我使用本手册在我的 openSuse 13.1 服务器上安装了 OpenVPN: http://en.opensuse.org/SDB:OpenVPN_Installation_and_Setup
连接正在通过 OpenVPN 进行,但我无法使用互联网连接,甚至无法“ping”。这是我的openvpn.log
:
OpenVPN 2.3.2 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 31 2013
Diffie-Hellman initialized with 2048 bit key
Socket Buffers: R=[133120->131072] S=[133120->131072]
ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/bin/ip link set dev tun0 up mtu 1500
/bin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
/bin/ip route add 10.8.0.0/24 via 10.8.0.2
UDPv4 link local (bound): [undef]
UDPv4 link remote: [undef]
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
succeeded -> ifconfig_pool_set()
IFCONFIG POOL LIST
client1,10.8.0.4
Initialization Sequence Completed
<CLIENTIP>:36786 TLS: Initial packet from [AF_INET]<CLIENTIP>:36786, sid=a5fdbace 3c834a63
<CLIENTIP>:36786 VERIFY OK: ...
<CLIENTIP>:36786 VERIFY OK: ...
<CLIENTIP>:36786 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1541'
<CLIENTIP>:36786 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
<CLIENTIP>:36786 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
<CLIENTIP>:36786 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
<CLIENTIP>:36786 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
<CLIENTIP>:36786 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
<CLIENTIP>:36786 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
<CLIENTIP>:36786 [client1] Peer Connection Initiated with [AF_INET]<CLIENTIP>:36786
client1/<CLIENTIP>:36786 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
client1/<CLIENTIP>:36786 MULTI: Learn: 10.8.0.6 -> client1/<CLIENTIP>:36786
client1/<CLIENTIP>:36786 MULTI: primary virtual IP for client1/<CLIENTIP>:36786: 10.8.0.6
client1/<CLIENTIP>:36786 PUSH: Received control message: 'PUSH_REQUEST'
client1/<CLIENTIP>:36786 send_push_reply(): safe_cap=940
client1/<CLIENTIP>:36786 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
client1/<CLIENTIP>:36786 Bad LZO decompression header byte: 69
<CLIENTIP>:54604 TLS: Initial packet from [AF_INET]<CLIENTIP>:54604, sid=207f49f9 3812e793
<CLIENTIP>:54604 VERIFY OK: ...
<CLIENTIP>:54604 VERIFY OK: ...
<CLIENTIP>:54604 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
<CLIENTIP>:54604 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
<CLIENTIP>:54604 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
<CLIENTIP>:54604 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
<CLIENTIP>:54604 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
<CLIENTIP>:54604 [client1] Peer Connection Initiated with [AF_INET]<CLIENTIP>:54604
MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
MULTI: Learn: 10.8.0.6 -> client1/<CLIENTIP>:54604
MULTI: primary virtual IP for client1/<CLIENTIP>:54604: 10.8.0.6
client1/<CLIENTIP>:54604 PUSH: Received control message: 'PUSH_REQUEST'
client1/<CLIENTIP>:54604 send_push_reply(): safe_cap=940
client1/<CLIENTIP>:54604 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
client1/<CLIENTIP>:54604 [client1] Inactivity timeout (--ping-restart), restarting
client1/<CLIENTIP>:54604 SIGUSR1[soft,ping-restart] received, client-instance restarting
<CLIENTIP>:54161 TLS: Initial packet from [AF_INET]<CLIENTIP>:54161, sid=8662a123 43e0e3f6
<CLIENTIP>:54161 VERIFY OK: ...
<CLIENTIP>:54161 VERIFY OK: ...
<CLIENTIP>:54161 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
<CLIENTIP>:54161 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
<CLIENTIP>:54161 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
<CLIENTIP>:54161 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
<CLIENTIP>:54161 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
<CLIENTIP>:54161 [client1] Peer Connection Initiated with [AF_INET]<CLIENTIP>:54161
client1/<CLIENTIP>:54161 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
client1/<CLIENTIP>:54161 MULTI: Learn: 10.8.0.6 -> client1/<CLIENTIP>:54161
client1/<CLIENTIP>:54161 MULTI: primary virtual IP for client1/<CLIENTIP>:54161: 10.8.0.6
client1/<CLIENTIP>:54161 PUSH: Received control message: 'PUSH_REQUEST'
client1/<CLIENTIP>:54161 send_push_reply(): safe_cap=940
client1/<CLIENTIP>:54161 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)