OpenVPN TLS 密钥协商失败

Question

OpenVPN TLS 密钥协商失败

Woo*_*aaa 1 vpn ssl iptables openvpn tls

我之前已经设置了我的 OpenVPN 服务器和客户端，上个月它运行良好。

但是现在我无法在没有任何配置更改的情况下连接到服务器。

这是 cilent 侧日志（Win7）：

Mon Feb 18 08:26:06 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 18 08:26:06 2013 Re-using SSL/TLS context
Mon Feb 18 08:26:06 2013 LZO compression initialized
Mon Feb 18 08:26:06 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 18 08:26:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 18 08:26:06 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 18 08:26:06 2013 Local Options hash (VER=V4): '41690919'
Mon Feb 18 08:26:06 2013 Expected Remote Options hash (VER=V4): '530fdded'
Mon Feb 18 08:26:06 2013 UDPv4 link local: [undef]
Mon Feb 18 08:26:06 2013 UDPv4 link remote: 106.187.96.123:1194
Mon Feb 18 08:27:06 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 18 08:27:06 2013 TLS Error: TLS handshake failed
Mon Feb 18 08:27:06 2013 TCP/UDP: Closing socket
Mon Feb 18 08:27:06 2013 SIGUSR1[soft,tls-error] received, process restarting
Mon Feb 18 08:27:06 2013 Restart pause, 2 second(s)
Mon Feb 18 08:27:08 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 18 08:27:08 2013 Re-using SSL/TLS context
Mon Feb 18 08:27:08 2013 LZO compression initialized
Mon Feb 18 08:27:08 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 18 08:27:08 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 18 08:27:08 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 18 08:27:08 2013 Local Options hash (VER=V4): '41690919'
Mon Feb 18 08:27:08 2013 Expected Remote Options hash (VER=V4): '530fdded'
Mon Feb 18 08:27:08 2013 UDPv4 link local: [undef]
Mon Feb 18 08:27:08 2013 UDPv4 link remote: 106.187.96.123:1194
Mon Feb 18 08:28:08 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 18 08:28:08 2013 TLS Error: TLS handshake failed
Mon Feb 18 08:28:08 2013 TCP/UDP: Closing socket
Mon Feb 18 08:28:08 2013 SIGUSR1[soft,tls-error] received, process restarting
Mon Feb 18 08:28:08 2013 Restart pause, 2 second(s)
Mon Feb 18 08:28:10 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 18 08:28:10 2013 Re-using SSL/TLS context
Mon Feb 18 08:28:10 2013 LZO compression initialized
Mon Feb 18 08:28:10 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 18 08:28:10 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 18 08:28:10 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 18 08:28:10 2013 Local Options hash (VER=V4): '41690919'
Mon Feb 18 08:28:10 2013 Expected Remote Options hash (VER=V4): '530fdded'
Mon Feb 18 08:28:10 2013 UDPv4 link local: [undef]
Mon Feb 18 08:28:10 2013 UDPv4 link remote: 106.187.96.123:1194

Run Code Online (Sandbox Code Playgroud)

这是服务器端：

Mon Feb 18 00:43:19 2013 114.249.236.187:26913 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Feb 18 00:43:21 2013 MULTI: multi_create_instance called
Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Re-using SSL/TLS context
Mon Feb 18 00:43:21 2013 114.249.236.187:26854 LZO compression initialized
Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Local Options hash (VER=V4): '530fdded'
Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Expected Remote Options hash (VER=V4): '41690919'
Mon Feb 18 00:43:21 2013 114.249.236.187:26854 TLS: Initial packet from 114.249.236.187:26854, sid=d04721a3 d361dccf
Mon Feb 18 00:44:21 2013 114.249.236.187:26854 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 18 00:44:21 2013 114.249.236.187:26854 TLS Error: TLS handshake failed
Mon Feb 18 00:44:21 2013 114.249.236.187:26854 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Feb 18 00:44:23 2013 MULTI: multi_create_instance called
Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Re-using SSL/TLS context
Mon Feb 18 00:44:23 2013 114.249.236.187:26855 LZO compression initialized
Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Local Options hash (VER=V4): '530fdded'
Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Expected Remote Options hash (VER=V4): '41690919'
Mon Feb 18 00:44:23 2013 114.249.236.187:26855 TLS: Initial packet from 114.249.236.187:26855, sid=d46a451d f7d88d11
Mon Feb 18 00:45:23 2013 114.249.236.187:26855 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 18 00:45:23 2013 114.249.236.187:26855 TLS Error: TLS handshake failed
Mon Feb 18 00:45:23 2013 114.249.236.187:26855 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Feb 18 00:45:25 2013 MULTI: multi_create_instance called
Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Re-using SSL/TLS context
Mon Feb 18 00:45:25 2013 114.249.236.187:26925 LZO compression initialized
Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Local Options hash (VER=V4): '530fdded'
Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Expected Remote Options hash (VER=V4): '41690919'
Mon Feb 18 00:45:25 2013 114.249.236.187:26925 TLS: Initial packet from 114.249.236.187:26925, sid=34f4dc94 f7092f67
Mon Feb 18 00:46:25 2013 114.249.236.187:26925 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 18 00:46:25 2013 114.249.236.187:26925 TLS Error: TLS handshake failed
Mon Feb 18 00:46:25 2013 114.249.236.187:26925 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Feb 18 00:46:27 2013 MULTI: multi_create_instance called
Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Re-using SSL/TLS context
Mon Feb 18 00:46:27 2013 114.249.236.187:26926 LZO compression initialized
Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Local Options hash (VER=V4): '530fdded'
Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Expected Remote Options hash (VER=V4): '41690919'
Mon Feb 18 00:46:27 2013 114.249.236.187:26926 TLS: Initial packet from 114.249.236.187:26926, sid=3dfa89e1 b1ff7f3a
^C
[root@li460-123 openvpn]#

Run Code Online (Sandbox Code Playgroud)

有人可以帮忙吗？

Answer 1

hru*_*ing 5

从您的日志来看，您似乎正在建立从中国 ( 114.249.236.187) 到日本 ( 106.187.96.123)的 OpenVPN 连接。自 11 月以来，中国一直在积极阻止 OpenVPN 连接，其中很多看起来都是基于协议嗅探。换句话说，他们看到带有 OpenVPN 签名的数据包通过防火墙，然后他们过滤或更改剩余的数据包以阻止连接。通常，此行为表现为 TLS 协商序列期间的超时。

简而言之，你没有破坏任何东西。中国做到了。

您可以尝试更改 OpenVPN 服务器以使用 TCP 而不是 UDP 进行通信，或者使用不同的端口。也就是说，我看到有报道称为逃避检测所做的任何更改都很快被取消了。

归档时间：	12 年，7 月前
查看次数：	3724 次
最近记录：	12 年，5 月前