Openvpn
由於網路問題,OpenVPN 伺服器無法啟動
我一直在為我的 OpenVPN 伺服器苦苦掙扎,當我嘗試啟動伺服器時,我根本不知道如何糾正錯誤。我附上了關於我的配置、錯誤和設置的必要資訊。
伺服器配置文件:
up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" port 1194 proto tcp dev tap0 ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem ifconfig-pool-persist ipp.txt server 10.8.0.0 255.255.255.0 keepalive 10 120 tls-auth ta.key 0 # This file is secret comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3
系統日誌:
Feb 12 15:24:24 buntopow ovpn-server[9131]: OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012 Feb 12 15:24:24 buntopow ovpn-server[9131]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet. Feb 12 15:24:24 buntopow ovpn-server[9131]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Feb 12 15:24:24 buntopow ovpn-server[9131]: Diffie-Hellman initialized with 1024 bit key Feb 12 15:24:24 buntopow ovpn-server[9131]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Feb 12 15:24:24 buntopow ovpn-server[9131]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 12 15:24:24 buntopow ovpn-server[9131]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Feb 12 15:24:24 buntopow ovpn-server[9131]: TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ] Feb 12 15:24:24 buntopow ovpn-server[9131]: Socket Buffers: R=[87380->131072] S=[16384->131072] Feb 12 15:24:24 buntopow ovpn-server[9131]: TUN/TAP device tap0 opened Feb 12 15:24:24 buntopow ovpn-server[9131]: TUN/TAP TX queue length set to 100 Feb 12 15:24:24 buntopow ovpn-server[9131]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Feb 12 15:24:24 buntopow ovpn-server[9131]: /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255 Feb 12 15:24:24 buntopow ovpn-server[9131]: /etc/openvpn/up.sh br0 tap0 1500 1576 10.8.0.1 255.255.255.0 init Feb 12 15:24:24 buntopow ovpn-server[9131]: WARNING: External program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info. Feb 12 15:24:24 buntopow ovpn-server[9131]: WARNING: Failed running command (--up/--down): external program fork failed Feb 12 15:24:24 buntopow ovpn-server[9131]: Exiting Feb 12 15:24:24 buntopow NetworkManager[873]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0) Feb 12 15:24:24 buntopow NetworkManager[873]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found. Feb 12 15:24:24 buntopow NetworkManager[873]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)
script security 2
添加到配置文件後的系統日誌:Feb 12 16:24:27 buntopow ovpn-server[12655]: Listening for incoming TCP connection on [undef] Feb 12 16:24:27 buntopow NetworkManager[873]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0) Feb 12 16:24:27 buntopow ovpn-server[12655]: TCPv4_SERVER link local (bound): [undef] Feb 12 16:24:27 buntopow NetworkManager[873]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found. Feb 12 16:24:27 buntopow ovpn-server[12655]: TCPv4_SERVER link remote: [undef]
up.sh 和 down.sh 的內容與本指南中描述的內容類似:https ://help.ubuntu.com/10.04/serverguide/openvpn.html
老實說,我不知道從哪裡開始調試這個錯誤,希望有人能指出我正確的方向。
您是否檢查過這裡的建議:http: //forum.pfsense.org/index.php ?topic=21678.0 ?