我在 CentOS 机器上安装了 OpenVPN,并在其上创建了一个用户。然后我在 PC 上安装了客户端软件并尝试连接到 VPN。奇怪的问题是,当我使用基于移动数据的互联网时,我可以连接到 VPN,但是当我使用 ADSL 连接时,连接失败并出现以下错误:
注:此错误日志中的IP已改为示例IP
Thu Sep 26 08:44:29 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Thu Sep 26 08:44:29 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Sep 26 08:44:29 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Thu Sep 26 08:44:29 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Thu Sep 26 08:44:29 2019 Need hold release from management interface, waiting...
Thu Sep 26 08:44:29 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Thu Sep 26 08:44:29 2019 MANAGEMENT: CMD 'state on'
Thu Sep 26 08:44:29 2019 MANAGEMENT: CMD 'log all on'
Thu Sep 26 08:44:29 2019 MANAGEMENT: CMD 'echo all on'
Thu Sep 26 08:44:29 2019 MANAGEMENT: CMD 'bytecount 5'
Thu Sep 26 08:44:29 2019 MANAGEMENT: CMD 'hold off'
Thu Sep 26 08:44:29 2019 MANAGEMENT: CMD 'hold release'
Thu Sep 26 08:44:29 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Sep 26 08:44:29 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Sep 26 08:44:29 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Sep 26 08:44:29 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Sep 26 08:44:29 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]104.179.258.10:50555
Thu Sep 26 08:44:29 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Sep 26 08:44:29 2019 Attempting to establish TCP connection with [AF_INET]104.179.258.10:50555 [nonblock]
Thu Sep 26 08:44:29 2019 MANAGEMENT: >STATE:1569474869,TCP_CONNECT,,,,,,
Thu Sep 26 08:44:31 2019 TCP connection established with [AF_INET]104.179.258.10:50555
Thu Sep 26 08:44:31 2019 TCP_CLIENT link local: (not bound)
Thu Sep 26 08:44:31 2019 TCP_CLIENT link remote: [AF_INET]104.179.258.10:50555
Thu Sep 26 08:44:31 2019 MANAGEMENT: >STATE:1569474871,WAIT,,,,,,
Thu Sep 26 08:44:32 2019 MANAGEMENT: >STATE:1569474872,AUTH,,,,,,
Thu Sep 26 08:44:32 2019 TLS: Initial packet from [AF_INET]104.179.258.10:50555, sid=fcdf87ec 47b25bf8
Thu Sep 26 08:45:00 2019 read TCP_CLIENT: Unknown error (code=10060)
Thu Sep 26 08:45:00 2019 Connection reset, restarting [-1]
Thu Sep 26 08:45:00 2019 SIGUSR1[soft,connection-reset] received, process restarting
Thu Sep 26 08:45:00 2019 MANAGEMENT: >STATE:1569474900,RECONNECTING,connection-reset,,,,,
Thu Sep 26 08:45:00 2019 Restart pause, 5 second(s)
Thu Sep 26 08:45:05 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]104.179.258.10:50555
Thu Sep 26 08:45:05 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Sep 26 08:45:05 2019 Attempting to establish TCP connection with [AF_INET]104.179.258.10:50555 [nonblock]
Thu Sep 26 08:45:05 2019 MANAGEMENT: >STATE:1569474905,TCP_CONNECT,,,,,,
Thu Sep 26 08:45:06 2019 TCP connection established with [AF_INET]104.179.258.10:50555
Thu Sep 26 08:45:06 2019 TCP_CLIENT link local: (not bound)
Thu Sep 26 08:45:06 2019 TCP_CLIENT link remote: [AF_INET]104.179.258.10:50555
Thu Sep 26 08:45:06 2019 MANAGEMENT: >STATE:1569474906,WAIT,,,,,,
Thu Sep 26 08:45:06 2019 MANAGEMENT: >STATE:1569474906,AUTH,,,,,,
Thu Sep 26 08:45:06 2019 TLS: Initial packet from [AF_INET]104.179.258.10:50555, sid=a1b6af90 ed5ef60f
Thu Sep 26 08:45:36 2019 read TCP_CLIENT: Unknown error (code=10060)
Thu Sep 26 08:45:36 2019 Connection reset, restarting [-1]
Thu Sep 26 08:45:36 2019 SIGUSR1[soft,connection-reset] received, process restarting
Thu Sep 26 08:45:36 2019 MANAGEMENT: >STATE:1569474936,RECONNECTING,connection-reset,,,,,
Thu Sep 26 08:45:36 2019 Restart pause, 5 second(s)
Thu Sep 26 08:45:41 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]104.179.258.10:50555
Thu Sep 26 08:45:41 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Sep 26 08:45:41 2019 Attempting to establish TCP connection with [AF_INET]104.179.258.10:50555 [nonblock]
Thu Sep 26 08:45:41 2019 MANAGEMENT: >STATE:1569474941,TCP_CONNECT,,,,,,`
您知道问题是什么吗?我该如何解决?
答案1
错误代码 10060 是套接字超时。您的互联网提供商可能过滤了您为 OpenVPN 配置的端口。尝试重新配置服务器以使用 TCP 而不是 UDP,并尝试远程登录到服务器使用的端口。如果不行,请将您的服务器配置为使用不太可能被过滤的端口,例如 443。
答案2
我也遇到了同样的问题。我检查了 NordVPN UDP 和 TCP 连接此链接. 使用与我遇到问题的相同 ADSL 网络。NordVPN 连接工作得很好,但除 openvpn+proxy 连接外,所有其他 openvpn TCP 和 UDP 连接都被阻止。openvpn+proxy 非常慢。
我不知道为什么 NordVPN TCP 和 UDP 连接可以正常工作。但我们的连接被阻止了。例如,NordVPN 使用端口 1194 进行连接,并且工作得很好。我使用了端口 443 和 1194 等......,但我们的连接无法在任何端口上使用。我检查了同一台 PC 和网络中的端口,发现端口未被阻止并且是开放的,我可以访问端口。这意味着如果我想将端口 443 用于 Web 服务器,它可以正常工作,但是当我将端口 443 用于 Openvpn 时,似乎使用 Openvpn-connect 或 openvpn-gui 发送的数据包被过滤或阻止了。
有可能吗?我们能做什么?NordVPN 如何解决这个问题?我们的客户端配置是:
client
dev tun
proto tcp
remote server.domain.add 443
resolv-retry infinite
nobind
pull
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
redirect-gateway autolocal
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
nordvpn 客户端配置如下:
client
dev tun
proto tcp
remote ip.add 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
remote-cert-tls server
auth-user-pass
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
# 2048 bit OpenVPN static key
...
-----END OpenVPN Static key V1-----
</tls-auth>