我一直试图让 openvpn 客户端在 ubuntu 20.04 上运行,但失败了。这是我在 mac、windows 和我的 ubuntu 机器上使用的配置:
client
dev tap0
proto tcp
dev-node MY-VPN //only on windows
remote my.server.ip 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert cert.crt
key key.key
cipher AES-128-CBC
comp-lzo
verb 6
它不仅无法在 ubuntu 上连接。以下是来自 ubuntu 机器的开放 vpn 日志:
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2019
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
LZO compression initializing
Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1592,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
TCP/UDP: Preserving recently used remote address: [AF_INET]my.server.ip:12974
Socket Buffers: R=[131072->131072] S=[16384->16384]
Attempting to establish TCP connection with [AF_INET]my.server.ip:12974 [nonblock]
TCP connection established with [AF_INET]my.server.ip:12974
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]my.server.ip:12974
TLS: Initial packet from [AF_INET]my.server.ip:12974, sid=f683407c c4d6b642
VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, [email protected]
VERIFY OK: depth=0, C=TW, ST=TW, O=netgear, OU=netgear, CN=netgear, [email protected]
Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[netgear] Peer Connection Initiated with [AF_INET]my.server.ip:12974
Key [AF_INET]my.server.ip:12974 [0] not initialized (yet), dropping packet.
Key [AF_INET]my.server.ip:12974 [0] not initialized (yet), dropping packet.
SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-delay 5,redirect-gateway def1,route-gateway dhcp,ping 10,ping-restart 120'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:412 ET:32 EL:3 ]
Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=eno1 HWADDR=70:85:c2:ba:96:d8
OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
TUN/TAP device tap1 opened
TUN/TAP TX queue length set to 100
NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Initialization Sequence Completed
看起来 dhcp 服务器地址没有更新并且路由没有添加,但我现在真的不知道如何处理。
当通过 Tunnelblick 在 Mac 上使用相同配置进行连接时,它看起来就像在运行自己的启动脚本
*Tunnelblick: Start of output from client.up.tunnelblick.sh
*Tunnelblick: WARNING: Tap connection using DHCP but 'Set DNS after routes are set' is not set in Tunnelblick's Advanced settings window (script_type = 'up')
*Tunnelblick: Did 'ipconfig set "tap0" DHCP'
*Tunnelblick: Configuring tap DNS via DHCP asynchronously
*Tunnelblick: End of output from client.up.tunnelblick.sh
之后 dhcp 地址更新,路由添加,vpn 连接,我的 ip 地址发生变化,可以访问 vpn-lan 和互联网。
我尝试过使用 NetworkManager 并从 cli 运行 openvpn,但似乎没有太大变化。我应该如何配置我的操作系统/客户端脚本/执行其他操作才能从我的 Linux 机器进行连接?任何帮助都值得感激。
答案1
我遇到了类似的问题,我的.ovpn
配置在 Mac(tunnelblick)上可以工作,但在 Ubuntu/Manjaro 上却不行。我在网上找到的唯一答案就是这个问题,但没有人回答。尽管如此,我还是不断收到错误:
Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.6.0)
只需sudo
在命令开头添加openvpn {ovpn_file_name}.ovpn
即可解决我的问题!
(最终命令如下sudo openvpn {ovpn_file_name}.ovpn
)