如何解决 openvpn 客户端在 debian 11 上无法更改我的公共 IP 的问题?

如何解决 openvpn 客户端在 debian 11 上无法更改我的公共 IP 的问题?

我有 nordvpn,我将它与 openvpn 和 nordvpn 在 linux debian 11 上提供的配置 .ovpn 文件一起使用。

当我运行 sudo openvpn --config /etc/openvpn/ovpn_tcp/is55.nordvpn.com.tcp.ovpn --auth-user-pass /etc/openvpn/_ 时,我在终端中得到以下成功行:

2022-09-20 19:31:51 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-09-20 19:31:51 WARNING: file '/etc/openvpn/_' is group or others accessible
2022-09-20 19:31:51 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2022-09-20 19:31:51 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
2022-09-20 19:31:51 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-09-20 19:31:51 NOTE: --fast-io is disabled since we are not using UDP
2022-09-20 19:31:51 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-09-20 19:31:51 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-09-20 19:31:51 TCP/UDP: Preserving recently used remote address: [AF_INET]45.133.192.91:443
2022-09-20 19:31:51 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-09-20 19:31:51 Attempting to establish TCP connection with [AF_INET]45.133.192.91:443 [nonblock]
2022-09-20 19:31:51 TCP connection established with [AF_INET]45.133.192.91:443
2022-09-20 19:31:51 TCP_CLIENT link local: (not bound)
2022-09-20 19:31:51 TCP_CLIENT link remote: [AF_INET]45.133.192.91:443
2022-09-20 19:31:51 TLS: Initial packet from [AF_INET]45.133.192.91:443, sid=2fa7f61f d5b901ff
2022-09-20 19:31:52 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2022-09-20 19:31:52 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
2022-09-20 19:31:52 VERIFY KU OK
2022-09-20 19:31:52 Validating certificate extended key usage
2022-09-20 19:31:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-09-20 19:31:52 VERIFY EKU OK
2022-09-20 19:31:52 VERIFY X509NAME OK: CN=is55.nordvpn.com
2022-09-20 19:31:52 VERIFY OK: depth=0, CN=is55.nordvpn.com
2022-09-20 19:31:52 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
2022-09-20 19:31:52 [is55.nordvpn.com] Peer Connection Initiated with [AF_INET]45.133.192.91:443
2022-09-20 19:31:52 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.2.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2022-09-20 19:31:52 OPTIONS IMPORT: timers and/or timeouts modified
2022-09-20 19:31:52 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
2022-09-20 19:31:52 OPTIONS IMPORT: compression parms modified
2022-09-20 19:31:52 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-09-20 19:31:52 Socket Buffers: R=[131072->425984] S=[46080->425984]
2022-09-20 19:31:52 OPTIONS IMPORT: --ifconfig/up options modified
2022-09-20 19:31:52 OPTIONS IMPORT: route options modified
2022-09-20 19:31:52 OPTIONS IMPORT: route-related options modified
2022-09-20 19:31:52 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-09-20 19:31:52 OPTIONS IMPORT: peer-id set
2022-09-20 19:31:52 OPTIONS IMPORT: adjusting link_mtu to 1659
2022-09-20 19:31:52 OPTIONS IMPORT: data channel crypto options modified
2022-09-20 19:31:52 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-09-20 19:31:52 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-09-20 19:31:52 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-09-20 19:31:52 net_route_v4_best_gw query: dst 0.0.0.0
2022-09-20 19:31:52 net_route_v4_best_gw result: via 192.168.15.169 dev wlp3s0
2022-09-20 19:31:52 ROUTE_GATEWAY 192.168.15.169/255.255.255.0 IFACE=wlp3s0 HWADDR=7c:04:d0:d7:4f:d2
2022-09-20 19:31:52 TUN/TAP device tun0 opened
2022-09-20 19:31:52 net_iface_mtu_set: mtu 1500 for tun0
2022-09-20 19:31:52 net_iface_up: set tun0 up
2022-09-20 19:31:52 net_addr_v4_add: 10.7.2.2/24 dev tun0
2022-09-20 19:31:52 net_route_v4_add: 45.133.192.91/32 via 192.168.15.169 dev [NULL] table 0 metric -1
2022-09-20 19:31:52 net_route_v4_add: 0.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2022-09-20 19:31:52 net_route_v4_add: 128.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2022-09-20 19:31:52 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-09-20 19:31:52 Initialization Sequence Completed

我还尝试通过以下链接使用 systemctl (systemd) 进行设置:https://community.openvpn.net/openvpn/wiki/Systemd并且我在 journalctl 中也获得了成功的结果。

然而当我运行时curl ifconfig.me我仍然有相同的公共 IP...

cat update-resolv-conf在 /etc/openvpn 中:

#!/bin/bash
# 
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
# 
# Example envs set from openvpn:
#
#     foreign_option_1='dhcp-option DNS 193.43.27.132'
#     foreign_option_2='dhcp-option DNS 193.43.27.133'
#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#

if [ ! -x /sbin/resolvconf ] ; then
    logger "[OpenVPN:update-resolve-conf] missing binary /sbin/resolvconf";
    exit 0;
fi

[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0

split_into_parts()
{
    part1="$1"
    part2="$2"
    part3="$3"
}

case "$script_type" in
  up)
    NMSRVRS=""
    SRCHS=""
    foreign_options=$(printf '%s\n' ${!foreign_option_*} | sort -t _ -k 3 -g)
    for optionvarname in ${foreign_options} ; do
        option="${!optionvarname}"
        echo "$option"
        split_into_parts $option
        if [ "$part1" = "dhcp-option" ] ; then
            if [ "$part2" = "DNS" ] ; then
                NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
            elif [ "$part2" = "DOMAIN" ] ; then
                SRCHS="${SRCHS:+$SRCHS }$part3"
            fi
        fi
    done
    R=""
    [ "$SRCHS" ] && R="search $SRCHS
"
    for NS in $NMSRVRS ; do
            R="${R}nameserver $NS
"
    done
    echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn"
    ;;
  down)
    /sbin/resolvconf -d "${dev}.openvpn"
    ;;
esac

所以我尝试在我的 conf .ovpn 文件末尾添加 /etc/openvpn/update-resolv-conf,但它是一样的......

openvpn --version 给我:

OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no

您能帮我解决这个问题吗?我应该从哪里开始查找?

相关内容