OpenVPN Debian 9 配置:以太网上无服务器-客户端连接

tag-icon tag-icon openvpn
OpenVPN Debian 9 配置:以太网上无服务器-客户端连接

我目前正在尝试在我的 Debian 9 计算机上设置 OpenVPN 服务器,但遇到了与客户端的连接问题。目前,服务器通过交换机通过以太网物理连接到客户端(运行 Windows),但客户端无法与服务器建立连接(服务器在 ifconfig 中显示为 tun0)。我相信这是某个配置问题,但无法找出问题所在。

如果这有区别的话,我也位于 NAT 网络后面。我还暂时禁用了两台计算机上的防火墙以进行调试。

有什么办法可以解决我无法建立连接的问题吗?提前致谢。

我按照此页面上的说明进行操作(我也使用提供的 shell 脚本): OpenVPN_Debian_9

这是server.conf:

port 1194
proto udp
dev tun  
sndbuf 0  
rcvbuf 0  
ca /etc/openvpn/ca.crt  
cert /etc/openvpn/server.crt  
key /etc/openvpn/server.key  
dh /etc/openvpn/dh.pem  
auth SHA512  
tls-auth /etc/openvpn/ta.key 0
topology subnet  
server 10.8.0.0 255.255.255.0  
ifconfig-pool-persist ipp.txt  
push "redirect-gateway def1 bypass-dhcp"  
push "dhcp-option DNS 8.8.8.8"  
push "dhcp-option DNS 8.8.4.4"  
keepalive 10 120  
cipher AES-256-CBC  
comp-lzo  
user nobody  
group nogroup  
persist-key  
persist-tun  
status openvpn-status.log  
verb 3  
crl-verify crl.pem

这是客户端.conf:

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3

客户端日志

Tue Aug 01 09:33:40 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)][LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Tue Aug 01 09:33:40 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Aug 01 09:33:40 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Tue Aug 01 09:33:40 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Aug 01 09:33:40 2017 Need hold release from management interface, waiting...
Tue Aug 01 09:33:40 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'state on'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'log all on'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'echo all on'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'hold off'
Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'hold release'
Tue Aug 01 09:33:40 2017 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Aug 01 09:33:40 2017 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Aug 01 09:33:40 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.8.0.1:1194
Tue Aug 01 09:33:40 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Aug 01 09:33:40 2017 UDP link local: (not bound)
Tue Aug 01 09:33:40 2017 UDP link remote: [AF_INET]10.8.0.1:1194
Tue Aug 01 09:33:40 2017 MANAGEMENT: >STATE:1501594420,WAIT,
Tue Aug 01 09:34:40 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Aug 01 09:34:40 2017 TLS Error: TLS handshake failed
Tue Aug 01 09:34:40 2017 SIGUSR1[soft,tls-error] received, process restarting
Tue Aug 01 09:34:40 2017 MANAGEMENT: >STATE:1501594480,RECONNECTING,tls-error
Tue Aug 01 09:34:40 2017 Restart pause, 5 second(s)
Tue Aug 01 09:34:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.8.0.1:1194

答案1

UDP link remote: [AF_INET]10.8.0.1:1194-- 我不知道你的网络设置如何,但是你不能通过 10.8.0.1 的 tun 接口连接到服务器。--remote 10.8.0.1如果是错误的,您必须使用主 IP 或公共 IP,并在路由器/防火墙上转发端口。

相关内容