OpenVPN“TLS 错误:TLS 密钥协商失败”;可能存在恶意访问

tag-icon tag-icon openvpn network-security
OpenVPN“TLS 错误:TLS 密钥协商失败”;可能存在恶意访问

我有一个装有 OpenVPN 2.5.5 的 Ubuntu 服务器。以下是服务器配置

port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/issued/server.crt
key /etc/openvpn/server/private/server.key  
dh /etc/openvpn/server/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
keepalive 10 120
cipher AES-256-GCM
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
crl-verify /etc/openvpn/server/crl.pem
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so openvpn

服务器使用 iptables 来管理输入/输出流量。我将其配置为允许 VPN 连接,并且我可以从我的 Windows PC 远程连接到服务器。我使用证书(无用户名/密码)+双因素身份验证。

我遇到了一个小问题(一段时间后断开连接)。我监控了 OpenVPN 服务器日志以了解原因,并注意到即使没有人连接,也会有此定期消息:

2024-03-13 08:51:03 us=28396 MULTI: multi_create_instance called
2024-03-13 08:51:03 us=28589 108.181.213.21:10206 Re-using SSL/TLS context
2024-03-13 08:51:03 us=28829 108.181.213.21:10206 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2024-03-13 08:51:03 us=28881 108.181.213.21:10206 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2024-03-13 08:51:03 us=28985 108.181.213.21:10206 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
2024-03-13 08:51:03 us=29023 108.181.213.21:10206 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
2024-03-13 08:51:03 us=29103 108.181.213.21:10206 TLS: Initial packet from [AF_INET]108.181.213.21:10206, sid=6a22eb44 5adb63fe
2024-03-13 08:52:03 us=515281 108.181.213.21:10206 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-03-13 08:52:03 us=515447 108.181.213.21:10206 TLS Error: TLS handshake failed
2024-03-13 08:52:03 us=515651 108.181.213.21:10206 SIGUSR1[soft,tls-error] received, client-instance restarting
2024-03-13 08:52:03 us=649600 MULTI: multi_create_instance called
2024-03-13 08:52:03 us=649845 108.181.213.21:10206 Re-using SSL/TLS context
2024-03-13 08:52:03 us=650065 108.181.213.21:10206 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2024-03-13 08:52:03 us=650131 108.181.213.21:10206 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2024-03-13 08:52:03 us=650270 108.181.213.21:10206 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
2024-03-13 08:52:03 us=650323 108.181.213.21:10206 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
2024-03-13 08:52:03 us=650422 108.181.213.21:10206 TLS: Initial packet from [AF_INET]108.181.213.21:10206, sid=6a22eb44 5adb63fe

发生了什么事?看起来 IP 108.181.213.21 正在尝试连接到我的 VPN。是这样吗?最近几天给我发送相同周期性消息的另一个 IP 是 23.27.211.242。这两个 IP 似乎都与某些游戏有关。有人试图访问我的服务器吗?

如果是这样,有什么好的解决方案(如果需要)可以更好地“隐藏”我的服务器?首先想到的是更改标准端口。

...或者也许我完全误解了日志。

相关内容