服务器 Gind.cn
  1. 服务器 Gind.cn
  3. OpenVPN TCP 443
Intereting Posts
哪些命令会改变开放目录密码? 如何使用iptables阻止IP 如何才能使Azure Webangular色只能通过虚拟networking访问? iptables端口转发到同一台计算机上的代理? 我如何获得Wireshark知道的端口列表? 有谁知道在哪里可以find一个2inputUSB电压表? 无法连接到postgres服务器 在端口80上运行red5 命令只返回当前服务器负载的值? HTTPredirect显示IP地址 PostgreSQL备份/恢复 仙人掌获取数据,但不显示graphics 我可以使用SSL网站的主机标头吗? Windows Server 2008 R2批量激活 签署另一个脚本中包含的Powershell脚本?

OpenVPN TCP 443

我正在Ubuntu 16.04.3上运行OpenVPN服务器版本2.4.4。 VPN连接对于UDP 1194工作非常好,但当我尝试更改为TCP 443时,它只是不能连接。 即时通讯使用apache2,我closures之前使用命令service apache2 stoptestingclosures。 ufw TCP 443是允许的,但即使我closures防火墙,它不会连接。 (也在Windows客户端上)

这是我的服务器configuration: 

 port 443 proto tcp ;proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 213.133.98.98" push "dhcp-option DNS 213.133.99.99" push "dhcp-option DNS 213.133.100.100" keepalive 10 120 tls-auth ta.key 0 key-direction 0 cipher AES-256-CBC tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 auth SHA512 max-clients 2 user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 explicit-exit-notify 1 tls-version-min 1.2 reneg-sec 60 remote-cert-tls client

我的客户端configuration: 

 client dev tun proto tcp ;proto udp remote *super secret IP* 443 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server tls-auth ta.key 1 cipher AES-256-CBC tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 auth SHA512 key-direction 1 auth-nocache reneg-sec 60 verb 3

客户端日志: 

 Fri Nov 10 13:35:05 2017 SIGUSR1[soft,connection-reset] received, process restarting Fri Nov 10 13:35:05 2017 MANAGEMENT: >STATE:1510317305,RECONNECTING,connection-reset,,,,, Fri Nov 10 13:35:05 2017 Restart pause, 5 second(s) Fri Nov 10 13:35:10 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]*super secret IP*:443 Fri Nov 10 13:35:10 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Fri Nov 10 13:35:10 2017 Attempting to establish TCP connection with [AF_INET]*super secret IP*:443 [nonblock] Fri Nov 10 13:35:10 2017 MANAGEMENT: >STATE:1510317310,TCP_CONNECT,,,,,, Fri Nov 10 13:35:11 2017 TCP connection established with [AF_INET]*super secret IP*:443 Fri Nov 10 13:35:11 2017 TCP_CLIENT link local: (not bound) Fri Nov 10 13:35:11 2017 TCP_CLIENT link remote: [AF_INET]*super secret IP*:443 Fri Nov 10 13:35:11 2017 MANAGEMENT: >STATE:1510317311,WAIT,,,,,, Fri Nov 10 13:35:11 2017 Connection reset, restarting [0]

服务器日志: 

 Nov 12 18:22:22 ubuntu systemd[1]: Starting OpenVPN connection to server... Nov 12 18:22:22 ubuntu systemd[1]: Starting OpenVPN service... Nov 12 18:22:22 ubuntu systemd[1]: Started OpenVPN service. Nov 12 18:22:22 ubuntu systemd[1]: Failed to start OpenVPN connection to server.

ip addr show tun0 with UDP 1149: 

 12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0 valid_lft forever preferred_lft forever

ip addr show tun0与TCP 443: 

 Device "tun0" does not exist.

任何人都知道为什么它不会工作,当我改变到TCP 443?

可能openvpn服务器不能绑定特权端口:

用户没有组nogroup

尝试

用户根组根

看看是否有效。

好的,所以我find了解决scheme! 坦克djsumdog为我提供了日志附加选项的提示。 错误在文件中: Options error: --explicit-exit-notify can only be used with --proto udp所以当我想要使用TCP时,我不能使用这个选项。 现在一切正常。