从 Azure 云服务客户端连接到 OpenVPN 服务器
Connect to an OpenVPN server from an Azure Cloud Service client
我办公室有几台机器可以连接到使用 OpenVPN (UDP) 的服务器,因为其 .ovpn文件。我还可以从位于另一个网络中的个人计算机连接到同一台服务器。我还能够从一个干净的 Azure VM 运行 Windows Server 2012 连接到该服务器,我刚刚创建它来测试它。但是我无法从托管 Azure 云服务的计算机连接到同一台服务器(相同的 .ovpn 文件)。
Azure 云服务是使用默认网络配置创建的,端口 443(TCP) 和 1194(UDP) 上的 InputEndpoints,我添加了防火墙例外,允许与 UDP 和 TCP 端口的任何连接。
然而,当我尝试从 Azure VM 连接到 OpenVPN 服务器时,我收到消息:
TLS Error: TLS key negotiation failed to occur within 60 seconds
(check your network connectivity)
除了防火墙例外,是否有任何我应该添加到云服务的配置,以便它使我能够连接到使用 UDP 的 OpenVPN 服务器?
以下是完整日志:
PS C:\config\config> openvpn .\client.ovpn
Fri Jul 22 15:32:55 2016 Option 'nobind' in .\client.ovpn:46 is ignored by previous <connection> blocks
Fri Jul 22 15:32:55 2016 us=764333 Current Parameter Settings:
Fri Jul 22 15:32:55 2016 us=764333 config = '.\client.ovpn'
Fri Jul 22 15:32:55 2016 us=764333 mode = 0
Fri Jul 22 15:32:55 2016 us=764333 show_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 show_digests = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 show_engines = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 genkey = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 key_pass_file = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 show_tls_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 Connection profiles [default]:
Fri Jul 22 15:32:55 2016 us=764333 proto = udp
Fri Jul 22 15:32:55 2016 us=764333 local = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 local_port = 1194
Fri Jul 22 15:32:55 2016 us=764333 remote = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 remote_port = 1194
Fri Jul 22 15:32:55 2016 us=764333 remote_float = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 bind_defined = DISABLED
Fri Jul 22 15:32:55 2016 us=795589 bind_local = DISABLED
Fri Jul 22 15:32:55 2016 us=795589 connect_retry_seconds = 5
Fri Jul 22 15:32:55 2016 us=795589 connect_timeout = 10
Fri Jul 22 15:32:55 2016 us=795589 NOTE: --mute triggered...
Fri Jul 22 15:32:55 2016 us=795589 618 variation(s) on previous 20 message(s) suppressed by --mute
Fri Jul 22 15:32:55 2016 us=795589 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan
4 2016
Fri Jul 22 15:32:55 2016 us=795589 Windows version 6.2 (Windows 8 or greater)
Fri Jul 22 15:32:55 2016 us=795589 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Fri Jul 22 15:32:55 2016 us=983250 Control Channel Authentication: using 'engSimaTef.key' as a OpenVPN static key file
Fri Jul 22 15:32:56 2016 us=3179 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=3179 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=14347 LZO compression initialized
Fri Jul 22 15:32:56 2016 us=14347 Control Channel MTU parms [ L:1602 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Jul 22 15:32:56 2016 us=14347 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jul 22 15:32:56 2016 us=168985 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:143 ET:0 EL:3 AF:3/1 ]
Fri Jul 22 15:32:56 2016 us=168985 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lz
o,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDP
v4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Jul 22 15:32:56 2016 us=168985 Local Options hash (VER=V4): 'a5d50645'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options hash (VER=V4): '14d315e7'
Fri Jul 22 15:32:56 2016 us=168985 UDPv4 link local: [undef]
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 link remote: [AF_INET][[SOME_HIDDEN_IP]]:10055
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Fri Jul 22 15:32:58 2016 us=558842 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:02 2016 us=785774 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:11 2016 us=85405 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 kid
=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:27 2016 us=873602 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network
connectivity)
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS handshake failed
Fri Jul 22 15:33:57 2016 us=129612 TCP/UDP: Closing socket
Fri Jul 22 15:33:57 2016 us=129612 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 22 15:33:57 2016 us=129612 Restart pause, 2 second(s)
Fri Jul 22 15:33:59 2016 us=148186 Re-using SSL/TLS context
Fri Jul 22 15:33:59 2016 us=148186 LZO compression initialized
...
错误表明 OpenVPN 试图连接到主机
WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki d=0 pid=[ #1 ] [ ] pid=0 DATA len=0
但没有收到任何答复:
UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
客户端尝试连接5次后停止尝试连接:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
进程停止在第一个 activity 等待回复:
(来源:staticworld.net)
在这些情况下,可能存在连接问题。过去,一旦问题未启用所需的端口,我就会遇到同样的问题。 (查看传出和传入防火墙规则。)另一个问题可能是服务器未 运行 或无法访问。
TLDR: 检查 (VPN) 服务可用性和防火墙规则。在极端情况下,ISP 可能会出现路由问题(发生在我的一个朋友身上),在这种情况下,您应该将问题报告给他们,他们会解决它。
我办公室有几台机器可以连接到使用 OpenVPN (UDP) 的服务器,因为其 .ovpn文件。我还可以从位于另一个网络中的个人计算机连接到同一台服务器。我还能够从一个干净的 Azure VM 运行 Windows Server 2012 连接到该服务器,我刚刚创建它来测试它。但是我无法从托管 Azure 云服务的计算机连接到同一台服务器(相同的 .ovpn 文件)。
Azure 云服务是使用默认网络配置创建的,端口 443(TCP) 和 1194(UDP) 上的 InputEndpoints,我添加了防火墙例外,允许与 UDP 和 TCP 端口的任何连接。
然而,当我尝试从 Azure VM 连接到 OpenVPN 服务器时,我收到消息:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
除了防火墙例外,是否有任何我应该添加到云服务的配置,以便它使我能够连接到使用 UDP 的 OpenVPN 服务器?
以下是完整日志:
PS C:\config\config> openvpn .\client.ovpn
Fri Jul 22 15:32:55 2016 Option 'nobind' in .\client.ovpn:46 is ignored by previous <connection> blocks
Fri Jul 22 15:32:55 2016 us=764333 Current Parameter Settings:
Fri Jul 22 15:32:55 2016 us=764333 config = '.\client.ovpn'
Fri Jul 22 15:32:55 2016 us=764333 mode = 0
Fri Jul 22 15:32:55 2016 us=764333 show_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 show_digests = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 show_engines = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 genkey = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 key_pass_file = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 show_tls_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 Connection profiles [default]:
Fri Jul 22 15:32:55 2016 us=764333 proto = udp
Fri Jul 22 15:32:55 2016 us=764333 local = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 local_port = 1194
Fri Jul 22 15:32:55 2016 us=764333 remote = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 remote_port = 1194
Fri Jul 22 15:32:55 2016 us=764333 remote_float = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 bind_defined = DISABLED
Fri Jul 22 15:32:55 2016 us=795589 bind_local = DISABLED
Fri Jul 22 15:32:55 2016 us=795589 connect_retry_seconds = 5
Fri Jul 22 15:32:55 2016 us=795589 connect_timeout = 10
Fri Jul 22 15:32:55 2016 us=795589 NOTE: --mute triggered...
Fri Jul 22 15:32:55 2016 us=795589 618 variation(s) on previous 20 message(s) suppressed by --mute
Fri Jul 22 15:32:55 2016 us=795589 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan
4 2016
Fri Jul 22 15:32:55 2016 us=795589 Windows version 6.2 (Windows 8 or greater)
Fri Jul 22 15:32:55 2016 us=795589 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Fri Jul 22 15:32:55 2016 us=983250 Control Channel Authentication: using 'engSimaTef.key' as a OpenVPN static key file
Fri Jul 22 15:32:56 2016 us=3179 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=3179 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=14347 LZO compression initialized
Fri Jul 22 15:32:56 2016 us=14347 Control Channel MTU parms [ L:1602 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Jul 22 15:32:56 2016 us=14347 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jul 22 15:32:56 2016 us=168985 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:143 ET:0 EL:3 AF:3/1 ]
Fri Jul 22 15:32:56 2016 us=168985 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lz
o,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDP
v4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Jul 22 15:32:56 2016 us=168985 Local Options hash (VER=V4): 'a5d50645'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options hash (VER=V4): '14d315e7'
Fri Jul 22 15:32:56 2016 us=168985 UDPv4 link local: [undef]
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 link remote: [AF_INET][[SOME_HIDDEN_IP]]:10055
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Fri Jul 22 15:32:58 2016 us=558842 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:02 2016 us=785774 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:11 2016 us=85405 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 kid
=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:27 2016 us=873602 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network
connectivity)
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS handshake failed
Fri Jul 22 15:33:57 2016 us=129612 TCP/UDP: Closing socket
Fri Jul 22 15:33:57 2016 us=129612 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 22 15:33:57 2016 us=129612 Restart pause, 2 second(s)
Fri Jul 22 15:33:59 2016 us=148186 Re-using SSL/TLS context
Fri Jul 22 15:33:59 2016 us=148186 LZO compression initialized
...
错误表明 OpenVPN 试图连接到主机
WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki d=0 pid=[ #1 ] [ ] pid=0 DATA len=0
但没有收到任何答复:
UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
客户端尝试连接5次后停止尝试连接:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
进程停止在第一个 activity 等待回复:
(来源:staticworld.net)
在这些情况下,可能存在连接问题。过去,一旦问题未启用所需的端口,我就会遇到同样的问题。 (查看传出和传入防火墙规则。)另一个问题可能是服务器未 运行 或无法访问。
TLDR: 检查 (VPN) 服务可用性和防火墙规则。在极端情况下,ISP 可能会出现路由问题(发生在我的一个朋友身上),在这种情况下,您应该将问题报告给他们,他们会解决它。