openVPN 服务器是 Ubuntu Server 18.04
客户端是windows 10
openVPN 版本 2.4.4
此 VPN 链接已工作了一段时间。最近一次工作时间大约在 2 周前。从那时起,服务器进行了网络重新配置,从防火墙中删除了 4 个 VLAN。这些都“不应该”影响 VPS。
我还用最新的补丁集升级了 Ubuntu,并重启了服务器。内核没有升级(/boot 空间不足)。我清理了旧内核版本,但还没有进行内核更新。系统已经运行了 339 天。
自这些操作发生以来,客户端一直无法访问 VPN。
服务器配置
port 1194
proto udp
dev tun
ca 2.0/keys/ca.crt
cert 2.0/keys/fw1.crt
key 2.0/keys/fw1.key # This file should be kept secret
dh 2.0/keys/dh2048.pem
tls-auth 2.0/keys/ta.key 0
server 192.168.99.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
client-to-client
###route-gateway 192.168.99.1 255.255.255.0
push "route 192.168.0.0 255.255.0.0"
route 192.168.99.0 255.255.255.0
topology subnet
push "dhcp-option DNS <routable address>"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS <routable address>"
client-config-dir ccd
keepalive 15 240
cipher BF-CBC # Blowfish (default)
comp-lzo
max-clients 10
###user nobody
###group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 4 # [0-11]
mute 5
客户端配置(这没有改变并且在服务器更新之前可以正常工作)
client
proto udp
dev tun
remote <routable IP of VPN server> 1194
nobind
ca ca.crt
cert boson.crt
key boson.key
ns-cert-type server
tls-auth ta.key 1
cipher BF-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
mute-replay-warnings
verb 3
mute 5
启动 openVPN 时的日志文件条目
Fri Jun 12 16:52:37 2020 us=833783 Current Parameter Settings:
Fri Jun 12 16:52:37 2020 us=833922 config = '/etc/openvpn/fw1.conf'
Fri Jun 12 16:52:37 2020 us=833993 mode = 1
Fri Jun 12 16:52:37 2020 us=834025 persist_config = DISABLED
Fri Jun 12 16:52:37 2020 us=834054 persist_mode = 1
Fri Jun 12 16:52:37 2020 us=834082 NOTE: --mute triggered...
Fri Jun 12 16:52:37 2020 us=834137 286 variation(s) on previous 5 message(s) suppressed by --mute
Fri Jun 12 16:52:37 2020 us=834171 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Fri Jun 12 16:52:37 2020 us=834211 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08
Fri Jun 12 16:52:37 2020 us=835577 Diffie-Hellman initialized with 2048 bit key
Fri Jun 12 16:52:37 2020 us=836723 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 12 16:52:37 2020 us=836774 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 12 16:52:37 2020 us=836848 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Fri Jun 12 16:52:37 2020 us=837324 ROUTE_GATEWAY <routable address>/255.255.255.240 IFACE=eth1 HWADDR=00:14:c2:c2:4d:44
Fri Jun 12 16:52:37 2020 us=837850 TUN/TAP device tun0 opened
Fri Jun 12 16:52:37 2020 us=837963 TUN/TAP TX queue length set to 100
Fri Jun 12 16:52:37 2020 us=838034 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 12 16:52:37 2020 us=838103 /sbin/ip link set dev tun0 up mtu 1500
Fri Jun 12 16:52:37 2020 us=846557 /sbin/ip addr add dev tun0 192.168.99.1/24 broadcast 192.168.99.255
Fri Jun 12 16:52:37 2020 us=857371 /sbin/ip route add 192.168.99.0/24 via 192.168.99.2
RTNETLINK answers: File exists
Fri Jun 12 16:52:37 2020 us=863665 **ERROR: Linux route add command failed: external program exited with error status: 2**
Fri Jun 12 16:52:37 2020 us=863798 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Jun 12 16:52:37 2020 us=863844 Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Jun 12 16:52:37 2020 us=863906 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jun 12 16:52:37 2020 us=863968 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Jun 12 16:52:37 2020 us=864012 UDPv4 link remote: [AF_UNSPEC]
Fri Jun 12 16:52:37 2020 us=864064 MULTI: multi_init called, r=256 v=256
Fri Jun 12 16:52:37 2020 us=864157 IFCONFIG POOL: base=192.168.99.2 size=252, ipv6=0
Fri Jun 12 16:52:37 2020 us=864223 IFCONFIG POOL LIST
Fri Jun 12 16:52:37 2020 us=864382 Initialization Sequence Completed
Fri Jun 12 17:16:13 2020 us=113751 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:37399
Fri Jun 12 17:16:14 2020 us=125964 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:37400
Fri Jun 12 17:17:19 2020 us=309702 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:57783
Fri Jun 12 17:17:20 2020 us=310465 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:57784
端口监听
> netstat -apn |grep -w 1194
udp 0 0 0.0.0.0:1194 0.0.0.0:* 7379/openvpn