OpenVPN 未监听任何端口

tag-icon tag-icon server 20.04 vpn openvpn
OpenVPN 未监听任何端口

亲爱的女士们先生们!我知道互联网上有很多与我类似的问题,但我找不到任何解决方案。也许有人可以帮我?

我有一台搭载 Ubuntu 20.04 的 VPS,并且在那里安装了一个 OpenVPN 服务器;它工作了几个月直到今天,所有客户端都意外地无法连接。我删除并重新安装/重新配置了 VPN,但它不起作用。它应该通过端口 1194 建立 TCP 连接(最初是 993,但现在我尝试了 1194,但都不起作用)。此外,openvpn 甚至在处于活动状态时不监听我的任何端口。

netstat -tulpn | grep LISTEN

tcp        0      0 0.0.0.0:19597           0.0.0.0:*               LISTEN      988/xe_d000_XE
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      193/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      326/sshd: /usr/sbin
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      12098/cupsd
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      453/postgres
tcp6       0      0 :::80                   :::*                    LISTEN      356/apache2
tcp6       0      0 :::1521                 :::*                    LISTEN      794/tnslsnr
tcp6       0      0 :::22                   :::*                    LISTEN      326/sshd: /usr/sbin
tcp6       0      0 :::5432                 :::*                    LISTEN      453/postgres

sudo systemctl status openvpn

● openvpn.service - OpenVPN service
     Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor prese>
     Active: active (exited) since Mon 2024-02-12 21:23:41 EET; 3h 18min ago
    Process: 306 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 306 (code=exited, status=0/SUCCESS)

Feb 12 21:23:41 vm-6959-vm454191 systemd[1]: Starting OpenVPN service...
Feb 12 21:23:41 vm-6959-vm454191 systemd[1]: Finished OpenVPN service.

这是我的 server.conf 文件:

key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
push "block-outside-dns"
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
"server.conf" 25L, 467C local ##MY IP
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt

有人能好心地帮助我了解如何解决这个问题吗?

更新:

我已经重新安装了 openvpn,但它没有监听任何端口。日志中有以下信息(此消息每 5 秒出现一次):

Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: [email protected]: Scheduled restart job, restart counter is at 315.
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Stopped OpenVPN service for server.
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Starting OpenVPN service for server...
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Aug 21 2023
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Feb 13 20:12:20 vm-6959-vm454191 systemd[1]: Started OpenVPN service for server.
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Diffie-Hellman initialized with 2048 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: CRL: loaded 1 CRLs from file crl.pem
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: TUN/TAP device tun0 opened
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Feb 13 20:12:20 vm-6959-vm454191 openvpn[5963]: /sbin/ip link set dev tun0 up mtu 1500
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: /sbin/ip -6 addr add fddd:1194:1194:1194::1/64 dev tun0
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5968]: RTNETLINK answers: Permission denied
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: Linux ip -6 addr add failed: external program exited with error status: 2
Feb 13 20:12:21 vm-6959-vm454191 openvpn[5963]: Exiting due to fatal error
Feb 13 20:12:21 vm-6959-vm454191 systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Feb 13 20:12:21 vm-6959-vm454191 systemd[1]: [email protected]: Failed with result 'exit-code'.

答案1

问题在于,你瞄准了错误的服务sudo systemctl status openvpn。你不想要openvpn.service一个使用 就立即退出的虚拟服务/bin/true,而是想要[email protected]

根据官方说明,您需要创建[email protected]模板的新实例。您命名了您的配置/etc/openvpn/server/server.conf,因此您需要创建的 systemd 实例名称是server

# Enable and start the service
sudo systemctl enable --now openvpn-server@server
# Check the status and for any errors
systemctl status openvpn-server@server
journalctl -u openvpn-server@server

如果你进一步得到/sbin/ip -6 addr [...] RTNETLINK answers: Permission denied,那么我们来修复 IPv6。

  1. 打开/etc/sysctl.conf并将以下内容添加到底部: 
    net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
  2. sudo sysctl -p

相关内容