我正在尝试使用 openVPN 与远程服务器建立隧道,一开始一切都很顺利,但几天后,建立过程经常失败(现在失败率是 100%)。建立日志显示:
2023-03-13 11:02:12 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-03-13 11:02:12 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-03-13 11:02:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-03-13 11:02:13 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
2023-03-13 11:02:13 UDPv4 link local: (not bound)
2023-03-13 11:02:13 UDPv4 link remote: [AF_INET]*.*.*.*:1194
2023-03-13 11:03:13 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-03-13 11:03:13 TLS Error: TLS handshake failed
首先我的客户端在NAT后面。为了避免NAT的影响,我使用一台有公网IP的机器作为客户端,但问题仍然存在。
编辑:以下是客户端配置:
# This file is automatically generated, do NOT edit it manually
client
pull # accept configs pushed from server
explicit-exit-notify # notify server on exit
daemon mux01
nobind
proto udp4
remote *.*.*.* #server address
dev tap16
cipher AES-256-CBC
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
ca certs/ca.crt
cert certs/client.crt
key certs/client.key
setenv daemon_name mux01
script-security 2
up scripts/openvpn/up.sh
down scripts/openvpn/down.sh
management var/mux01.sock unix
log var/mux01.log
writepid var/mux01.pid
# security
remote-cert-tls server
tls-client
tls-exit # prevent zombie clients
我没有远程服务器的配置。该服务器已经提供 openVPN 访问很长时间了,所以我认为是我的配置错误导致了失败。
有人能给我一些建议吗?谢谢。