无法在 OpenBSD 上使用 VPN 上网

无法在 OpenBSD 上使用 VPN 上网

我使用的是 OpenBSD 5.7-amd64,并应用了最新的补丁。

我使用以下命令下载并安装了适用于 OpenBSD 5.7 的 OpenVPN(软件包版本:openvpn-2.3.6.tgz):

sudo pkg_add -vi openvpn

我更改为 .ovpn 文件所在的目录:

cd openvpn-configs

我选择一个 ovpn 文件(例如 uk.ovpn)并输入以下命令:

sudo openvpn uk.ovpn

我的终端上闪现出一行行文字,最后出现以下消息:

Initialization Sequence Completed

表明我已连接到英国服务器。

我启动 Firefox 并输入 URL。

浏览器中什么也没有出现。

我打开另一个终端并输入:

ping microsoft.com

没有记录 ping。

怎么了?


为了响应 mjturner 提供更多信息的请求,以下是更多详细信息。

请注意,在安装操作系统期间,OpenBSD 提供的基本 pf 防火墙默认启用。而且在安装操作系统的过程中,当被问及是否配置/开启IPv6时,我回答“否”。

VPN连接日志详情:

Tue Jul 14 00:00:17 2015 OpenVPN 2.3.6 x86_64-unknown-openbsd5.7 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Mar  7 2015
Tue Jul 14 00:00:17 2015 library versions: LibreSSL 2.1, LZO 2.08
Tue Jul 14 00:00:17 2015 WARNING: file 'auth.txt' is group or others accessible
Tue Jul 14 00:00:17 2015 Socket Buffers: R=[41600->65536] S=[9216->65536]
Tue Jul 14 00:00:17 2015 UDPv4 link local: [undef]
Tue Jul 14 00:00:17 2015 UDPv4 link remote: [AF_INET]111.222.333.444:443
Tue Jul 14 00:00:19 2015 TLS: Initial packet from [AF_INET]111.222.333.444:443, sid=16-alphanumeric-string
Tue Jul 14 00:00:19 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 14 00:00:20 2015 VERIFY OK: depth=1, [particulars of commercial VPN service provider]
Tue Jul 14 00:00:20 2015 Validating certificate key usage
Tue Jul 14 00:00:20 2015 ++ Certificate has key usage  00a0, expects 00a0
Tue Jul 14 00:00:20 2015 VERIFY KU OK
Tue Jul 14 00:00:20 2015 Validating certificate extended key usage
Tue Jul 14 00:00:20 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 14 00:00:20 2015 VERIFY EKU OK
Tue Jul 14 00:00:20 2015 VERIFY OK: depth=0, [particulars of commercial VPN service provider]
Tue Jul 14 00:00:21 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 14 00:00:21 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 14 00:00:21 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 14 00:00:21 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 14 00:00:21 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jul 14 00:00:21 2015 [VPN-UK] Peer Connection Initiated with [AF_INET]111.222.333.444:443
Tue Jul 14 00:00:23 2015 SENT CONTROL [VPN-UK]: 'PUSH_REQUEST' (status=1)
Tue Jul 14 00:00:24 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.6 10.9.0.5'
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: route options modified
Tue Jul 14 00:00:24 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 14 00:00:24 2015 ROUTE_GATEWAY 192.168.220.1
Tue Jul 14 00:00:24 2015 TUN/TAP device /dev/tun0 opened
Tue Jul 14 00:00:24 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jul 14 00:00:24 2015 /sbin/ifconfig tun0 10.9.0.6 10.9.0.5 mtu 1500 netmask 255.255.255.255 up -link0
Tue Jul 14 00:00:26 2015 /sbin/route add -net 111.222.333.444 192.168.220.1 -netmask 255.255.255.255
add net 111.222.333.444: gateway 192.168.220.1
Tue Jul 14 00:00:26 2015 /sbin/route add -net 0.0.0.0 10.9.0.5 -netmask 128.0.0.0
add net 0.0.0.0: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 /sbin/route add -net 128.0.0.0 10.9.0.5 -netmask 128.0.0.0
add net 128.0.0.0: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 /sbin/route add -net 10.9.0.1 10.9.0.5 -netmask 255.255.255.255
add net 10.9.0.1: gateway 10.9.0.5
Tue Jul 14 00:00:26 2015 Initialization Sequence Completed

ifconfig -aVPN 连接开启时的详细信息:

$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
    priority: 0
    groups: lo
    inet6 xx11::1%lo0 prefixlen 64 scopeid 0x3
    inet6 ::1 prefixlen 128
    inet 127.0.0.1 netmask 0xff000000
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    lladdr [MAC address of network card]
    priority: 0
    groups: egress
    media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
    status: active
    inet 192.168.220.176 netmask 0xffffff00 broadcast 192.168.220.255
enc0: flags=0<>
    priority: 0
    groups: enc
    status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144
    priority: 0
    groups: pflog
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
    priority: 0
    groups: tun
    status: active
    inet 10.9.0.6 --> 10.9.0.5 netmask 0xffffffff

netstat -nr -f inetVPN 连接开启时的详细信息:

$ netstat -nr -f inet
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
0/1                10.9.0.5           UGS        0        0     -     8 tun0 
default            192.168.220.1      UGS        1      137     -     8 re0  
10.9.0.1/32        10.9.0.5           UGS        0        0     -     8 tun0 
10.9.0.5           10.9.0.6           UH         3        0     -     4 tun0 
10.9.0.6           10.9.0.6           UHl        0        0     -     1 lo0  
111.222.333.444/32 192.168.220.1      UGS        0        0     -     8 re0  
127/8              127.0.0.1          UGRS       0        0 32768     8 lo0  
127.0.0.1          127.0.0.1          UHl        1        4 32768     1 lo0  
128/1              10.9.0.5           UGS        0        0     -     8 tun0 
192.168.220/24     link#1             UC         1        0     -     4 re0  
192.168.220.1      [MAC-router]       UHLc       2        0     -     4 re0  
192.168.220.176    [MAC-network card] UHLl       0        0     -     1 lo0  
192.168.220.255    link#1             UHLb       0        0     -     1 re0  
224/4              link#1             UCS        0        0     -     8 re0

digVPN 连接开启时的详细信息:

$ dig +short microsoft.com
;; connection timed out; no servers could be reached
$

相关内容