一周以来,我一直尝试在 Ubuntu 18.04 上启动“OpenVPN 访问服务器”,但经过长时间的研究和迭代,我发现我的 ISP 正在阻止 TLS 数据包,无论我使用哪个端口。这个结论是基于这样的观察:使用不同的 ISP(客户端),我会得到不同的结果……我尝试使用以下命令禁用 TLS:
cd /usr/local/openvpn_as/scripts
./sacli --key "vpn.client.cipher" --value none ConfigPut
./sacli --key "vpn.server.cipher" --value none ConfigPut
./sacli start
并在“高级 VPN”设置中禁用了 TLS 身份验证。但显然这还不够,我的通信中仍然有 TLS 数据包的残留痕迹,让我的 ISP 检测到它们并中断身份验证......不仅因为身份验证冻结并结束,而且日志中还有一些与 TLS 相关的短语:
21:55:35.553 -- ----- OpenVPN Start -----
21:55:35.553 -- EVENT: CORE_THREAD_ACTIVE
21:55:35.559 -- Frame=512/2048/512 mssfix-ctrl=1250
21:55:35.563 -- UNUSED OPTIONS
11 [sndbuf] [100000]
12 [rcvbuf] [100000]
14 [verb] [3]
24 [CLI_PREF_ALLOW_WEB_IMPORT] [True]
25 [CLI_PREF_BASIC_CLIENT] [False]
26 [CLI_PREF_ENABLE_CONNECT] [True]
27 [CLI_PREF_ENABLE_XD_PROXY] [True]
28 [WSHOST] [X.X.184.124:1398]
29 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDBDCCAeygAwIBAgIEXOWA4DANBgkqhkiG...]
30 [IS_OPENVPN_WEB_CA] [1]
31 [ORGANIZATION] [OpenVPN, Inc.]
21:55:35.567 -- EVENT: RESOLVE
21:55:35.570 -- Contacting X.X.184.124:1398 via TCP
21:55:35.570 -- EVENT: WAIT
21:55:35.837 -- Connecting to [X.X.184.124]:1398 (X.X.184.124) via TCPv4
21:55:36.023 -- EVENT: CONNECTING
21:55:36.027 -- Tunnel Options:V4,dev-type tun,link-mtu 1528,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher [null-cipher],auth SHA1,keysize 0,tls-auth,key-method 2,tls-client
21:55:36.028 -- Creds: Username/PasswordEmpty
21:55:36.029 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.2
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
21:55:36.219 -- VERIFY OK : depth=1
cert. version : 3
serial number : 5C:E5:80:DF
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN CA
issued on : 2019-05-15 17:03:27
expires on : 2029-05-19 17:03:27
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
21:55:36.220 -- VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN Server
issued on : 2019-05-15 17:03:27
expires on : 2029-05-19 17:03:27
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server
21:55:40.866 -- EVENT: DISCONNECTED
21:55:40.878 -- EVENT: CORE_THREAD_INACTIVE
21:55:40.879 -- Tunnel bytes per CPU second: 0
21:55:40.879 -- ----- OpenVPN Stop -----
请查看日志@21:55:36.027
知道如何禁用 TLS 以便通信中不留 TLS 数据包的痕迹吗?