今天使用这博客文章中,我设置了一个 openvpn 服务器。当我使用
systemctl status [email protected]
一切似乎都很好。这是命令的日志systemctl:
● [email protected] - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-10-15 10:49:34 UTC; 8min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 170036 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 2344)
Memory: 1.0M
CGroup: /system.slice/system-openvpn\x2dserver.slice/[email protected]
└─170036 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf
Oct 15 10:49:34 emadhelmi openvpn[170036]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Oct 15 10:49:34 emadhelmi openvpn[170036]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Oct 15 10:49:34 emadhelmi openvpn[170036]: UDPv4 link local (bound): [AF_INET]54.37.**.***:57055
Oct 15 10:49:34 emadhelmi openvpn[170036]: UDPv4 link remote: [AF_UNSPEC]
Oct 15 10:49:34 emadhelmi openvpn[170036]: GID set to nogroup
Oct 15 10:49:34 emadhelmi openvpn[170036]: UID set to nobody
Oct 15 10:49:34 emadhelmi openvpn[170036]: MULTI: multi_init called, r=256 v=256
Oct 15 10:49:34 emadhelmi openvpn[170036]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Oct 15 10:49:34 emadhelmi openvpn[170036]: IFCONFIG POOL LIST
Oct 15 10:49:34 emadhelmi openvpn[170036]: Initialization Sequence Completed
但是在我的本地笔记本电脑上使用nc命令检查端口可用性时,我没有收到任何响应:
nc -u 54.37.**.*** 57055
另外,当我从装有 openvpn 应用程序的手机导入创建的配置并尝试连接时,我遇到了超时错误。这里还有一些(可能)有用的日志。
UFW 状态:
To Action From
-- ------ ----
....
57055 ALLOW Anywhere
57055/udp ALLOW Anywhere
57055 (v6) ALLOW Anywhere (v6)
57055/udp (v6) ALLOW Anywhere (v6)
服务器.conf:
local 54.37.**.***
port 57055
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
push "block-outside-dns"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
命令结果ip addr show:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:c4:98:e9 brd ff:ff:ff:ff:ff:ff
inet 54.37.**.***/27 brd 54.37.**.*** scope global ens3
valid_lft forever preferred_lft forever
inet6 *** scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:22:83:4c:9b brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:22ff:fe83:4c9b/64 scope link
valid_lft forever preferred_lft forever
7: veth09f813e@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 32:04:e0:33:bd:b8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::3004:e0ff:fe33:bdb8/64 scope link
valid_lft forever preferred_lft forever
13: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 172.16.0.1 peer 172.16.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::d13:f0f1:c3d0:d3fc/64 scope link stable-privacy
valid_lft forever preferred_lft forever
951: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::dca1:48c1:da3d:d2a7/64 scope link stable-privacy
valid_lft forever preferred_lft forever