无法在 ubuntu 上连接到 openvpn,但 Windows 和 Mac 上的配置完全相同

无法在 ubuntu 上连接到 openvpn,但 Windows 和 Mac 上的配置完全相同

我一直试图让 openvpn 客户端在 ubuntu 20.04 上运行,但失败了。这是我在 mac、windows 和我的 ubuntu 机器上使用的配置:

client
dev tap0
proto tcp
dev-node MY-VPN //only on windows
remote my.server.ip 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert cert.crt
key key.key
cipher AES-128-CBC
comp-lzo
verb 6 

它不仅无法在 ubuntu 上连接。以下是来自 ubuntu 机器的开放 vpn 日志:

 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019
 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
 LZO compression initializing
 Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
 TCP/UDP: Preserving recently used remote address: [AF_INET]my.server.ip:12974
 Socket Buffers: R=[131072->131072] S=[16384->16384]
 Attempting to establish TCP connection with [AF_INET]my.server.ip:12974 [nonblock]
 TCP connection established with [AF_INET]my.server.ip:12974
 TCP_CLIENT link local: (not bound)
 TCP_CLIENT link remote: [AF_INET]my.server.ip:12974
 TLS: Initial packet from [AF_INET]my.server.ip:12974, sid=f683407c c4d6b642
 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, [email protected]
 VERIFY OK: depth=0, C=TW, ST=TW, O=netgear, OU=netgear, CN=netgear, [email protected]
Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[netgear] Peer Connection Initiated with [AF_INET]my.server.ip:12974
 Key [AF_INET]my.server.ip:12974 [0] not initialized (yet), dropping packet.
 Key [AF_INET]my.server.ip:12974 [0] not initialized (yet), dropping packet.
 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-delay 5,redirect-gateway def1,route-gateway dhcp,ping 10,ping-restart 120'
 OPTIONS IMPORT: timers and/or timeouts modified
 OPTIONS IMPORT: route options modified
 OPTIONS IMPORT: route-related options modified
 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:412 ET:32 EL:3 ]
 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=eno1 HWADDR=70:85:c2:ba:96:d8
 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
 TUN/TAP device tap1 opened
 TUN/TAP TX queue length set to 100
NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Initialization Sequence Completed

看起来 dhcp 服务器地址没有更新并且路由没有添加,但我现在真的不知道如何处理。

当通过 Tunnelblick 在 Mac 上使用相同配置进行连接时,它看起来就像在运行自己的启动脚本

*Tunnelblick: Start of output from client.up.tunnelblick.sh
*Tunnelblick: WARNING: Tap connection using DHCP but 'Set DNS after routes are set' is not set in Tunnelblick's Advanced settings window (script_type = 'up')
*Tunnelblick: Did 'ipconfig set "tap0" DHCP'
*Tunnelblick: Configuring tap DNS via DHCP asynchronously
*Tunnelblick: End of output from client.up.tunnelblick.sh

之后 dhcp 地址更新,路由添加,vpn 连接,我的 ip 地址发生变化,可以访问 vpn-lan 和互联网。

我尝试过使用 NetworkManager 并从 cli 运行 openvpn,但似乎没有太大变化。我应该如何配置我的操作系统/客户端脚本/执行其他操作才能从我的 Linux 机器进行连接?任何帮助都值得感激。

答案1

我遇到了类似的问题,我的.ovpn配置在 Mac(tunnelblick)上可以工作,但在 Ubuntu/Manjaro 上却不行。我在网上找到的唯一答案就是这个问题,但没有人回答。尽管如此,我还是不断收到错误:

Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.6.0)

只需sudo在命令开头添加openvpn {ovpn_file_name}.ovpn即可解决我的问题!

(最终命令如下sudo openvpn {ovpn_file_name}.ovpn

相关内容