Openvpn

由於網路問題,OpenVPN 伺服器無法啟動

  • February 12, 2013

我一直在為我的 OpenVPN 伺服器苦苦掙扎,當我嘗試啟動伺服器時,我根本不知道如何糾正錯誤。我附上了關於我的配置、錯誤和設置的必要資訊。

伺服器配置文件:

up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
port 1194
proto tcp
dev tap0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server 10.8.0.0 255.255.255.0
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

系統日誌:

Feb 12 15:24:24 buntopow ovpn-server[9131]: OpenVPN 2.2.1 i686-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012
Feb 12 15:24:24 buntopow ovpn-server[9131]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Feb 12 15:24:24 buntopow ovpn-server[9131]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Feb 12 15:24:24 buntopow ovpn-server[9131]: Diffie-Hellman initialized with 1024 bit key
Feb 12 15:24:24 buntopow ovpn-server[9131]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Feb 12 15:24:24 buntopow ovpn-server[9131]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 12 15:24:24 buntopow ovpn-server[9131]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 12 15:24:24 buntopow ovpn-server[9131]: TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Feb 12 15:24:24 buntopow ovpn-server[9131]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Feb 12 15:24:24 buntopow ovpn-server[9131]: TUN/TAP device tap0 opened
Feb 12 15:24:24 buntopow ovpn-server[9131]: TUN/TAP TX queue length set to 100
Feb 12 15:24:24 buntopow ovpn-server[9131]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Feb 12 15:24:24 buntopow ovpn-server[9131]: /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
Feb 12 15:24:24 buntopow ovpn-server[9131]: /etc/openvpn/up.sh br0 tap0 1500 1576 10.8.0.1 255.255.255.0 init
Feb 12 15:24:24 buntopow ovpn-server[9131]: WARNING: External program may not be called unless '--script-security 2' or higher is enabled.  Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.  See --help text or man page for detailed info.
Feb 12 15:24:24 buntopow ovpn-server[9131]: WARNING: Failed running command (--up/--down): external program fork failed
Feb 12 15:24:24 buntopow ovpn-server[9131]: Exiting
Feb 12 15:24:24 buntopow NetworkManager[873]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Feb 12 15:24:24 buntopow NetworkManager[873]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Feb 12 15:24:24 buntopow NetworkManager[873]:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/tap0, iface: tap0)

script security 2添加到配置文件後的系統日誌:

Feb 12 16:24:27 buntopow ovpn-server[12655]: Listening for incoming TCP connection on [undef]
Feb 12 16:24:27 buntopow NetworkManager[873]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tap0, iface: tap0)
Feb 12 16:24:27 buntopow ovpn-server[12655]: TCPv4_SERVER link local (bound): [undef]
Feb 12 16:24:27 buntopow NetworkManager[873]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tap0, iface: tap0): no ifupdown configuration found.
Feb 12 16:24:27 buntopow ovpn-server[12655]: TCPv4_SERVER link remote: [undef]

up.sh 和 down.sh 的內容與本指南中描述的內容類似:https ://help.ubuntu.com/10.04/serverguide/openvpn.html

老實說,我不知道從哪裡開始調試這個錯誤,希望有人能指出我正確的方向。

您是否檢查過這裡的建議:http: //forum.pfsense.org/index.php ?topic=21678.0 ?

引用自:https://serverfault.com/questions/478017