OpenVPN 禁用 TLS

OpenVPN 禁用 TLS

一周以来,我一直尝试在 Ubuntu 18.04 上启动“OpenVPN 访问服务器”,但经过长时间的研究和迭代,我发现我的 ISP 正在阻止 TLS 数据包,无论我使用哪个端口。这个结论是基于这样的观察:使用不同的 ISP(客户端),我会得到不同的结果……我尝试使用以下命令禁用 TLS:

cd /usr/local/openvpn_as/scripts
./sacli --key "vpn.client.cipher" --value none ConfigPut
./sacli --key "vpn.server.cipher" --value none ConfigPut
./sacli start

并在“高级 VPN”设置中禁用了 TLS 身份验证。但显然这还不够,我的通信中仍然有 TLS 数据包的残留痕迹,让我的 ISP 检测到它们并中断身份验证......不仅因为身份验证冻结并结束,而且日志中还有一些与 TLS 相关的短语:

21:55:35.553 -- ----- OpenVPN Start -----

21:55:35.553 -- EVENT: CORE_THREAD_ACTIVE

21:55:35.559 -- Frame=512/2048/512 mssfix-ctrl=1250

21:55:35.563 -- UNUSED OPTIONS
11 [sndbuf] [100000] 
12 [rcvbuf] [100000] 
14 [verb] [3] 
24 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 
25 [CLI_PREF_BASIC_CLIENT] [False] 
26 [CLI_PREF_ENABLE_CONNECT] [True] 
27 [CLI_PREF_ENABLE_XD_PROXY] [True] 
28 [WSHOST] [X.X.184.124:1398] 
29 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDBDCCAeygAwIBAgIEXOWA4DANBgkqhkiG...] 
30 [IS_OPENVPN_WEB_CA] [1] 
31 [ORGANIZATION] [OpenVPN, Inc.] 


21:55:35.567 -- EVENT: RESOLVE

21:55:35.570 -- Contacting X.X.184.124:1398 via TCP

21:55:35.570 -- EVENT: WAIT

21:55:35.837 -- Connecting to [X.X.184.124]:1398 (X.X.184.124) via TCPv4

21:55:36.023 -- EVENT: CONNECTING

21:55:36.027 -- Tunnel Options:V4,dev-type tun,link-mtu 1528,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher [null-cipher],auth SHA1,keysize 0,tls-auth,key-method 2,tls-client

21:55:36.028 -- Creds: Username/PasswordEmpty

21:55:36.029 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.2
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1


21:55:36.219 -- VERIFY OK : depth=1
cert. version     : 3
serial number     : 5C:E5:80:DF
issuer name       : CN=OpenVPN CA
subject name      : CN=OpenVPN CA
issued  on        : 2019-05-15 17:03:27
expires on        : 2029-05-19 17:03:27
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true


21:55:36.220 -- VERIFY OK : depth=0
cert. version     : 3
serial number     : 01
issuer name       : CN=OpenVPN CA
subject name      : CN=OpenVPN Server
issued  on        : 2019-05-15 17:03:27
expires on        : 2029-05-19 17:03:27
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server


21:55:40.866 -- EVENT: DISCONNECTED

21:55:40.878 -- EVENT: CORE_THREAD_INACTIVE

21:55:40.879 -- Tunnel bytes per CPU second: 0

21:55:40.879 -- ----- OpenVPN Stop -----

请查看日志@21:55:36.027

知道如何禁用 TLS 以便通信中不留 TLS 数据包的痕迹吗?

相关内容