我正在遵循本指南,但无法设置 VPN 服务器并 ping 它,这是第一步。
https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
发生的事情是,我无法按照指南中所述从服务器 ping 10.8.0.2,也无法从客户端 ping 10.8.0.1。虽然 tun0 接口出现在服务器和客户端上,当我尝试连接到服务器时,在服务器和客户端上都看到日志,我将其解释为它们相互通信。我不知道如何开始调试这个问题。
客户端配置
remote 148.251.143.94 443
dev tun
proto tcp-client
ifconfig 10.8.0.2 10.8.0.1
secret ta.key
verb 5
服务器配置
dev tun
proto tcp
ifconfig 10.8.0.1 10.8.0.2
secret kets/ta.key
verb 6
客户端日志:
Mon Jan 15 14:12:22 2018 us=454846 Outgoing Static Key Encryption: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jan 15 14:12:22 2018 us=454890 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Jan 15 14:12:22 2018 us=454933 Outgoing Static Key Encryption: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 15 14:12:22 2018 us=455047 Incoming Static Key Encryption: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jan 15 14:12:22 2018 us=455068 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Jan 15 14:12:22 2018 us=455096 Incoming Static Key Encryption: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 15 14:12:22 2018 us=455474 TUN/TAP device tun0 opened
Mon Jan 15 14:12:22 2018 us=455518 TUN/TAP TX queue length set to 100
Mon Jan 15 14:12:22 2018 us=455552 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jan 15 14:12:22 2018 us=455589 /usr/bin/ip link set dev tun0 up mtu 1500
Mon Jan 15 14:12:22 2018 us=458664 /usr/bin/ip addr add dev tun0 local 10.8.0.2 peer 10.8.0.1
Mon Jan 15 14:12:22 2018 us=462941 Data Channel MTU parms [ L:1546 D:1450 EF:46 EB:393 ET:0 EL:3 ]
Mon Jan 15 14:12:22 2018 us=463028 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto TCPv4_CLIENT,ifconfig 10.8.0.1 10.8.0.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Mon Jan 15 14:12:22 2018 us=463054 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto TCPv4_SERVER,ifconfig 10.8.0.2 10.8.0.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Mon Jan 15 14:12:22 2018 us=463094 TCP/UDP: Preserving recently used remote address: [AF_INET]148.251.143.94:443
Mon Jan 15 14:12:22 2018 us=463133 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Jan 15 14:12:22 2018 us=463161 Attempting to establish TCP connection with [AF_INET]148.251.143.94:443 [nonblock]
Mon Jan 15 14:12:23 2018 us=463407 TCP connection established with [AF_INET]148.251.143.94:443
Mon Jan 15 14:12:23 2018 us=463454 TCP_CLIENT link local: (not bound)
Mon Jan 15 14:12:23 2018 us=463464 TCP_CLIENT link remote: [AF_INET]148.251.143.94:443
rWMon Jan 15 14:12:23 2018 us=555120 Connection reset, restarting [0]
Mon Jan 15 14:12:23 2018 us=555192 TCP/UDP: Closing socket
Mon Jan 15 14:12:23 2018 us=555270 Closing TUN/TAP interface
Mon Jan 15 14:12:23 2018 us=555312 /usr/bin/ip addr del dev tun0 local 10.8.0.2 peer 10.8.0.1
Mon Jan 15 14:12:23 2018 us=584197 SIGUSR1[soft,connection-reset] received, process restarting
Mon Jan 15 14:12:23 2018 us=584235 Restart pause, 5 second(s)
服务器日志:
Mon Jan 15 10:44:46 2018 us=688711 MULTI: multi_create_instance called
Mon Jan 15 10:44:46 2018 us=688764 Re-using SSL/TLS context
Mon Jan 15 10:44:46 2018 us=688828 Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Mon Jan 15 10:44:46 2018 us=688846 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Mon Jan 15 10:44:46 2018 us=688873 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'
Mon Jan 15 10:44:46 2018 us=688880 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'
Mon Jan 15 10:44:46 2018 us=688898 TCP connection established with [AF_INET6]::ffff:46.209.11.146:41912
Mon Jan 15 10:44:46 2018 us=688906 TCPv6_SERVER link local: (not bound)
Mon Jan 15 10:44:46 2018 us=688914 TCPv6_SERVER link remote: [AF_INET6]::ffff:46.209.11.146:41912
Mon Jan 15 10:44:47 2018 us=600257 46.209.11.146 TCPv6_SERVER READ [92] from [AF_INET6]::ffff:46.209.11.146:41912: P_??? kid=7 [ 4114583015 2485465082 3854031848 2485687898 4043797693 2733821008 3551115941 657634580 4080887663 553580923 4080980629 2631660472 665707228 1385866580 4031312028 2050149634 346564806 479243997 2692639409 1434557404 ]
Mon Jan 15 10:44:47 2018 us=600314 46.209.11.146 TLS Error: unknown opcode received from [AF_INET6]::ffff:46.209.11.146:41912 op=21
Mon Jan 15 10:44:47 2018 us=600374 46.209.11.146 Fatal TLS error (check_tls_errors_co), restarting
Mon Jan 15 10:44:47 2018 us=600401 46.209.11.146 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Jan 15 10:44:47 2018 us=600460 TCP/UDP: Closing socket