OpenVPN 客户端无法连接,之前可以正常连接

OpenVPN 客户端无法连接,之前可以正常连接

openVPN 服务器是 Ubuntu Server 18.04

客户端是windows 10

openVPN 版本 2.4.4

此 VPN 链接已工作了一段时间。最近一次工作时间大约在 2 周前。从那时起,服务器进行了网络重新配置,从防火墙中删除了 4 个 VLAN。这些都“不应该”影响 VPS。

我还用最新的补丁集升级了 Ubuntu,并重启了服务器。内核没有升级(/boot 空间不足)。我清理了旧内核版本,但还没有进行内核更新。系统已经运行了 339 天。

自这些操作发生以来,客户端一直无法访问 VPN。

服务器配置

port 1194
proto udp
dev tun

ca 2.0/keys/ca.crt
cert 2.0/keys/fw1.crt
key 2.0/keys/fw1.key  # This file should be kept secret

dh 2.0/keys/dh2048.pem

tls-auth 2.0/keys/ta.key 0

server 192.168.99.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt

push "redirect-gateway def1 bypass-dhcp"

client-to-client

###route-gateway 192.168.99.1 255.255.255.0
push "route 192.168.0.0 255.255.0.0"
route 192.168.99.0 255.255.255.0

topology subnet

push "dhcp-option DNS <routable address>"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS <routable address>"

client-config-dir ccd

keepalive 15 240

cipher BF-CBC        # Blowfish (default)

comp-lzo
max-clients 10

###user nobody
###group nogroup
persist-key
persist-tun

status openvpn-status.log
log-append /var/log/openvpn.log

verb 4      # [0-11]
mute 5

客户端配置(这没有改变并且在服务器更新之前可以正常工作)

client 
proto udp 
dev tun 

remote <routable IP of VPN server> 1194 

nobind 

ca ca.crt 
cert boson.crt 
key boson.key 

ns-cert-type server 
tls-auth ta.key 1 

cipher BF-CBC 
comp-lzo 

user nobody 
group nogroup 
persist-key 
persist-tun 

mute-replay-warnings 

verb 3 
mute 5

启动 openVPN 时的日志文件条目

Fri Jun 12 16:52:37 2020 us=833783 Current Parameter Settings:
Fri Jun 12 16:52:37 2020 us=833922   config = '/etc/openvpn/fw1.conf'
Fri Jun 12 16:52:37 2020 us=833993   mode = 1
Fri Jun 12 16:52:37 2020 us=834025   persist_config = DISABLED
Fri Jun 12 16:52:37 2020 us=834054   persist_mode = 1
Fri Jun 12 16:52:37 2020 us=834082 NOTE: --mute triggered...
Fri Jun 12 16:52:37 2020 us=834137 286 variation(s) on previous 5 message(s) suppressed by --mute
Fri Jun 12 16:52:37 2020 us=834171 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Fri Jun 12 16:52:37 2020 us=834211 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Fri Jun 12 16:52:37 2020 us=835577 Diffie-Hellman initialized with 2048 bit key
Fri Jun 12 16:52:37 2020 us=836723 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 12 16:52:37 2020 us=836774 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 12 16:52:37 2020 us=836848 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Fri Jun 12 16:52:37 2020 us=837324 ROUTE_GATEWAY <routable address>/255.255.255.240 IFACE=eth1 HWADDR=00:14:c2:c2:4d:44
Fri Jun 12 16:52:37 2020 us=837850 TUN/TAP device tun0 opened
Fri Jun 12 16:52:37 2020 us=837963 TUN/TAP TX queue length set to 100
Fri Jun 12 16:52:37 2020 us=838034 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 12 16:52:37 2020 us=838103 /sbin/ip link set dev tun0 up mtu 1500
Fri Jun 12 16:52:37 2020 us=846557 /sbin/ip addr add dev tun0 192.168.99.1/24 broadcast 192.168.99.255
Fri Jun 12 16:52:37 2020 us=857371 /sbin/ip route add 192.168.99.0/24 via 192.168.99.2
RTNETLINK answers: File exists
Fri Jun 12 16:52:37 2020 us=863665 **ERROR: Linux route add command failed: external program exited with error status: 2**
Fri Jun 12 16:52:37 2020 us=863798 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Jun 12 16:52:37 2020 us=863844 Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Jun 12 16:52:37 2020 us=863906 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jun 12 16:52:37 2020 us=863968 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Jun 12 16:52:37 2020 us=864012 UDPv4 link remote: [AF_UNSPEC]
Fri Jun 12 16:52:37 2020 us=864064 MULTI: multi_init called, r=256 v=256
Fri Jun 12 16:52:37 2020 us=864157 IFCONFIG POOL: base=192.168.99.2 size=252, ipv6=0
Fri Jun 12 16:52:37 2020 us=864223 IFCONFIG POOL LIST
Fri Jun 12 16:52:37 2020 us=864382 Initialization Sequence Completed
Fri Jun 12 17:16:13 2020 us=113751 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:37399
Fri Jun 12 17:16:14 2020 us=125964 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:37400
Fri Jun 12 17:17:19 2020 us=309702 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:57783
Fri Jun 12 17:17:20 2020 us=310465 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]127.0.0.1:57784

端口监听

> netstat -apn |grep -w 1194
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           7379/openvpn 

相关内容