我在 Synology Router 上设置了一个 OpenVPN 服务器,但无法正确连接 IPv4 和 IPv6。起初,我为此头疼不已,但最终我将其缩小到:我可以通过 IPv6 地址成功连接到我的 OpenVPN 服务器,但每次仅通过 IPv4 地址连接都会失败。
我通过用 DDNS 设置的域名进行连接。如果我手动将记录设置为仅 IPv4 地址,它当然会失败。只要我更新 IPv6 记录,它就会正常工作。
我已经在几个不同的客户端和网络上进行了测试,只是为了确保它不是我的客户端所在的网络。
这是我的服务器配置: 服务器配置
以及客户端配置文件:
dev tun
tls-client
remote my.domain.com 1194
redirect-gateway def1
pull
proto udp
script-security 2
reneg-sec 0
auth SHA1
cipher AES-128-CBC
auth-user-pass
key-direction 1
comp-lzo
explicit-exit-notify
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
以下是客户端连接日志文件,针对个人信息进行了编辑:
5/20/2020, 1:03:10 AM OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Feb 19 2020 17:36:01
⏎5/20/2020, 1:03:10 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/20/2020, 1:03:10 AM UNUSED OPTIONS
1 [tls-client]
4 [pull]
6 [script-security] [2]
13 [explicit-exit-notify]
⏎5/20/2020, 1:03:10 AM EVENT: RESOLVE
⏎5/20/2020, 1:03:10 AM EVENT: WAIT
⏎5/20/2020, 1:03:10 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:03:10 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:03:20 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:03:20 AM EVENT: RECONNECTING
⏎5/20/2020, 1:03:20 AM EVENT: RESOLVE
⏎5/20/2020, 1:03:20 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:03:20 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:03:20 AM EVENT: WAIT
⏎5/20/2020, 1:03:30 AM Server poll timeout, trying next remote entry...
超时前尝试失败 5 次:
⏎5/20/2020, 1:04:10 AM EVENT: CONNECTION_TIMEOUT
⏎5/20/2020, 1:04:10 AM EVENT: DISCONNECTED
现在尝试 IPv6 地址
⏎5/20/2020, 1:04:46 AM OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Feb 19 2020 17:36:01
⏎5/20/2020, 1:04:46 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/20/2020, 1:04:46 AM UNUSED OPTIONS
1 [tls-client]
4 [pull]
6 [script-security] [2]
13 [explicit-exit-notify]
⏎5/20/2020, 1:04:46 AM EVENT: RESOLVE
⏎5/20/2020, 1:04:46 AM EVENT: WAIT
⏎5/20/2020, 1:04:46 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:04:46 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:04:56 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:04:56 AM EVENT: RECONNECTING
⏎5/20/2020, 1:04:56 AM EVENT: RESOLVE
⏎5/20/2020, 1:04:56 AM EVENT: WAIT
⏎5/20/2020, 1:04:56 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:04:56 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:05:06 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:05:06 AM EVENT: RECONNECTING
⏎5/20/2020, 1:05:06 AM EVENT: RESOLVE
⏎5/20/2020, 1:05:06 AM EVENT: WAIT
⏎5/20/2020, 1:05:06 AM Contacting [xxxx::xxxx]:1194 via UDP
⏎5/20/2020, 1:05:06 AM Connecting to [my.domain.com]:1194 (xxxx::xxxx) via UDPv6
⏎5/20/2020, 1:05:06 AM EVENT: CONNECTING
⏎5/20/2020, 1:05:06 AM Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
⏎5/20/2020, 1:05:06 AM Creds: Username/Password
⏎5/20/2020, 1:05:06 AM Peer Info:
IV_GUI_VER=OCmacOS_3.1.2-572
IV_VER=3.git::15c71c44
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
⏎5/20/2020, 1:05:06 AM VERIFY OK : depth=1
Certificate Information
⏎5/20/2020, 1:05:06 AM VERIFY OK : depth=0
Certificate Information
⏎5/20/2020, 1:05:08 AM SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
⏎5/20/2020, 1:05:08 AM Session is ACTIVE
⏎5/20/2020, 1:05:08 AM Sending PUSH_REQUEST to server...
⏎5/20/2020, 1:05:08 AM EVENT: GET_CONFIG
⏎5/20/2020, 1:05:09 AM EVENT: DISCONNECTED
如您所见,使用 IPv6 地址时,它可以正常连接。但是尝试使用 IPv4 地址连接时,每次都会失败。这是否与我的 ISP 阻止某些 UDP 数据包有关?我很好奇为什么它只适用于 IPv6。
答案1
只花了几个小时就解决了问题,现在看来这太明显了,我不想承认。
一开始,我读到了一些 Synology 的错误文档,其中要求在路由器上设置端口转发规则。但他们忽略了一点,如果你在路由器上使用 VPN 服务器,就不应该这样做!
我删除了所有端口转发规则,仔细检查了防火墙规则并使其正常运行。