我正尝试使用 Macbook 上的 tunnelblick 连接到我在 pfSense 2.2.3 上创建的 openVPN 服务器。每当我尝试使用 OpenVPN 版本 2.3.6 或 2.3.7(此版本的 tunnelblick 上提供所有版本)进行连接时,openVPN 服务器都会收到启动 TCP 握手以建立连接的数据包,但从不响应它。我已将尝试连接时发生的情况的日志粘贴在下面。我不确定此时问题可能是什么,如果需要更多信息来帮助解决此问题,请告诉我。
> 2015-07-07 16:28:28 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)]
> [LZO] [PKCS11] [MH] [IPv6] built on Jun 12 2015 2015-07-07 16:28:28
> library versions: OpenSSL 1.0.2c 12 Jun 2015, LZO 2.09 2015-07-07
> 16:28:28 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
> 2015-07-07 16:28:28 Need hold release from management interface,
> waiting... 2015-07-07 16:28:26 *Tunnelblick: OS X 10.7.5; Tunnelblick
> 3.6beta06 (build 4346) 2015-07-07 16:28:27 *Tunnelblick: Attempting connection with config using shadow copy; Set nameserver = 1;
> monitoring connection 2015-07-07 16:28:27 *Tunnelblick: openvpnstart
> start config.tblk 1337 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6 2015-07-07
> 16:28:30 *Tunnelblick: openvpnstart log:
> OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
>
> /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
> --daemon
> --log
> /Library/Application Support/Tunnelblick/Logs/-SUsers-Scw-SLibrary-SApplication
> Support-STunnelblick-SConfigurations-Sconfig.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16688.1337.openvpn.log
> --cd
> /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
> --verb
> 3
> --config
> /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
> --cd
> /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
> --management
> 127.0.0.1
> 1337
> --management-query-passwords
> --management-hold
> --script-security
> 2
> --up
> /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
> -d -f -m -w -ptADGNWradsgnw
> --down
> /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh
> -d -f -m -w -ptADGNWradsgnw
>
> 2015-07-07 16:28:27 *Tunnelblick: openvpnstart starting OpenVPN
> 2015-07-07 16:28:30 MANAGEMENT: Client connected from
> [AF_INET]127.0.0.1:1337 2015-07-07 16:28:30 *Tunnelblick: Established
> communication with OpenVPN 2015-07-07 16:28:30 MANAGEMENT: CMD 'pid'
> 2015-07-07 16:28:30 MANAGEMENT: CMD 'state on' 2015-07-07 16:28:30
> MANAGEMENT: CMD 'state' 2015-07-07 16:28:30 MANAGEMENT: CMD 'bytecount
> 1' 2015-07-07 16:28:30 MANAGEMENT: CMD 'hold release' 2015-07-07
> 16:28:30 NOTE: the current --script-security setting may allow this
> configuration to call user-defined scripts 2015-07-07 16:28:30 Socket
> Buffers: R=[262140->65536] S=[131070->65536] 2015-07-07 16:28:30
> Attempting to establish TCP connection with
> [AF_INET]128.151.18.205:443 [nonblock] 2015-07-07 16:28:30 MANAGEMENT:
> >STATE:1436300910,TCP_CONNECT,,, 2015-07-07 16:28:40 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:28:45 MANAGEMENT:
> >STATE:1436300925,TCP_CONNECT,,, 2015-07-07 16:28:55 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:00 MANAGEMENT:
> >STATE:1436300940,TCP_CONNECT,,, 2015-07-07 16:29:10 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:15 MANAGEMENT:
> >STATE:1436300955,TCP_CONNECT,,, 2015-07-07 16:29:25 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:30 MANAGEMENT:
> >STATE:1436300970,TCP_CONNECT,,, 2015-07-07 16:29:40 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:41 *Tunnelblick: Disconnecting;
> VPN Details… window disconnect button pressed 2015-07-07 16:29:41
> *Tunnelblick: Disconnecting using 'kill' 2015-07-07 16:29:42 SIGTERM[hard,init_instance] received, process exiting 2015-07-07
> 16:29:42 MANAGEMENT: >STATE:1436300982,EXITING,init_instance,,
> 2015-07-07 16:29:43 *Tunnelblick: No 'post-disconnect.sh' script to
> execute 2015-07-07 16:29:43 *Tunnelblick: Expected disconnection
> occurred.
答案1
关于“接收数据包”,您看到了什么?它似乎根本没有响应。尝试远程登录到您运行 OpenVPN 的端口。
猜测也许你没有在 WAN 上添加防火墙规则以允许流量到达 OpenVPN 服务器实例,因此被阻止。如果是这种情况,你会在防火墙日志中看到这一点。
最好使用 UDP,而不是 TCP,除非出于某种原因需要使用 TCP。但这与当前问题无关。