我已经使用 OpenVPN 很多年了,没有遇到任何问题,但是上周来自外部无法连接且连接超时(计算机)或显示“对等证书验证失败”(Android)。
从里面(LAN),我可以毫无问题地连接。所以显然,这与路由器/互联网连接有关。我没有在路由器上更改任何东西。此外,我尝试重置所有内容(所有网络内容)。我假设我的互联网提供商会进行一些动态过滤,但在通过“您是否尝试过重置调制解调器”支持之前,我想确认/测试一下。我认为返回流量在某种程度上是经过过滤的。
简而言之,我的服务器(动词 7)说(三个点之后,所有内容都会重复):
us=16751 MULTI: REAP range 192 -> 208
us=16845 MULTI: multi_create_instance called
us=16892 CLIENT_IP_ADDR:35488 Re-using SSL/TLS context
us=17009 CLIENT_IP_ADDR:35488 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
us=17037 CLIENT_IP_ADDR:35488 Outgoing Control Channel Authentication: HMAC KEY: (masked) KEY1
us=17053 CLIENT_IP_ADDR:35488 Outgoing Control Channel Authentication: HMAC size=64 block_size=64
us=17071 CLIENT_IP_ADDR:35488 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
us=17095 CLIENT_IP_ADDR:35488 Incoming Control Channel Authentication: HMAC KEY: (masked KEY2)
us=17112 CLIENT_IP_ADDR:35488 Incoming Control Channel Authentication: HMAC size=64 block_size=64
us=17133 CLIENT_IP_ADDR:35488 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 72 bytes
us=17147 CLIENT_IP_ADDR:35488 LZO compression initializing
us=17172 CLIENT_IP_ADDR:35488 PID packet_id_init seq_backtrack=64 time_backtrack=15
us=17252 CLIENT_IP_ADDR:35488 PID packet_id_init seq_backtrack=64 time_backtrack=15
us=17297 CLIENT_IP_ADDR:35488 PID packet_id_init seq_backtrack=64 time_backtrack=15
us=17349 CLIENT_IP_ADDR:35488 PID packet_id_init seq_backtrack=64 time_backtrack=15
us=17366 CLIENT_IP_ADDR:35488 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
us=17382 CLIENT_IP_ADDR:35488 MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450
us=17396 CLIENT_IP_ADDR:35488 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
us=17440 CLIENT_IP_ADDR:35488 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
us=17459 CLIENT_IP_ADDR:35488 calc_options_string_link_mtu: link-mtu 1622 -> 1602
us=17499 CLIENT_IP_ADDR:35488 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
us=17549 CLIENT_IP_ADDR:35488 calc_options_string_link_mtu: link-mtu 1622 -> 1602
us=17572 CLIENT_IP_ADDR:35488 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
us=17598 CLIENT_IP_ADDR:35488 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
us=17622 CLIENT_IP_ADDR:35488 SENT PING
us=17656 CLIENT_IP_ADDR:35488 GET INST BY REAL: CLIENT_IP_ADDR:35488 [ok]
us=17679 CLIENT_IP_ADDR:35488 UDPv4 READ [86] from [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
us=17706 CLIENT_IP_ADDR:35488 TLS: Initial packet from [AF_INET]CLIENT_IP_ADDR:35488, sid=96e7f24e 02ad96b9
us=17739 CLIENT_IP_ADDR:35488 PID_TEST [0] [TLS_WRAP-0] [] 0:0 1713596625:1 t=1713596625[0] r=[0,64,15,0,1] sl=[0,0,64,528]
us=17792 CLIENT_IP_ADDR:35488 UDPv4 WRITE [98] to [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
us=22930 GET INST BY REAL: CLIENT_IP_ADDR:35488 [ok]
us=22976 CLIENT_IP_ADDR:35488 UDPv4 READ [94] from [AF_INET]CLIENT_IP_ADDR:35488: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
us=23002 CLIENT_IP_ADDR:35488 PID_TEST [0] [TLS_WRAP-0] [0] 1713596625:1 1713596625:2 t=1713596625[0] r=[0,64,15,0,1] sl=[63,1,64,528]
us=23048 GET INST BY REAL: CLIENT_IP_ADDR:35488 [ok]
us=23068 CLIENT_IP_ADDR:35488 UDPv4 READ [367] from [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=281
us=23096 CLIENT_IP_ADDR:35488 PID_TEST [0] [TLS_WRAP-0] [00] 1713596625:2 1713596625:3 t=1713596625[0] r=[0,64,15,0,1] sl=[62,2,64,528]
us=25659 CLIENT_IP_ADDR:35488 UDPv4 WRITE [1128] to [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1030
us=25752 CLIENT_IP_ADDR:35488 UDPv4 WRITE [1116] to [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=1030
us=25832 CLIENT_IP_ADDR:35488 UDPv4 WRITE [353] to [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=267
us=30696 GET INST BY REAL: CLIENT_IP_ADDR:35488 [ok]
us=30732 CLIENT_IP_ADDR:35488 UDPv4 READ [94] from [AF_INET]CLIENT_IP_ADDR:35488: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
us=30756 CLIENT_IP_ADDR:35488 PID_TEST [0] [TLS_WRAP-0] [000] 1713596625:3 1713596625:4 t=1713596625[0] r=[0,64,15,0,1] sl=[61,3,64,528]
us=18822 MULTI: REAP range 208 -> 224
us=19999 MULTI: REAP range 224 -> 240
us=20121 CLIENT_IP_ADDR:35488 UDPv4 WRITE [1116] to [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=2 DATA len=1030
us=20239 CLIENT_IP_ADDR:35488 UDPv4 WRITE [353] to [AF_INET]CLIENT_IP_ADDR:35488: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=3 DATA len=267
.....
.....
有什么想法吗?谢谢 :)
答案1
好吧,我是个白痴。服务器证书已过期,所以简单的更新就可以解决问题。
奇怪的是,服务器日志没有提及任何内容;只有客户端上的系统日志足够详细地指出 server.crt 已过期。
谢谢 :)