放在哪里感到困惑。

我的路由器有公共 IP 地址，假设它是 25.25.25.25，而我的 Ubuntu 服务器有静态 IP 地址 192.168.0.2（端口转发和一切工作正常，我可以从任何地方 ssh 进入，直到我运行桥接脚本或尝试 :)）。以下是我在上面指定的文件中使用的值，它们看起来正确吗？

从 bridge-start （完整文件链接至上方）

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.0.2"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.0.255"

来自 server.conf

local 192.168.0.2
dev tap0
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
;server 10.8.0.0 255.255.255.0
server-bridge 192.168.0.2 255.255.255.0 192.168.0.50 192.168.100
push "route 192.168.0.2 255.255.255.0"
push "dhcp-option DNS 192.168.0.1"
;push "dhcp-option DOMAIN example.com" <- commented not sure what i should use, the value is resolve.conf?
tls-auth ta.key 0 # This file is secret
user nobody
group nogroup

感谢您的帮助！！