Vpn
需要幫助在 Windows 伺服器上為 Android 客戶端設置 openVPN 的新設置 - VPN 無法正常工作
嘗試設置 OpenVPN 以將 android 設備連接回我的家庭網路。目前我可以連接到 VPN 但無法傳輸任何數據,IE 無法 ping,無法訪問站點等。這是我的伺服器配置文件
port 1234 proto udp dev tap dev-node tap-bridge ca "C:\\Program Files\\OpenVPN\\config\\ca.crt" cert "C:\\Program Files\\OpenVPN\\config\\server.crt" key "C:\\Program Files\\OpenVPN\\config\\server.key" dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem" topology subnet push "topology subnet" ifconfig-pool-persist ipp.txt server-bridge 172.26.0.2 255.255.255.248 172.26.0.3 172.26.0.5 keepalive 10 120 cipher AES-256-CBC persist-key persist-tun status openvpn-status.log verb 3 explicit-exit-notify 1
這是我的客戶端配置
client dev tap dev-node tap-bridge proto udp remote **** 1234 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key remote-cert-tls server cipher AES-256-CBC verb 3 topology subnet
這是來自 VPN 伺服器的狀態視窗
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 TLS: Initial packet from [AF_INET6]::ffff:174.215.16.183:15438, sid=8c2f0064 9d7a75c8 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 VERIFY OK: depth=1, CN=example.com Mon Nov 8 20:50:33 2021 174.215.16.183:15438 VERIFY OK: depth=0, CN=Client1 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_VER=3.git::662eae9a:Release Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_PLAT=android Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_NCP=2 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_TCPNL=1 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_PROTO=2 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_AUTO_SESS=1 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_SSO=openurl Mon Nov 8 20:50:33 2021 174.215.16.183:15438 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun' Mon Nov 8 20:50:33 2021 174.215.16.183:15438 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1589', remote='link-mtu 1557' Mon Nov 8 20:50:33 2021 174.215.16.183:15438 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500' Mon Nov 8 20:50:33 2021 174.215.16.183:15438 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 Mon Nov 8 20:50:33 2021 174.215.16.183:15438 [Client1] Peer Connection Initiated with [AF_INET6]::ffff:174.215.16.183:15438 Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI_sva: pool returned IPv4=172.26.0.3, IPv6=(Not enabled) Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 Data Channel: using negotiated cipher 'AES-256-GCM' Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 PUSH: Received control message: 'PUSH_REQUEST' Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 SENT CONTROL [Client1]: 'PUSH_REPLY,topology subnet,route-gateway 172.26.0.2,ping 10,ping-restart 120,ifconfig 172.26.0.3 255.255.255.248,peer-id 0,cipher AES-256-GCM' (status=1) Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI: Learn: 00:01:fe:80:00:00@0 -> Client1/174.215.16.183:15438 Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI: Learn: 3a:ff:fe:80:00:00@0 -> Client1/174.215.16.183:15438
最後,這是來自 android 設備的日誌。
20:10:43.123 -- ----- OpenVPN Start ----- 20:10:43.124 -- EVENT: CORE_THREAD_ACTIVE 20:10:43.126 -- OpenVPN core 3.git::662eae9a:Release android arm64 64-bit PT_PROXY 20:10:43.127 -- Frame=512/2048/512 mssfix-ctrl=1250 20:10:43.127 -- UNUSED OPTIONS 1 [dev-node] [tap-bridge] 4 [resolv-retry] [infinite] 5 [nobind] 6 [persist-key] 7 [persist-tun] 13 [verb] [3] 20:10:43.128 -- EVENT: RESOLVE 20:10:43.130 -- Contacting 1.2.3.4:1234 via UDP 20:10:43.131 -- EVENT: WAIT 20:10:43.132 -- Connecting to [example.com]:1234 (1.2.3.4) via UDPv4 20:10:43.200 -- EVENT: CONNECTING 20:10:43.204 -- Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client 20:10:43.204 -- Creds: UsernameEmpty/PasswordEmpty 20:10:43.205 -- Peer Info: IV_VER=3.git::662eae9a:Release IV_PLAT=android IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_AUTO_SESS=1 IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182 IV_SSO=openurl 20:10:43.296 -- VERIFY OK: depth=1, /CN=example 20:10:43.297 -- VERIFY OK: depth=0, /CN=server 20:10:43.428 -- SSL Handshake: CN=server, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA 20:10:43.429 -- Session is ACTIVE 20:10:43.429 -- EVENT: GET_CONFIG 20:10:43.432 -- Sending PUSH_REQUEST to server... 20:10:43.486 -- OPTIONS: 0 [topology] [subnet] 1 [route-gateway] [172.26.0.2] 2 [ping] [10] 3 [ping-restart] [120] 4 [ifconfig] [172.26.0.3] [255.255.255.248] 5 [peer-id] [0] 6 [cipher] [AES-256-GCM] 20:10:43.487 -- PROTOCOL OPTIONS: cipher: AES-256-GCM digest: NONE compress: NONE peer ID: 0 20:10:43.488 -- EVENT: ASSIGN_IP 20:10:43.499 -- Connected via tun 20:10:43.500 -- EVENT: CONNECTED info='example.com:6832 (1.2.3.4) via /UDPv4 on tun/172.26.0.3/ gw=[172.26.0.2/]' 20:10:43.992 -- TUN write exception: write_some: Invalid argument 20:10:44.012 -- TUN write exception: write_some: Invalid argument 20:10:44.013 -- TUN write exception: write_some: Invalid argument
當從 android 設備發送指向 VPN 伺服器(172.26.0.2)的 ping 時,我沒有得到伺服器的響應,但是伺服器日誌中的底線繼續增長,我認為 mac 地址每次 ping 都會發生變化。當嘗試從 LAN、網站、相機等請求某些內容時,也會發生這種情況。
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI: Learn: 3a:ff:fe:80:00:00@0 -> Client1/174.215.16.183:15438
在 android 日誌中,最後一行只是每隔幾秒左右重複一次。
20:10:44.013 -- TUN write exception: write_some: Invalid argument
Android 無法與
tap
. 使用tun
. 見維基。您的另一個選擇可能是在 Android 中重新編譯核心,以便支持
tap
.另一個重要的考慮因素是
tun
效率更高。(tap
虛擬乙太網)模式必須僅在絕對必要時使用。除非您確定自己需要它並且可以解釋原因,否則不要使用它。