Networking

OpenVPN Client沒有連接到我自己的伺服器,而是根據tcpdump接收數據包

  • January 24, 2022

我的問題是我無法連接到我的 OpenVPN 伺服器。我總是收到“TLS 密鑰協商未能在 60 秒內發生(檢查您的網路連接)”錯誤。嘗試連接伺服器上的埠 1194 時執行 tcpdump 顯示來自我的 PC 的 4 個數據包。

我在 /etc/openvpn/server 中的 server.conf:

# OpenVPN Port, Protocol, and the Tun
port 1194
proto udp
dev tun

#listen
local *my DNS*

# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/*cert*.crt
key /etc/openvpn/server/*key*.key

#DH and CRL key
dh /etc/openvpn/server/dh.pem
crl-verify /etc/openvpn/server/crl.pem

# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"

# Using the DNS from https://dns.watch
push "dhcp-option DNS 84.200.69.80"
push "dhcp-option DNS 84.200.70.40"

#Enable multiple clients to connect with the same certificate key
duplicate-cn

# TLS Security
cipher AES-256-CBC
tls-version-min 1.0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache

# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nobody


# OpenVPN Log
log-append /var/log/openvpn.log
verb 4

我的 Windows 客戶端上的 client.ovpn:

client
dev tun
proto udp

remote *my DNS* 1194

ca "c:\\Users\\*Username*\\Documents\\OpenVPNFiles\\Client1\\client\\ca.crt"
cert "c:\\Users\\*Username*\\Documents\\OpenVPNFiles\\Client1\\client\\*cert*.crt"
key "c:\\Users\\*Username*\\Documents\\OpenVPNFiles\\Client1\\client\\*key*.key"

cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
remote-cert-tls server

resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 4

非常感謝任何幫助。

所以,我自己修好了。問題是 server..conf 文件位於 /etc/oopnvpn/server 而不是 /etc/openvpn。

引用自:https://serverfault.com/questions/1090638