Openvpn：看上去很干净，但不起作用

我的 openvpn 配置看起来很干净，但它不起作用。

我的server.conf：

proto udp
dev tun
ca keys/ca.crt
cert keys/bux-vpn-server.crt
key keys/bux-vpn-server.key  # This file should be kept secret
dh keys/dh1024.pem
server 10.66.77.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

当我执行：

/etc/openvpn# openvpn server.conf
Wed Feb 29 12:36:06 2012 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010
Wed Feb 29 12:36:06 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Feb 29 12:36:06 2012 Diffie-Hellman initialized with 1024 bit key
Wed Feb 29 12:36:06 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Wed Feb 29 12:36:06 2012 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Feb 29 12:36:06 2012 Socket Buffers: R=[124928->131072] S=[124928->131072]
Wed Feb 29 12:36:06 2012 ROUTE default_gateway=188.165.248.254
Wed Feb 29 12:36:06 2012 TUN/TAP device tun0 opened
Wed Feb 29 12:36:06 2012 TUN/TAP TX queue length set to 100
Wed Feb 29 12:36:06 2012 /sbin/ifconfig tun0 10.66.77.1 pointopoint 10.66.77.2 mtu 1500
Wed Feb 29 12:36:06 2012 /sbin/route add -net 10.66.77.0 netmask 255.255.255.0 gw 10.66.77.2
Wed Feb 29 12:36:06 2012 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Feb 29 12:36:06 2012 GID set to nogroup
Wed Feb 29 12:36:06 2012 UID set to nobody
Wed Feb 29 12:36:06 2012 UDPv4 link local (bound): [undef]
Wed Feb 29 12:36:06 2012 UDPv4 link remote: [undef]
Wed Feb 29 12:36:06 2012 MULTI: multi_init called, r=256 v=256
Wed Feb 29 12:36:06 2012 IFCONFIG POOL: base=10.66.77.4 size=62
Wed Feb 29 12:36:06 2012 IFCONFIG POOL LIST
Wed Feb 29 12:36:06 2012 bux,10.66.77.4
Wed Feb 29 12:36:06 2012 Initialization Sequence Completed

如果我与客户联系：

Wed Feb 29 12:37:30 2012 MULTI: multi_create_instance called
Wed Feb 29 12:37:30 2012 82.249.148.88:59397 Re-using SSL/TLS context
Wed Feb 29 12:37:30 2012 82.249.148.88:59397 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Feb 29 12:37:30 2012 82.249.148.88:59397 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Wed Feb 29 12:37:30 2012 82.249.148.88:59397 Local Options hash (VER=V4): '239669a8'
Wed Feb 29 12:37:30 2012 82.249.148.88:59397 Expected Remote Options hash (VER=V4): '3514370b'
Wed Feb 29 12:37:30 2012 82.249.148.88:59397 TLS: Initial packet from [AF_INET]82.249.148.88:59397, sid=3298ab9d 116d730e
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 VERIFY OK: depth=1, /C=FR/ST=FR/L=Paris/O=bux/CN=bux-CA/[email protected]
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 VERIFY OK: depth=0, /C=FR/ST=FR/L=Peyruis/O=bux/CN=bux/[email protected]
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 29 12:37:31 2012 82.249.148.88:59397 [bux] Peer Connection Initiated with [AF_INET]82.249.148.88:59397
Wed Feb 29 12:37:31 2012 bux/82.249.148.88:59397 MULTI: Learn: 10.66.77.6 -> bux/82.249.148.88:59397
Wed Feb 29 12:37:31 2012 bux/82.249.148.88:59397 MULTI: primary virtual IP for bux/82.249.148.88:59397: 10.66.77.6
Wed Feb 29 12:37:34 2012 bux/82.249.148.88:59397 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 29 12:37:34 2012 bux/82.249.148.88:59397 SENT CONTROL [bux]: 'PUSH_REPLY,route 10.66.77.1,topology net30,ping 10,ping-restart 120,ifconfig 10.66.77.6 10.66.77.5' (status=1)

我的客户端配置：

client
dev tun
proto udp
remote 188.165.xxx.xxx 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
ca /home/bux/openvpn/ca.crt
cert /home/bux/openvpn/bux.crt
key /home/bux/openvpn/bux.key
ns-cert-type server
comp-lzo
verb 3

我的客户端上已建立连接，但无法使用。我的配置有问题吗？

编辑2：看来服务器配置中缺少 comp-lzo。现在我可以成功 ping 10.66.77.1。