亲爱的女士们先生们!我知道互联网上有很多与我类似的问题,但我找不到任何解决方案。也许有人可以帮我?
我有一台搭载 Ubuntu 20.04 的 VPS,并且在那里安装了一个 OpenVPN 服务器;它工作了几个月直到今天,所有客户端都意外地无法连接。我删除并重新安装/重新配置了 VPN,但它不起作用。它应该通过端口 1194 建立 TCP 连接(最初是 993,但现在我尝试了 1194,但都不起作用)。此外,openvpn 甚至在处于活动状态时不监听我的任何端口。
netstat -tulpn | grep LISTEN
tcp 0 0 0.0.0.0:19597 0.0.0.0:* LISTEN 988/xe_d000_XE
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 193/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 326/sshd: /usr/sbin
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 12098/cupsd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 453/postgres
tcp6 0 0 :::80 :::* LISTEN 356/apache2
tcp6 0 0 :::1521 :::* LISTEN 794/tnslsnr
tcp6 0 0 :::22 :::* LISTEN 326/sshd: /usr/sbin
tcp6 0 0 :::5432 :::* LISTEN 453/postgres
sudo systemctl status openvpn
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
Active: active (exited) since Mon 2024-02-12 21:23:41 EET; 3h 18min ago
Process: 306 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 306 (code=exited, status=0/SUCCESS)
Feb 12 21:23:41 vm-6959-vm454191 systemd[1]: Starting OpenVPN service...
Feb 12 21:23:41 vm-6959-vm454191 systemd[1]: Finished OpenVPN service.
这是我的 server.conf 文件:
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
push "block-outside-dns"
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
"server.conf" 25L, 467C local ##MY IP
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
有人能好心地帮助我了解如何解决这个问题吗?
更新:
我已经重新安装了 openvpn,但它没有监听任何端口。日志中有以下信息(此消息每 5 秒出现一次):
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: [email protected]: Scheduled restart job, restart counter is at 315.
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Stopped OpenVPN service for server.
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Starting OpenVPN service for server...
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Aug 21 2023
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Started OpenVPN service for server.
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Diffie-Hellman initialized with 2048 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: CRL: loaded 1 CRLs from file crl.pem
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: TUN/TAP device tun0 opened
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: /sbin/ip link set dev tun0 up mtu 1500
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: /sbin/ip -6 addr add fddd:1194:1194:1194::1/64 dev tun0
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5968]: RTNETLINK answers: Permission denied
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: Linux ip -6 addr add failed: external program exited with error status: 2
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: Exiting due to fatal error
Feb 13 20:12:21 vm-6959-vm454191 systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Feb 13 20:12:21 vm-6959-vm454191 systemd[1]: [email protected]: Failed with result 'exit-code'.
答案1
问题在于,你瞄准了错误的服务sudo systemctl status openvpn
。你不想要openvpn.service
一个使用 就立即退出的虚拟服务/bin/true
,而是想要[email protected]
。
根据官方说明,您需要创建[email protected]
模板的新实例。您命名了您的配置/etc/openvpn/server/server.conf
,因此您需要创建的 systemd 实例名称是server
:
# Enable and start the service
sudo systemctl enable --now openvpn-server@server
# Check the status and for any errors
systemctl status openvpn-server@server
journalctl -u openvpn-server@server
如果你进一步得到/sbin/ip -6 addr [...] RTNETLINK answers: Permission denied
,那么我们来修复 IPv6。
- 打开
/etc/sysctl.conf
并将以下内容添加到底部:net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0
sudo sysctl -p