最初我的问题是,我可以得到隧道,但无法到达局域网,只有抵达防火墙。
服务器日志
Sep 13 06:13:04 openvpn[1989]: event_wait : Interrupted system call (code=4) Sep 13 06:13:04 openvpn[1989]: /usr/local/sbin/ovpn-linkdown ovpns3 1500 1558 172.18.3.1 172.18.3.2 init Sep 13 06:13:04 openvpn[1989]: SIGTERM[hard,] received, process exiting Sep 13 06:35:52 openvpn[83637]: Options error: --server directive network/netmask combination is invalid Sep 13 06:35:52 openvpn[83637]: Use --help for more information. Sep 13 06:58:08 openvpn[99674]: Options error: --server directive network/netmask combination is invalid Sep 13 06:58:08 openvpn[99674]: Use --help for more information. Sep 13 07:52:54 openvpn[55729]: Options error: --server directive network/netmask combination is invalid Sep 13 07:52:54 openvpn[55729]: Use --help for more information. Sep 13 07:53:02 openvpn[60429]: Options error: --server directive network/netmask combination is invalid Sep 13 07:53:02 openvpn[60429]: Use --help for more information. Sep 13 08:24:55 openvpn[83168]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013 Sep 13 08:24:55 openvpn[83168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 13 08:24:55 openvpn[83168]: Control Channel Authentication: using '/var/etc/openvpn/server2.tls-auth' as a OpenVPN static key file Sep 13 08:24:55 openvpn[83168]: TUN/TAP device ovpns2 exists previously, keep at program end Sep 13 08:24:55 openvpn[83168]: TUN/TAP device /dev/tun2 opened Sep 13 08:24:55 openvpn[83168]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Sep 13 08:24:55 openvpn[83168]: /sbin/ifconfig ovpns2 172.18.3.1 172.18.3.2 mtu 1500 netmask 255.255.255.255 up Sep 13 08:24:55 openvpn[83168]: /usr/local/sbin/ovpn-linkup ovpns2 1500 1558 172.18.3.1 172.18.3.2 init Sep 13 08:24:55 openvpn[84128]: UDPv4 link local (bound): [AF_INET]41.87.165.42:1195 Sep 13 08:24:55 openvpn[84128]: UDPv4 link remote: [undef] Sep 13 08:24:55 openvpn[84128]: Initialization Sequence Completed Sep 13 08:26:41 openvpn[84128]: event_wait : Interrupted system call (code=4) Sep 13 08:26:41 openvpn[84128]: /usr/local/sbin/ovpn-linkdown ovpns2 1500 1558 172.18.3.1 172.18.3.2 init Sep 13 08:26:41 openvpn[84128]: SIGTERM[hard,] received, process exiting Sep 13 08:26:41 openvpn[27166]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013 Sep 13 08:26:41 openvpn[27166]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 13 08:26:41 openvpn[27166]: Control Channel Authentication: using '/var/etc/openvpn/server2.tls-auth' as a OpenVPN static key file Sep 13 08:26:41 openvpn[27166]: TUN/TAP device ovpns2 exists previously, keep at program end Sep 13 08:26:41 openvpn[27166]: TUN/TAP device /dev/tun2 opened Sep 13 08:26:41 openvpn[27166]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Sep 13 08:26:41 openvpn[27166]: /sbin/ifconfig ovpns2 172.18.3.1 172.18.3.2 mtu 1500 netmask 255.255.255.255 up Sep 13 08:26:41 openvpn[27166]: /usr/local/sbin/ovpn-linkup ovpns2 1500 1558 172.18.3.1 172.18.3.2 init Sep 13 08:26:41 openvpn[28308]: UDPv4 link local (bound): [AF_INET]41.87.165.42:1195 Sep 13 08:26:41 openvpn[28308]: UDPv4 link remote: [undef] Sep 13 08:26:41 openvpn[28308]: Initialization Sequence Completed Sep 13 08:36:36 openvpn[28308]: event_wait : Interrupted system call (code=4) Sep 13 08:36:36 openvpn[28308]: /usr/local/sbin/ovpn-linkdown ovpns2 1500 1558 172.18.3.1 172.18.3.2 init Sep 13 08:36:36 openvpn[28308]: SIGTERM[hard,] received, process exiting Sep 13 08:36:36 openvpn[85155]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013 Sep 13 08:36:36 openvpn[85155]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 13 08:36:36 openvpn[85155]: Control Channel Authentication: using '/var/etc/openvpn/server2.tls-auth' as a OpenVPN static key file Sep 13 08:36:36 openvpn[85155]: TUN/TAP device ovpns2 exists previously, keep at program end Sep 13 08:36:36 openvpn[85155]: TUN/TAP device /dev/tun2 opened Sep 13 08:36:36 openvpn[85155]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Sep 13 08:36:36 openvpn[85155]: /sbin/ifconfig ovpns2 172.18.3.1 172.18.3.2 mtu 1500 netmask 255.255.255.255 up Sep 13 08:36:36 openvpn[85155]: /usr/local/sbin/ovpn-linkup ovpns2 1500 1558 172.18.3.1 172.18.3.2 init Sep 13 08:36:36 openvpn[86682]: UDPv4 link local (bound): [AF_INET]41.87.165.42:1195 Sep 13 08:36:36 openvpn[86682]: UDPv4 link remote: [undef] Sep 13 08:36:36 openvpn[86682]: Initialization Sequence Completed 客户端日志
Wed Sep 13 10:43:04 2017 SIGUSR1[soft,tls-error] received, process restarting Wed Sep 13 10:43:10 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]41.87.165.42:1195 Wed Sep 13 10:43:10 2017 UDP link local (bound): [AF_INET][undef]:0 Wed Sep 13 10:43:10 2017 UDP link remote: [AF_INET]41.87.165.42:1195 Wed Sep 13 10:44:10 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Sep 13 10:44:10 2017 TLS Error: TLS handshake failed Wed Sep 13 10:44:10 2017 SIGUSR1[soft,tls-error] received, process restarting Wed Sep 13 10:44:16 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]41.87.165.42:1195 Wed Sep 13 10:44:16 2017 UDP link local (bound): [AF_INET][undef]:0 Wed Sep 13 10:44:16 2017 UDP link remote: [AF_INET]41.87.165.42:1195
客户端configuration
dev tun persist-tun persist-key cipher AES-128-CBC auth SHA1 tls-client client resolv-retry infinite remote 41.87.165.42 1195 udp lport 0 verify-x509-name "OpenVPN" name auth-user-pass pkcs12 pfsense-udp-1195-Sabir.p12 tls-auth pfsense-udp-1195-Sabir-tls.key 1 ns-cert-type server comp-lzo