Ubuntu
OpenVPN 伺服器為所有連接的客戶端分配相同的 IP 地址 (10.8.0.6)
我按照如何在 Ubuntu 20.04 上設置和配置 OpenVPN 伺服器來設置 OpenVPN 伺服器。我注意到,當任何客戶端連接到 OpenVPN 伺服器時,它們每個都獲得相同的 IP 地址:
10.8.0.6
.在
/etc/openvpn/server/server.conf
中,我有這些設置,以便它可以在中分配 IP 地址10.8.0.X
。# Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. server 10.8.0.0 255.255.255.0
在 ubuntu 客戶端中:
askar@ubuntu:~$ ifconfig eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.11.23 netmask 255.255.255.0 broadcast 192.168.11.255 inet6 240b:11:8a62:bc10:f64d:30ff:fe6c:7f6c prefixlen 64 scopeid 0x0<global> inet6 fe80::f64d:30ff:fe6c:7f6c prefixlen 64 scopeid 0x20<link> ether f4:4d:30:6c:7f:6c txqueuelen 1000 (Ethernet) RX packets 8323 bytes 1066513 (1.0 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6078 bytes 957451 (957.4 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 16 memory 0xdf100000-df120000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 92 bytes 6838 (6.8 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 92 bytes 6838 (6.8 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.8.0.6 netmask 255.255.255.255 destination 10.8.0.5 inet6 fe80::2fa0:961f:7ba8:c04c prefixlen 64 scopeid 0x20<link> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3 bytes 144 (144.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在我的 Mac PC 上:
~ ifconfig ok 00:08:23 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=201<PERFORMNUD,DAD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO> ether ac:87:a3:3b:d2:32 inet6 fe80::1043:7119:8f77:8977%en0 prefixlen 64 secured scopeid 0x4 inet 192.168.11.2 netmask 0xffffff00 broadcast 192.168.11.255 inet6 240b:11:8a62:bc10:1421:50dd:7a2:7e21 prefixlen 64 autoconf secured inet6 240b:11:8a62:bc10:31ac:632d:c084:ae98 prefixlen 64 autoconf temporary nd6 options=201<PERFORMNUD,DAD> media: autoselect (1000baseT <full-duplex,flow-control>) status: active en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether ac:29:3a:96:06:8d nd6 options=201<PERFORMNUD,DAD> media: autoselect (<unknown type>) status: inactive en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 82:11:02:40:01:80 media: autoselect <full-duplex> status: inactive en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 options=460<TSO4,TSO6,CHANNEL_IO> ether 82:11:02:40:01:81 media: autoselect <full-duplex> status: inactive bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=63<RXCSUM,TXCSUM,TSO4,TSO6> ether 82:11:02:40:01:80 Configuration: id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0 maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0 ipfilter disabled flags 0x0 member: en2 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 6 priority 0 path cost 0 member: en3 flags=3<LEARNING,DISCOVER> ifmaxaddr 0 port 7 priority 0 path cost 0 nd6 options=201<PERFORMNUD,DAD> media: <unknown type> status: inactive p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304 options=400<CHANNEL_IO> ether 0e:29:3a:96:06:8d media: autoselect status: inactive awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484 options=400<CHANNEL_IO> ether 26:a4:4e:7d:9d:c5 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: inactive llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 26:a4:4e:7d:9d:c5 nd6 options=201<PERFORMNUD,DAD> ham0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1404 ether 7a:79:00:00:00:00 open (pid 93) utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::1c90:674b:fb2:43af%utun0 prefixlen 64 scopeid 0xd nd6 options=201<PERFORMNUD,DAD> utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000 inet6 fe80::40a2:3ba4:1052:11a7%utun1 prefixlen 64 scopeid 0xe nd6 options=201<PERFORMNUD,DAD> utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::b950:55ea:84f4:8c39%utun2 prefixlen 64 scopeid 0xf nd6 options=201<PERFORMNUD,DAD> utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380 inet6 fe80::c30a:1bc7:4681:81ee%utun3 prefixlen 64 scopeid 0x10 nd6 options=201<PERFORMNUD,DAD> utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff
106.73.138.98
是我用https://whatismyipaddress.com/檢查的 IP 地址Ubuntu、Mac OS 和 iPhone 落後
106.73.138.98
,由本地 ISP 分配。
/var/log/syslog
當 3 個客戶端同時連接時:Feb 24 15:27:47 openvpn openvpn[590]: 106.73.138.98:35783 TLS: Initial packet from [AF_INET]106.73.138.98:35783, sid=0822333e 11f09c9c Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 VERIFY OK: depth=1, CN=Easy-RSA CA Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 VERIFY OK: depth=0, CN=client1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_VER=2.4.9 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_PLAT=mac Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_PROTO=2 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_NCP=2 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_LZ4=1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_LZ4v2=1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_LZO=1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_COMP_STUB=1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_COMP_STUBv2=1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_TCPNL=1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5601_3.8.4a__build_5601)" Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 384 bit EC, curve: secp384r1 Feb 24 15:27:48 openvpn openvpn[590]: 106.73.138.98:35783 [client1] Peer Connection Initiated with [AF_INET]106.73.138.98:35783 Feb 24 15:27:48 openvpn openvpn[590]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Feb 24 15:27:48 openvpn openvpn[590]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Feb 24 15:27:48 openvpn openvpn[590]: MULTI: Learn: 10.8.0.6 -> client1/106.73.138.98:35783 Feb 24 15:27:48 openvpn openvpn[590]: MULTI: primary virtual IP for client1/106.73.138.98:35783: 10.8.0.6 Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 PUSH: Received control message: 'PUSH_REQUEST' Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM' (status=1) Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Feb 24 15:27:49 openvpn openvpn[590]: client1/106.73.138.98:35783 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 TLS: Initial packet from [AF_INET]106.73.138.98:39883, sid=b85cdfeb 0c4565bb Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 VERIFY OK: depth=1, CN=Easy-RSA CA Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 VERIFY OK: depth=0, CN=client1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_VER=2.4.7 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_PLAT=linux Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_PROTO=2 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_NCP=2 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_LZ4=1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_LZ4v2=1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_LZO=1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_COMP_STUB=1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_COMP_STUBv2=1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 peer info: IV_TCPNL=1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 384 bit EC, curve: secp384r1 Feb 24 15:27:55 openvpn openvpn[590]: 106.73.138.98:39883 [client1] Peer Connection Initiated with [AF_INET]106.73.138.98:39883 Feb 24 15:27:55 openvpn openvpn[590]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Feb 24 15:27:55 openvpn openvpn[590]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Feb 24 15:27:55 openvpn openvpn[590]: MULTI: Learn: 10.8.0.6 -> client1/106.73.138.98:39883 Feb 24 15:27:55 openvpn openvpn[590]: MULTI: primary virtual IP for client1/106.73.138.98:39883: 10.8.0.6 Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 PUSH: Received control message: 'PUSH_REQUEST' Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1) Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Feb 24 15:27:56 openvpn openvpn[590]: client1/106.73.138.98:39883 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 TLS: Initial packet from [AF_INET]106.73.138.98:43971, sid=41f8d815 33e079cb Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 VERIFY OK: depth=1, CN=Easy-RSA CA Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 VERIFY OK: depth=0, CN=client1 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_VER=3.git::58b92569 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_PLAT=ios Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_NCP=2 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_TCPNL=1 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_PROTO=2 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_AUTO_SESS=1 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 peer info: IV_SSO=openurl Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1521' Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 384 bit EC, curve: secp384r1 Feb 24 15:28:06 openvpn openvpn[590]: 106.73.138.98:43971 [client1] Peer Connection Initiated with [AF_INET]106.73.138.98:43971 Feb 24 15:28:06 openvpn openvpn[590]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Feb 24 15:28:06 openvpn openvpn[590]: MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Feb 24 15:28:06 openvpn openvpn[590]: MULTI: Learn: 10.8.0.6 -> client1/106.73.138.98:43971 Feb 24 15:28:06 openvpn openvpn[590]: MULTI: primary virtual IP for client1/106.73.138.98:43971: 10.8.0.6 Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 PUSH: Received control message: 'PUSH_REQUEST' Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM' (status=1) Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Feb 24 15:28:06 openvpn openvpn[590]: client1/106.73.138.98:43971 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Feb 24 15:28:12 openvpn openvpn[590]: AEAD Decrypt error: cipher final failed Feb 24 15:28:22 openvpn openvpn[590]: AEAD Decrypt error: cipher final failed
您的日誌顯示每個客戶端都使用相同的客戶端證書進行連接,而當這種情況發生時,OpenVPN 斷開了另一個連接。
Feb 24 15:28:06 openvpn openvpn[590]: MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
作為一般規則,不同的使用者應該有不同的證書,但是如果你想允許同一個使用者在多個設備上使用同一個證書,你可以按照它所說的來啟動 OpenVPN
--duplicate-cn
。在 Ubuntu 上,您可以通過編輯/etc/default/openvpn
文件並將選項添加到 OPTARGS 來執行此操作。# Optional arguments to openvpn's command line OPTARGS=""
會成為:
# Optional arguments to openvpn's command line OPTARGS="--duplicate-cn"
然後重新啟動 OpenVPN。