与服务器位于同一台计算机上的 UDP 客户端无法连接

tag-icon tag-icon vpn openvpn
与服务器位于同一台计算机上的 UDP 客户端无法连接

我有一个docker容器在我的主机上作为服务器运行:

mode server
dev tun_udp_0
proto udp
port 1200
script-security 3
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radius/radius.cnf
keepalive 10 60
key-direction 0
tls-version-min 1.2
verify-client-cert none
reneg-sec 300

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
tls-crypt /etc/openvpn/keys/ta.key 0

compress lz4-v2

client-cert-not-required
username-as-common-name

user nobody
group nogroup
client-config-dir ccd
server 10.20.0.0 255.255.240.0

persist-key
persist-tun

push "sndbuf 393216"
push "rcvbuf 393216"
push "compress lz4-v2"
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"

duplicate-cn

cipher AES-256-CBC
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256

txqueuelen 200
sndbuf 393216
rcvbuf 393216
fast-io
tun-mtu 1500

并且我在同一台机器上还有另一个作为客户端运行的 Docker 容器,定期进行一些测试:

dev tun 
proto udp 
remote 1.1.1.1 1200 udp 
client 
script-security 3 
down-pre 
auth-user-pass /tmp/vpn.auth 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
verb 3 
ping 5 
nobind 
cipher AES-256-CBC 
auth SHA512 
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 
remote-cert-tls server 
connect-retry 5 
connect-retry-max 6 
ping-exit 30 
ca [inline] 
tls-crypt [inline] 1 
<ca> 
-----BEGIN CERTIFICATE----- 
..
-----END CERTIFICATE----- 
</ca> 
<tls-crypt> 
# 
# 2048 bit OpenVPN static key 
# 
-----BEGIN OpenVPN Static key V1----- 
..
-----END OpenVPN Static key V1----- 
</tls-crypt>

当尝试连接时,它会在某个点停止 - 总是在同一个点:

2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 WARNING: file '/tmp/vpn.auth' is group or others accessible 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1200 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 UDP link local: (not bound) 
2020/10/30 07:15:43.744 [I]  --  Fri Oct 30 07:15:43 2020 UDP link remote: [AF_INET]1.1.1.1:1200 
2020/10/30 07:16:13.195 [I]  --  Fri Oct 30 07:16:13 2020 [UNDEF] Inactivity timeout (--ping-exit), exiting 
2020/10/30 07:16:13.196 [I]  --  Fri Oct 30 07:16:13 2020 SIGTERM[soft,ping-exit] received, process exiting

如果我尝试使用相同的客户端配置从外部进行连接,它就可以正常工作。我只在 UDP 上遇到此错误;TCP 工作正常(我运行了 2 个服务器:TCP 和 UDP)。

有任何想法吗?

答案1

添加--float标志解决了问题。它基本上允许客户端协商另一个 IP 地址并被接受。

相关内容