Configuration
OpenVPN 伺服器在“初始化序列完成”處掛起
我一直在嘗試在 FreeNAS 上設置 OpenVPN 伺服器(我知道,這不是最直接的選擇)並且遇到了一個令人費解的錯誤。每當我嘗試啟動它時,似乎伺服器在“初始化序列完成”消息之後掛起。它會到達那個點,然後就坐在那裡,直到我不得不用 ctrl+c 中斷執行。
我的 openvpn.conf 文件如下:
# # Sample OpenVPN configuration file for # office using SSL/TLS mode and RSA certificates/keys. # # '#' or ';' may be used to delimit comments. # Use a dynamic tun device. # For Linux 2.2 or non-Linux OSes, # you may want to use an explicit # unit number such as "tun1". # OpenVPN also supports virtual # ethernet "tap" devices. dev tap ;dev tun # 192.168.1.102 id this server's actual IP address. local 192.168.1.102 # 10.8.0.1 is this server's virtual IP address. ; ifconfig 192.168.1.102 255.255.255.0 server 10.8.0.0 255.255.255.0 # In SSL/TLS key exchange, this machine will # assume server role and others # will assume client role. tls-server # Diffie-Hellman Parameters (tls-server only) dh /mnt/ZFS1/bin/openvpn/keys/dh1024.pem # Certificate Authority file ca /mnt/ZFS1/bin/openvpn/keys/ca.crt # Server certificate/public key cert /mnt/ZFS1/bin/openvpn/keys/server.crt # Server private key key /mnt/ZFS1/bin/openvpn/keys/server.key # TCP or UDP server? ;proto tcp proto udp # OpenVPN 2.0 uses UDP port 1194 by default # (official port assignment by iana.org 11/04). # OpenVPN 1.x uses UDP port 5000 by default. # Each OpenVPN tunnel must use # a different port number. # lport or rport can be used # to denote different ports # for local and remote. port 1194 # Downgrade UID and GID to # "nobody" after initialization # for extra security. user nobody group nobody # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. ifconfig-pool-persist ipp.txt # The keepalive directive causes ping-like # messages to be sent back and forth over # the link so that each side knows when # the other side has gone down. # Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. keepalive 10 120 # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status openvpn-status.log # Verbosity level. # 0 -- quiet except for fatal errors. # 1 -- mostly quiet, but display non-fatal network errors. # 3 -- medium output, good for normal operation. # 9 -- verbose, good for troubleshooting verb 3其他一切似乎都沒有問題。有任何想法嗎?
-提前致謝。
所以,meanasspenguin 的評論給了我一個想法,我能夠弄清楚。該程序實際上並沒有掛起,它正在執行並且還沒有退出。為了解決這個問題,只需在守護程序模式下啟動應用程序。我最終只是做了一個簡單的 shell 腳本,所以下次我不必記住它。
start_openvpn.sh:
#!/bin/bash ldconfig -Rm /mnt/ZFS1/bin/openvpn/lib ldconfig -Rm /mnt/ZFS1/bin/openssl/lib /mnt/ZFS1/bin/openvpn/sbin/openvpn --config /mnt/ZFS1/bin/openvpn/openvpn.conf --daemon注意:我每次執行位於 RAM 磁碟中的 FreeNAS Embedded 時都會載入庫。每次重置都會清除任何不在已安裝磁碟上的配置更改。我只是將此腳本設置為在啟動時執行,一切似乎都是金色的。