我是网络新手,这 4 天来一直让我抓狂。我读了 5 个教程,但似乎都无法使用。
附加配置
push "route 10.217.64.55 255.255.255.0"
push "dhcp-options DNS 10.217.64.186"
server 10.217.88.0 255.255.255.0
dev tun0
proto udp
keepalive 10 120
客户端代码
remote myip 1194
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
float
tun-mtu 1400
ca ca.crt
cert client2.crt
key client2.key
ns-cert-type server
comp-lzo
verb 3
我尝试禁用 DDWRT 中的防火墙,但没有效果。以下是我目前使用的 IPtables,尽管我已经尝试了大约 20 次迭代。
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 10.217.88.0/24 -j ACCEPT
iptables -I FORWARD 1 --source 10.217.88.1/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -o br0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
客户端日志
Sat Apr 29 21:04:34 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sat Apr 29 21:04:34 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Apr 29 21:04:34 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Enter Management Password:
Sat Apr 29 21:04:34 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 29 21:04:34 2017 Need hold release from management interface, waiting...
Sat Apr 29 21:04:35 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'state on'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'log all on'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'echo all on'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'hold off'
Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'hold release'
Sat Apr 29 21:04:35 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sat Apr 29 21:04:35 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Sat Apr 29 21:04:35 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]
Sat Apr 29 21:04:35 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 29 21:04:35 2017 UDP link local: (not bound)
Sat Apr 29 21:04:35 2017 UDP link remote: [AF_INET]
Sat Apr 29 21:04:35 2017 MANAGEMENT: >STATE:1493517875,WAIT,,,,,,
Sat Apr 29 21:04:52 2017 SIGTERM[hard,] received, process exiting
Sat Apr 29 21:04:52 2017 MANAGEMENT: >STATE:1493517892,EXITING,SIGTERM,,,,,
服务器日志
Sun Apr 30 12:32:41 2017 OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 27 2017
Sun Apr 30 12:32:41 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Sun Apr 30 12:32:41 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
Sun Apr 30 12:32:41 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 30 12:32:41 2017 Diffie-Hellman initialized with 1024 bit key
Sun Apr 30 12:32:41 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Sun Apr 30 12:32:41 2017 TUN/TAP device tun0 opened
Sun Apr 30 12:32:41 2017 TUN/TAP TX queue length set to 100
Sun Apr 30 12:32:41 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Apr 30 12:32:41 2017 /sbin/ifconfig tun0 10.217.88.1 netmask 255.255.255.0 mtu 1400 broadcast 10.217.88.255
Sun Apr 30 12:32:41 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sun Apr 30 12:32:41 2017 UDP: Cannot create UDP/UDP6 socket: Address family not supported by protocol (errno=97)
Sun Apr 30 12:32:41 2017 Exiting due to fatal error
Sun Apr 30 12:32:41 2017 /tmp/openvpn/route-down.sh tun0 1400 1522 10.217.88.1 255.255.255.0 init
Sun Apr 30 12:32:41 2017 Closing TUN/TAP interface
Sun Apr 30 12:32:41 2017 /sbin/ifconfig tun0 0.0.0.0
编辑:澄清一下,我感到沮丧的是,我无法让服务器和客户端握手并至少相互响应。
我怀疑这种情况的一个症状是检查 canyouseeme 是否看到 1194 UPD 导致它被关闭。尽管我已经按照上面所述配置了 IP 表。即使完全关闭防火墙,它仍然会导致 OpenVPN 处于等待状态。