我使用的参考资料:https://www.cyberciti.biz/faq/centos-7-0-set-up-openvpn-server-in-5-minutes/
我在 CentOS7 上配置了 OPENVPN 服务器。它似乎
[root@linux ~]# nmap -sU linux.domain.com -p 1194
Starting Nmap 6.40 ( http://nmap.org ) at 2023-05-16 18:34 CEST
Nmap scan report for linux.domain.com (163.179.xxx.xxx)
Host is up.
PORT STATE SERVICE
1194/udp open|filtered openvpn
Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds
[root@linux ~]#
当我检查如下时,它的活动状态为[email protected]:
[root@linux ~]# systemctl status [email protected]
â [email protected] - OpenVPN service for server
Loaded: loaded (/etc/systemd/system/[email protected]; enabled; vendor preset: disabled)
Active: active (running) since Tue 2023-05-16 17:42:29 CEST; 45min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 18917 (openvpn)
Status: "Initialization Sequence Completed"
CGroup: /system.slice/system-openvpn\x2dserver.slice/[email protected]
ââ18917 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf
[root@linux ~]# sudo systemctl status [email protected]
â [email protected] - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2023-05-16 18:22:50 CEST; 3min 23s ago
Process: 22518 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
Main PID: 22518 (code=exited, status=1/FAILURE)
Status: "Pre-connection initialization successful"
我正在检查该过程并且它显示:
[root@linux ~]# netstat -tulp | grep openvpn
udp 0 0 0.0.0.0:openvpn 0.0.0.0:* 18917/openvpn
我正在检查它的端口https://ping.eu/port-chk/说:Closed而我在我的 iptables 中添加了它:
iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
这是我的 server.conf 文件:
port 1194
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.xxx.xxx.xxx"
push "dhcp-option DNS 94.xxx.xxx.xxx"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt /etc/openvpn/tls-crypt.key
crl-verify /etc/openvpn/crl.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server_szio3MfsApd8cnHE.crt
key /etc/openvpn/server_szio3MfsApd8cnHE.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
请告知为什么它不起作用
此致
答案1
有很多因素可能会影响这一点,服务器配置只是其中的一部分。例如,用于检查端口的网站(https://ping.eu/port-chk/) 用于 TCP,而 OpenVPN 通过 UDP 进行监听。请尝试nmap从远程计算机使用,以便专门针对 UDP 进行测试。
还应考虑其他因素,例如外部防火墙。
您正在使用第三方脚本来设置 OpenVPN。systemctl status根据脚本,第一个脚本看起来是正确的。如果其他测试失败并指向配置错误,我建议直接在脚本存储库中询问更具体的详细信息(https://github.com/Angristan/openvpn-install)。