我已经安装了我的OpenVPN服务器和客户端, 上个月它工作的很完美 。
但是,现在我无法连接到服务器没有任何configuration更改。
这里是无声的日志(Win7):
Mon Feb 18 08:26:06 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Feb 18 08:26:06 2013 Re-using SSL/TLS context Mon Feb 18 08:26:06 2013 LZO compression initialized Mon Feb 18 08:26:06 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 18 08:26:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Feb 18 08:26:06 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 18 08:26:06 2013 Local Options hash (VER=V4): '41690919' Mon Feb 18 08:26:06 2013 Expected Remote Options hash (VER=V4): '530fdded' Mon Feb 18 08:26:06 2013 UDPv4 link local: [undef] Mon Feb 18 08:26:06 2013 UDPv4 link remote: 106.187.96.123:1194 Mon Feb 18 08:27:06 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Feb 18 08:27:06 2013 TLS Error: TLS handshake failed Mon Feb 18 08:27:06 2013 TCP/UDP: Closing socket Mon Feb 18 08:27:06 2013 SIGUSR1[soft,tls-error] received, process restarting Mon Feb 18 08:27:06 2013 Restart pause, 2 second(s) Mon Feb 18 08:27:08 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Feb 18 08:27:08 2013 Re-using SSL/TLS context Mon Feb 18 08:27:08 2013 LZO compression initialized Mon Feb 18 08:27:08 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 18 08:27:08 2013 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Feb 18 08:27:08 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 18 08:27:08 2013 Local Options hash (VER=V4): '41690919' Mon Feb 18 08:27:08 2013 Expected Remote Options hash (VER=V4): '530fdded' Mon Feb 18 08:27:08 2013 UDPv4 link local: [undef] Mon Feb 18 08:27:08 2013 UDPv4 link remote: 106.187.96.123:1194 Mon Feb 18 08:28:08 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Feb 18 08:28:08 2013 TLS Error: TLS handshake failed Mon Feb 18 08:28:08 2013 TCP/UDP: Closing socket Mon Feb 18 08:28:08 2013 SIGUSR1[soft,tls-error] received, process restarting Mon Feb 18 08:28:08 2013 Restart pause, 2 second(s) Mon Feb 18 08:28:10 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Feb 18 08:28:10 2013 Re-using SSL/TLS context Mon Feb 18 08:28:10 2013 LZO compression initialized Mon Feb 18 08:28:10 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 18 08:28:10 2013 Socket Buffers: R=[8192->8192] S=[8192->8192] Mon Feb 18 08:28:10 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 18 08:28:10 2013 Local Options hash (VER=V4): '41690919' Mon Feb 18 08:28:10 2013 Expected Remote Options hash (VER=V4): '530fdded' Mon Feb 18 08:28:10 2013 UDPv4 link local: [undef] Mon Feb 18 08:28:10 2013 UDPv4 link remote: 106.187.96.123:1194 这是服务器端:
Mon Feb 18 00:43:19 2013 114.249.236.187:26913 SIGUSR1[soft,tls-error] received, client-instance restarting Mon Feb 18 00:43:21 2013 MULTI: multi_create_instance called Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Re-using SSL/TLS context Mon Feb 18 00:43:21 2013 114.249.236.187:26854 LZO compression initialized Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Local Options hash (VER=V4): '530fdded' Mon Feb 18 00:43:21 2013 114.249.236.187:26854 Expected Remote Options hash (VER=V4): '41690919' Mon Feb 18 00:43:21 2013 114.249.236.187:26854 TLS: Initial packet from 114.249.236.187:26854, sid=d04721a3 d361dccf Mon Feb 18 00:44:21 2013 114.249.236.187:26854 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Feb 18 00:44:21 2013 114.249.236.187:26854 TLS Error: TLS handshake failed Mon Feb 18 00:44:21 2013 114.249.236.187:26854 SIGUSR1[soft,tls-error] received, client-instance restarting Mon Feb 18 00:44:23 2013 MULTI: multi_create_instance called Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Re-using SSL/TLS context Mon Feb 18 00:44:23 2013 114.249.236.187:26855 LZO compression initialized Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Local Options hash (VER=V4): '530fdded' Mon Feb 18 00:44:23 2013 114.249.236.187:26855 Expected Remote Options hash (VER=V4): '41690919' Mon Feb 18 00:44:23 2013 114.249.236.187:26855 TLS: Initial packet from 114.249.236.187:26855, sid=d46a451d f7d88d11 Mon Feb 18 00:45:23 2013 114.249.236.187:26855 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Feb 18 00:45:23 2013 114.249.236.187:26855 TLS Error: TLS handshake failed Mon Feb 18 00:45:23 2013 114.249.236.187:26855 SIGUSR1[soft,tls-error] received, client-instance restarting Mon Feb 18 00:45:25 2013 MULTI: multi_create_instance called Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Re-using SSL/TLS context Mon Feb 18 00:45:25 2013 114.249.236.187:26925 LZO compression initialized Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Local Options hash (VER=V4): '530fdded' Mon Feb 18 00:45:25 2013 114.249.236.187:26925 Expected Remote Options hash (VER=V4): '41690919' Mon Feb 18 00:45:25 2013 114.249.236.187:26925 TLS: Initial packet from 114.249.236.187:26925, sid=34f4dc94 f7092f67 Mon Feb 18 00:46:25 2013 114.249.236.187:26925 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Mon Feb 18 00:46:25 2013 114.249.236.187:26925 TLS Error: TLS handshake failed Mon Feb 18 00:46:25 2013 114.249.236.187:26925 SIGUSR1[soft,tls-error] received, client-instance restarting Mon Feb 18 00:46:27 2013 MULTI: multi_create_instance called Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Re-using SSL/TLS context Mon Feb 18 00:46:27 2013 114.249.236.187:26926 LZO compression initialized Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Local Options hash (VER=V4): '530fdded' Mon Feb 18 00:46:27 2013 114.249.236.187:26926 Expected Remote Options hash (VER=V4): '41690919' Mon Feb 18 00:46:27 2013 114.249.236.187:26926 TLS: Initial packet from 114.249.236.187:26926, sid=3dfa89e1 b1ff7f3a ^C [root@li460-123 openvpn]#
谁能帮忙?
从你的日志看来,你似乎正在build立一个从中国( 114.249.236.187 )到日本( 106.187.96.123 )的OpenVPN连接。 自从11月份以来,中国一直在积极地阻止OpenVPN连接,而且很多都是基于协议嗅探。 换句话说,他们看到带有OpenVPN签名的数据包通过防火墙进入,然后过滤或改变剩余的数据包来阻止连接。 通常,这种行为在TLS协商序列中performance为超时。
总之,你没有破坏任何东西。 中国做到了。
你可以尝试改变你的OpenVPN服务器使用TCP而不是UDP进行通信,或使用不同的端口。 也就是说,我已经看到有报道说任何逃避检测的改变都很快就失效了。
我来自伊朗,问题是中国和伊朗都通过任何端口分析数据包,当他们检测到TLS瓦纳工作build立openvpn连接自动损坏,我已经设置openvpn在TCP端口80,它只能在iPhone和iPad和点正是在这里,因为iPhone和iPad不使用TLS进行身份validation,他们使用SSL,我们应该强制客户端在Windows和Mac使用SSL而不是TLS来解决它,那么他们将很难阻止有没有人知道怎么可能?
世界各地的自由人最好的祝愿:)