Arn*_*non 6 vpn openvpn ubuntu-16.04
我正在尝试连接到 VPN 服务器。
我从我的系统管理员那里得到了 client.ovpn。
运行时:几秒钟后sudo openvpn --config client.ovpn我就开始了Initialization Sequence Completed,但我的连接无法正常工作。试图 -ping google.com没有反应。
在安装了 Tunnelblick 和相同 client.ovpn 文件的 macOSX 机器上,一切正常。
我错过了什么吗?
添加日志sudo openvpn --config client.ovpn:
OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Enter Auth Username: *****
Enter Auth Password: ********************
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[212992->200000] S=[212992->200000]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]52.204.89.71:1194
Server poll timeout, restarting
SIGUSR1[soft,server_poll] received, process restarting
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[212992->200000] S=[212992->200000]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]52.204.89.71:1194
Server poll timeout, restarting
SIGUSR1[soft,server_poll] received, process restarting
Control Channel Authentication: tls-auth using INLINE static key file
Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Socket Buffers: R=[87380->200000] S=[16384->200000]
Attempting to establish TCP connection with [AF_INET]52.204.89.71:443 [nonblock]
TCP connection established with [AF_INET]52.204.89.71:443
TCPv4_CLIENT link local: [undef]
TCPv4_CLIENT link remote: [AF_INET]52.204.89.71:443
TLS: Initial packet from [AF_INET]52.204.89.71:443, sid=06674f4e bf6e2a84
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
VERIFY OK: depth=1, CN=OpenVPN CA
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, CN=OpenVPN Server
Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA
[OpenVPN Server] Peer Connection Initiated with [AF_INET]52.204.89.71:443
SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,socket-flags TCP_NODELAY,auth-token SESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.224.1,dhcp-option DNS 10.0.0.2,register-dns,block-ipv6,ifconfig 172.27.227.61 255.255.248.0'
Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: register-dns (2.3.10)
Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:19: block-ipv6 (2.3.10)
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
OPTIONS IMPORT: LZO parms modified
OPTIONS IMPORT: --socket-flags option modified
Socket flags: TCP_NODELAY=1 succeeded
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
ROUTE_GATEWAY 192.168.1.99/255.255.255.0 IFACE=wlp4s0 HWADDR=60:f6:77:31:df:9e
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 172.27.227.61/21 broadcast 172.27.231.255
ROUTE remote_host is NOT LOCAL
/sbin/ip route add 52.204.89.71/32 via 192.168.1.99
/sbin/ip route add 0.0.0.0/1 via 172.27.224.1
/sbin/ip route add 128.0.0.0/1 via 172.27.224.1
Initialization Sequence Completed
编辑:
我的client.ovpn看起来像这样:
我删除\更改女贞细节
# Automatically generated OpenVPN client config file
# Generated on Mon Jan 22 15:15:18 2018 by openvpnas2
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=My_Name
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=MyName@vpn.server.com
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=vpn.server.com:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 443 tcp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
remote vpn.server.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----
Ubuntu 提供了一个脚本来更新它的 resolv.conf: /etc/openvpn/update-resolv-conf
您可以通过向其附加以下行将其添加到您的 client.ovpn 中:
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
启动 vpn 服务时,它将评估服务器发送的外部选项。这些应该包含有关您刚刚连接到的远程网络的 dns 服务器的信息。
要允许这些脚本运行,您需要更改配置并添加
script-security 2
同样,或者您可以将此参数添加到您的命令行中,如下所示:
sudo openvpn --config client.ovpn --script-security 2
| 归档时间: |
|
| 查看次数: |
4155 次 |
| 最近记录: |