服务器 Gind.cn
  1. 服务器 Gind.cn
  3. OpenVPN Debian 9configuration:没有服务器 – 客户端连接以太网
Intereting Posts
无法续订SLES12中的DHCPV6租约 如何迁移ZFS文件系统以使用压缩? nginx,别名,php-fpm =未find文件 IIS 7启用32位应用程序 使用ACL处理Linux中的文件权限 redirect导致HTTP 400(错误请求)错误(Apache 2.2)的请求 在停机期间从不同的服务器上运行我的网站 关于Linux服务器Active Directoryauthentication的常识? 有没有一种轻量级的方法来提供对VMware vSphere托pipe机器的控制台访问? 你需要更新或修补内核的安全性 添加IIS6 MetabaseCompatibilityangular色后,inetmgr崩溃 更换服务器后发送和接收电子邮件的问题 我的DHCP服务器上的事件ID 10020 H和V不能在Windows Server 2012上login 如何使用uWSGI将环境variables传递给WSGI脚本?

OpenVPN Debian 9configuration:没有服务器 – 客户端连接以太网

我目前正试图在我的Debian 9电脑上安装OpenVPN服务器,并且遇到了与客户端的连接问题。 目前,服务器通过交换机通过以太网物理连接到客户端(运行Windows),但客户端无法与服务器build立连接(服务器在ifconfig中显示为tun0)。 我相信这是一个configuration问题的地方,但无法弄清楚在哪里。

如果这有所作为,我也在NATnetworking之后。 为了进行debugging,我还暂时禁用了两台计算机上的防火墙。

有什么解决scheme,为什么我不能build立连接? 提前致谢。

我正在按照这个页面上的说明(我也使用提供的shell脚本): OpenVPN_Debian_9

这是server.conf: 

port 1194 proto udp dev tun sndbuf 0 rcvbuf 0 ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh.pem auth SHA512 tls-auth /etc/openvpn/ta.key 0 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 cipher AES-256-CBC comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 crl-verify crl.pem

这是client.conf: 

 client dev tun proto udp sndbuf 0 rcvbuf 0 remote xxx.xxx.xxx.xxx 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3

客户端日志 

 Tue Aug 01 09:33:40 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)][LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017 Tue Aug 01 09:33:40 2017 Windows version 6.2 (Windows 8 or greater) 64bit Tue Aug 01 09:33:40 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10 Enter Management Password: Tue Aug 01 09:33:40 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Tue Aug 01 09:33:40 2017 Need hold release from management interface, waiting... Tue Aug 01 09:33:40 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'state on' Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'log all on' Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'echo all on' Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'hold off' Tue Aug 01 09:33:40 2017 MANAGEMENT: CMD 'hold release' Tue Aug 01 09:33:40 2017 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Aug 01 09:33:40 2017 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Aug 01 09:33:40 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.8.0.1:1194 Tue Aug 01 09:33:40 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Tue Aug 01 09:33:40 2017 UDP link local: (not bound) Tue Aug 01 09:33:40 2017 UDP link remote: [AF_INET]10.8.0.1:1194 Tue Aug 01 09:33:40 2017 MANAGEMENT: >STATE:1501594420,WAIT, Tue Aug 01 09:34:40 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Aug 01 09:34:40 2017 TLS Error: TLS handshake failed Tue Aug 01 09:34:40 2017 SIGUSR1[soft,tls-error] received, process restarting Tue Aug 01 09:34:40 2017 MANAGEMENT: >STATE:1501594480,RECONNECTING,tls-error Tue Aug 01 09:34:40 2017 Restart pause, 5 second(s) Tue Aug 01 09:34:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.8.0.1:1194

UDP link remote: [AF_INET]10.8.0.1:1194 – 我不知道如何进行networking设置,但无法连接到10.8.0.1的tun接口上的服务器.. --remote 10.8.0.1错误您必须使用主IP或公共IP,并在您的路由器/防火墙中转发端口。