OpenVPN 在 Windows 上工作,在 Linux VPS 上失败

【问题标题】:OpenVPN works on Windows, fails on Linux VPSOpenVPN 在 Windows 上工作,在 Linux VPS 上失败
【发布时间】:2020-01-30 23:59:47
【问题描述】:

我需要配置一个在 Windows 上成功运行的 OpenVPN 连接,但在 DigitalOcean 上的 Linux Ubuntu 16.04 上尝试后,它失败并显示以下输出:

Tue Oct  1 13:33:13 2019 us=273565 Current Parameter Settings:
Tue Oct  1 13:33:13 2019 us=273892   config = 'VPN.ovpn'
Tue Oct  1 13:33:13 2019 us=274158   mode = 0
Tue Oct  1 13:33:13 2019 us=274423   persist_config = DISABLED
Tue Oct  1 13:33:13 2019 us=274670   persist_mode = 1
Tue Oct  1 13:33:13 2019 us=274847   show_ciphers = DISABLED
Tue Oct  1 13:33:13 2019 us=275017   show_digests = DISABLED
Tue Oct  1 13:33:13 2019 us=275178   show_engines = DISABLED
Tue Oct  1 13:33:13 2019 us=275352   genkey = DISABLED
Tue Oct  1 13:33:13 2019 us=275513   key_pass_file = '/etc/openvpn/psk.pass'
Tue Oct  1 13:33:13 2019 us=275688 NOTE: --mute triggered...
Tue Oct  1 13:33:13 2019 us=275855 267 variation(s) on previous 10 message(s) suppressed by --mute
Tue Oct  1 13:33:13 2019 us=276058 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan  9 2019
Tue Oct  1 13:33:13 2019 us=276260 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Tue Oct  1 13:33:13 2019 us=276483 WARNING: file '/etc/openvpn/auth.txt' is group or others accessible
Tue Oct  1 13:33:13 2019 us=280348 WARNING: file '/etc/openvpn/cert_export_Cliente.key' is group or others accessible
Tue Oct  1 13:33:13 2019 us=280690 Control Channel MTU parms [ L:1559 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Tue Oct  1 13:33:13 2019 us=280905 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Oct  1 13:33:13 2019 us=281991 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:12 ET:0 EL:3 ]
Tue Oct  1 13:33:13 2019 us=282182 Local Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Tue Oct  1 13:33:13 2019 us=282375 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Tue Oct  1 13:33:13 2019 us=282573 Local Options hash (VER=V4): 'dfa3fe29'
Tue Oct  1 13:33:13 2019 us=282748 Expected Remote Options hash (VER=V4): '3e5d5b9b'
Tue Oct  1 13:33:13 2019 us=282929 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:yyyy [nonblock]
Tue Oct  1 13:33:14 2019 us=283319 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:yyyy
Tue Oct  1 13:33:14 2019 us=283727 TCPv4_CLIENT link local: [undef]
Tue Oct  1 13:33:14 2019 us=283966 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Tue Oct  1 13:33:14 2019 us=284370 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:yyyy, sid=0b902ea0 7f60a7fd
Tue Oct  1 13:33:15 2019 us=680440 VERIFY OK: depth=1, CN=XXXXXX
Tue Oct  1 13:33:15 2019 us=681045 Validating certificate key usage
Tue Oct  1 13:33:15 2019 us=681337 ++ Certificate has key usage  00b6, expects 00a0
Tue Oct  1 13:33:15 2019 us=681559 ++ Certificate has key usage  00b6, expects 0088
Tue Oct  1 13:33:15 2019 us=681796 VERIFY KU ERROR
Tue Oct  1 13:33:15 2019 us=682061 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Tue Oct  1 13:33:15 2019 us=682256 TLS Error: TLS object -> incoming plaintext read error
Tue Oct  1 13:33:15 2019 us=682469 TLS Error: TLS handshake failed
Tue Oct  1 13:33:15 2019 us=682702 Fatal TLS error (check_tls_errors_co), restarting
Tue Oct  1 13:33:15 2019 us=682894 TCP/UDP: Closing socket
Tue Oct  1 13:33:15 2019 us=683149 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct  1 13:33:15 2019 us=683327 Restart pause, 5 second(s)
^CTue Oct  1 13:33:17 2019 us=514911 SIGINT[hard,init_instance] received, process exiting

VPN 提供商说 VPN 是为 Windows 而不是为 Linux 配置的,但我并不认为这是正确的。有没有办法连接到 VPN?

这是我的 .ovpn 文件:

client
dev tun
proto tcp-client
remote vpn.xxxxxxxx.com.yyy
port YYYY
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
askpass /etc/openvpn/psk.pass
ca /etc/openvpn/cert_export_SERVER.crt
cert /etc/openvpn/cert_export_CLIENT.crt
key /etc/openvpn/cert_export_CLIENTE.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass /etc/openvpn/auth.txt
auth-nocache
route 10.0.0.0 255.0.0.0 192.168.15.254

【问题讨论】:

    标签: openvpn


    【解决方案1】:

    在 Debian/Ubuntu 上将 OpenVPN 版本 2.3 升级到 2.4 您可以按照我在 ubuntu 16 中尝试的这些步骤来解决这个问题。您可以尝试使用 ubuntu 18 或更高版本。

    步骤 1. 使用 sudo 用户打开终端

    步骤 2. 使用以下命令检查当前版本: # openvpn --version

    步骤 3. 导入用于对包进行签名的公共 GPG 密钥: # wget -O - https://swupdate.openvpn.net/repos/repo-public.gpg|apt-key 添加 -

    步骤 4. 创建一个新的源列表以查找更新的 OpenVPN 包:

    echo "deb http://build.openvpn.net/debian/openvpn/ main" > /etc/apt/sources.list.d/openvpn-aptrepo.list

    例如:# echo "deb http://build.openvpn.net/debian/openvpn/stable jessie main" > /etc/apt/sources.list.d/openvpn-aptrepo.list

    第 5 步。运行更新。

    apt-get 更新

    步骤 6. 升级 OpenVPN 包:

    apt-get --only-upgrade install openvpn

    步骤 7. 检查版本 #openvpn --v

    【讨论】:

    • 安装完成后尝试使用你自己的vpn文件连接到vpn服务器#sudo openvpn --config /home/user/example.ovpn
    【解决方案2】:

    已升级到 Ubuntu 18.04,现在可以连接。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-10-11
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2015-03-13
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode