Openvpn 配置未连接到服务器
Openvpn configuration not connecting to server
我有一个在 linux 主机上创建到另一个 linux 主机的 openvpn 连接。我相信这里可能存在配置错误或误解。我生成了客户端密钥和服务器密钥,并且 CA 就位,但我似乎根本无法连接到服务器。服务器日志是这样的:
Mon Jun 29 15:38:28 2020 tls-crypt unwrap error: packet authentication failed
Mon Jun 29 15:38:28 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]70.15.128.216:55352
在客户端,这是我看到的:
Mon Jun 29 11:40:18 2020 TLS Error: TLS handshake failed
Mon Jun 29 11:40:18 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Jun 29 11:40:18 2020 Restart pause, 5 second(s)
Mon Jun 29 11:40:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
Mon Jun 29 11:40:23 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jun 29 11:40:23 2020 UDP link local: (not bound)
Mon Jun 29 11:40:23 2020 UDP link remote: [AF_INET]*.*.*.*:1194
Mon Jun 29 11:41:23 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jun 29 11:41:23 2020 TLS Error: TLS handshake failed
Mon Jun 29 11:41:23 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Jun 29 11:41:23 2020 Restart pause, 5 second(s)
Mon Jun 29 11:41:28 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
Mon Jun 29 11:41:28 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jun 29 11:41:28 2020 UDP link local: (not bound)
Mon Jun 29 11:41:28 2020 UDP link remote: [AF_INET]*.*.*.*:1194
这是我的客户端配置文件:
client
proto udp
remote *.*.*.* 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
dhcp-option DNS 8.8.8.8
verb 3
和我的服务器配置:
local *.*.*.*
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt ta.key 0
topology subnet
server 10.1.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route *.*.*.* 255.255.255.255" #api
push "route *.*.*.* 255.255.255.255" #rabbitMQ
push "route *.*.*.* 255.255.255.255" #ui
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
client-config-dir ccd
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
我只想确认服务器 运行 并且正在接受连接。我很确定我的连接请求格式不正确。问题是,什么是畸形?仅供参考,到目前为止,我已经使用本教程来帮助我:Install OpenVPN on Debian 10
我还确保 client.key 文件的权限为 400。
需要更新客户端和服务器以独占使用 tls-crypt
或 tls-auth
,并且在两个地方都使用。
我有一个在 linux 主机上创建到另一个 linux 主机的 openvpn 连接。我相信这里可能存在配置错误或误解。我生成了客户端密钥和服务器密钥,并且 CA 就位,但我似乎根本无法连接到服务器。服务器日志是这样的:
Mon Jun 29 15:38:28 2020 tls-crypt unwrap error: packet authentication failed
Mon Jun 29 15:38:28 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]70.15.128.216:55352
在客户端,这是我看到的:
Mon Jun 29 11:40:18 2020 TLS Error: TLS handshake failed
Mon Jun 29 11:40:18 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Jun 29 11:40:18 2020 Restart pause, 5 second(s)
Mon Jun 29 11:40:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
Mon Jun 29 11:40:23 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jun 29 11:40:23 2020 UDP link local: (not bound)
Mon Jun 29 11:40:23 2020 UDP link remote: [AF_INET]*.*.*.*:1194
Mon Jun 29 11:41:23 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jun 29 11:41:23 2020 TLS Error: TLS handshake failed
Mon Jun 29 11:41:23 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Jun 29 11:41:23 2020 Restart pause, 5 second(s)
Mon Jun 29 11:41:28 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
Mon Jun 29 11:41:28 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jun 29 11:41:28 2020 UDP link local: (not bound)
Mon Jun 29 11:41:28 2020 UDP link remote: [AF_INET]*.*.*.*:1194
这是我的客户端配置文件:
client
proto udp
remote *.*.*.* 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
dhcp-option DNS 8.8.8.8
verb 3
和我的服务器配置:
local *.*.*.*
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt ta.key 0
topology subnet
server 10.1.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route *.*.*.* 255.255.255.255" #api
push "route *.*.*.* 255.255.255.255" #rabbitMQ
push "route *.*.*.* 255.255.255.255" #ui
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
client-config-dir ccd
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
我只想确认服务器 运行 并且正在接受连接。我很确定我的连接请求格式不正确。问题是,什么是畸形?仅供参考,到目前为止,我已经使用本教程来帮助我:Install OpenVPN on Debian 10
我还确保 client.key 文件的权限为 400。
需要更新客户端和服务器以独占使用 tls-crypt
或 tls-auth
,并且在两个地方都使用。