我在Windows Server 2008 R2的Amazon实例中安装了OpenVPN服务器,并有我的客户端。
首先我连接到我的VPN由于某种原因,当我尝试连接到我的VPN服务器和RDP到它时,RDP的屏幕冻结几秒钟后,因为连接或隧道build立一段时间后下降。
首先build立隧道,我运行这个命令:sudo openvpn client.conf
client.conf文件具有以下内容:
#This is a client profile. client # We want to tunnel packets (rather than Ethernet bridging). dev tun # Use TCP instead of UDP. proto tcp # This is the VPN server we're connecting to. # Be sure to change this value to YOUR Elastic IP address. remote 107.23.174.205 443 # These are the crypto certificates we'll be using. ca ca.crt cert IanCert.crt key IanCert.key # Use LZO compression on the channel. comp-lzo #Verbosity verb 3 运行该命令后,在terminal上重复:
Mon Dec 31 03:35:03 2012 Connection reset, restarting [-1] Mon Dec 31 03:35:03 2012 TCP/UDP: Closing socket Mon Dec 31 03:35:03 2012 /sbin/route del -net 10.8.0.1 netmask 255.255.255.255 Mon Dec 31 03:35:03 2012 Closing TUN/TAP interface Mon Dec 31 03:35:03 2012 /sbin/ifconfig tun0 0.0.0.0 Mon Dec 31 03:35:03 2012 SIGUSR1[soft,connection-reset] received, process restarting Mon Dec 31 03:35:03 2012 Restart pause, 5 second(s) Mon Dec 31 03:35:08 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Dec 31 03:35:08 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Dec 31 03:35:08 2012 WARNING: file 'IanCert.key' is group or others accessible Mon Dec 31 03:35:08 2012 LZO compression initialized Mon Dec 31 03:35:08 2012 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Mon Dec 31 03:35:08 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] Mon Dec 31 03:35:08 2012 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Mon Dec 31 03:35:08 2012 Local Options hash (VER=V4): '69109d17' Mon Dec 31 03:35:08 2012 Expected Remote Options hash (VER=V4): 'c0103fa8' Mon Dec 31 03:35:08 2012 Attempting to establish TCP connection with [AF_INET]107.23.174.205:443 [nonblock] Mon Dec 31 03:35:09 2012 TCP connection established with [AF_INET]107.23.174.205:443 Mon Dec 31 03:35:09 2012 TCPv4_CLIENT link local: [undef] Mon Dec 31 03:35:09 2012 TCPv4_CLIENT link remote: [AF_INET]107.23.174.205:443 Mon Dec 31 03:35:09 2012 TLS: Initial packet from [AF_INET]107.23.174.205:443, sid=79b44982 8fb01720 Mon Dec 31 03:35:11 2012 VERIFY OK: depth=1, /C=US/ST=VA/L=Haymarket/O=DKRDomain/OU=IT/CN=DKRDomain/name=Dave_Rensin/[email protected] Mon Dec 31 03:35:11 2012 VERIFY OK: depth=0, /C=US/ST=VA/L=Haymarket/O=DKRDomain/OU=IT/CN=DKRDomain/name=Dave_Rensin/[email protected] Mon Dec 31 03:35:14 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Dec 31 03:35:14 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Dec 31 03:35:14 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Dec 31 03:35:14 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Dec 31 03:35:14 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Dec 31 03:35:14 2012 [DKRDomain] Peer Connection Initiated with [AF_INET]107.23.174.205:443 Mon Dec 31 03:35:17 2012 SENT CONTROL [DKRDomain]: 'PUSH_REQUEST' (status=1) Mon Dec 31 03:35:17 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: timers and/or timeouts modified Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: --ifconfig/up options modified Mon Dec 31 03:35:17 2012 OPTIONS IMPORT: route options modified Mon Dec 31 03:35:17 2012 ROUTE default_gateway=192.168.1.1 Mon Dec 31 03:35:17 2012 TUN/TAP device tun0 opened Mon Dec 31 03:35:17 2012 TUN/TAP TX queue length set to 100 Mon Dec 31 03:35:17 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Dec 31 03:35:17 2012 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500 Mon Dec 31 03:35:17 2012 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5 Mon Dec 31 03:35:17 2012 Initialization Sequence Completed
RDP到我的实例(没有设置VPN)的唯一方法是通过其公共IP(但我不想这样做,只是为了解决这个问题)。 我在我的客户端使用Mint Linux(或Debian 6)。
有任何想法吗?