我正在尝试在 Linux 中设置一个系统,其中 OpenVPN 隧道经过身份验证,但实际流量未加密。使用一台服务器和一台客户端,一切运行正常。以下是 conf 文件的相关部分:
服务器.conf:
port 1194
proto udp
mode server
tls-server
topology subnet
push "topology subnet"
dev tun
#Keys and certificates
ca /usr/share/vpn/keys/ca.crt
cert /usr/share/vpn/keys/server.crt
key /usr/share/vpn/keys/server.key
dh /usr/share/vpn/keys/dh1024.pem
#Network settings
ifconfig 10.8.0.2 255.255.224.0
push "route-gateway 10.8.0.2"
ifconfig-pool 10.8.0.1 10.8.31.254 255.255.224.0
#Allowing of connections with same common names
duplicate-cn
#Data persisting over reload
persist-key
persist-tun
#Client to client communication
client-to-client
#Encryption
cipher none
#Authentication
auth SHA384
示例 client.conf:
client
port 1194
proto udp
topology subnet
dev tun
#Network settings
remote a.b.c.d 1194 # <- Actual IP address of server goes here
#Keys and certificates
ca /usr/share/vpn/keys/ca.crt
cert /usr/share/vpn/keys/5.crt
key /usr/share/vpn/keys/5.key # This file should be kept secret
#Data persisting over reload
persist-key
persist-tun
#Encryption
cipher none
#Authentication
auth SHA384
实际情况是,第一个连接的客户端始终可以正常工作。但是当下一个客户端连接时,连接似乎已正确初始化:
5/10.10.32.5:1194 Data Channel: using negotiated cipher 'AES-256-GCM'
5/10.10.32.5:1194 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 AF:14/121 ]
5/10.10.32.5:1194 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
5/10.10.32.5:1194 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
但是当发送流量时,会出现以下错误:
Float requested for peer 0 to 10.10.32.5:1194
AEAD Decrypt error: cipher final failed
所有客户端的配置都相同,并且第一个连接的客户端始终可以工作。
我尝试在服务器配置中添加“float”,但没有任何改变。
我还将 ncp-disable 添加到所有配置中,尽管我更希望进行初始握手,但这只是改变了错误:
Authenticate/Decrypt packet error: missing authentication info
Authenticate/Decrypt packet error: missing authentication info
Authenticate/Decrypt packet error: packet HMAC authentication failed
Authenticate/Decrypt packet error: packet HMAC authentication failed
有谁知道如何让 OpenVPN 在有多个客户端的情况下进行身份验证但不加密?