OpenVPN 客户端无法连接某些端口

tag-icon tag-icon networking routing openvpn linux-networking port
OpenVPN 客户端无法连接某些端口

问题:

我有一个在 上运行的 OpenVPN 实例UDP/123。我有一个使用相同端口协议组合的 VPS,没有任何问题,但我的家庭 VPN 不允许我连接。

额外信息:

路由器端口123 UDP/TCP已打开,没有运行任何服务(OpenVPN 除外)UDP/123

运行nc -u host 123只是永远挂起,而nc host 123几乎立即响应

host.name.net [x.x.x.x] 123 (ntp) : Connection refused

Openvpn 实例运行,日志中没有错误。任何客户端(Android、Linux)都无法与其建立连接

我已经测试了其他端口,例如UDP/2999几乎立即连接,当然这个端口也在路由器防火墙中打开,就像UDP/TCP 123

配置:

客户端.ovpn

client
dev tun
proto udp
remote host.name.net 123
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

服务器配置文件

port 123
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh2048.pem
server 192.168.10.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
comp-lzo 
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 3
push "remote-gateway host.name.net"
push "dhcp-option DNS 8.8.8.8"

客户端日志连接输出:

Thu Apr  6 23:16:20 2017 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 10 2017
Thu Apr  6 23:16:20 2017 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Thu Apr  6 23:16:20 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:123
Thu Apr  6 23:16:20 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Apr  6 23:16:20 2017 UDP link local: (not bound)
Thu Apr  6 23:16:20 2017 UDP link remote: [AF_INET]x.x.x.x:123
Thu Apr  6 23:17:20 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr  6 23:17:20 2017 TLS Error: TLS handshake failed
Thu Apr  6 23:17:20 2017 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr  6 23:17:20 2017 Restart pause, 5 second(s)
Thu Apr  6 23:17:26 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:123
Thu Apr  6 23:17:26 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Apr  6 23:17:26 2017 UDP link local: (not bound)
Thu Apr  6 23:17:26 2017 UDP link remote: [AF_INET]x.x.x.x:123
Thu Apr  6 23:18:27 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr  6 23:18:27 2017 TLS Error: TLS handshake failed
Thu Apr  6 23:18:27 2017 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr  6 23:18:27 2017 Restart pause, 5 second(s)

笔记再次,仅将服务器和客户端端口从 123 更改为 2999 即可建立有效的连接,但我需要 123。

当改回 123 时,没有客户端可以连接。

笔记路由器防火墙中也打开了 [2999,123,...] UDP/TCP。

有任何建议说明为什么会发生这种情况吗?

相关内容