networking新手,这已经有点让我疯狂了4天的更好的一部分。 我已经阅读了5个教程,似乎无法让他们工作。
DDWRT设置
其他configuration
push "route 10.217.64.55 255.255.255.0" push "dhcp-options DNS 10.217.64.186" server 10.217.88.0 255.255.255.0 dev tun0 proto udp keepalive 10 120 代码为客户端
remote myip 1194 client dev tun proto udp resolv-retry infinite nobind persist-key persist-tun cipher aes-256-cbc float tun-mtu 1400 ca ca.crt cert client2.crt key client2.key ns-cert-type server comp-lzo verb 3
我试过在DDWRT中禁用防火墙,但是没有任何效果。 这里是我正在使用的IPtables,虽然我已经尝试了大约20次迭代。
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT iptables -I FORWARD 1 --source 10.217.88.0/24 -j ACCEPT iptables -I FORWARD 1 --source 10.217.88.1/24 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -o br0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 10.217.88.1/24 -j MASQUERADE iptables -I FORWARD -i br0 -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
客户端日志
Sat Apr 29 21:04:34 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017 Sat Apr 29 21:04:34 2017 Windows version 6.2 (Windows 8 or greater) 64bit Sat Apr 29 21:04:34 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Enter Management Password: Sat Apr 29 21:04:34 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Sat Apr 29 21:04:34 2017 Need hold release from management interface, waiting... Sat Apr 29 21:04:35 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'state on' Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'log all on' Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'echo all on' Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'hold off' Sat Apr 29 21:04:35 2017 MANAGEMENT: CMD 'hold release' Sat Apr 29 21:04:35 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Sat Apr 29 21:04:35 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400) Sat Apr 29 21:04:35 2017 TCP/UDP: Preserving recently used remote address: [AF_INET] Sat Apr 29 21:04:35 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Sat Apr 29 21:04:35 2017 UDP link local: (not bound) Sat Apr 29 21:04:35 2017 UDP link remote: [AF_INET] Sat Apr 29 21:04:35 2017 MANAGEMENT: >STATE:1493517875,WAIT,,,,,, Sat Apr 29 21:04:52 2017 SIGTERM[hard,] received, process exiting Sat Apr 29 21:04:52 2017 MANAGEMENT: >STATE:1493517892,EXITING,SIGTERM,,,,,
服务器日志
Sun Apr 30 12:32:41 2017 OpenVPN 2.4.1 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 27 2017 Sun Apr 30 12:32:41 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Sun Apr 30 12:32:41 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14 Sun Apr 30 12:32:41 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Apr 30 12:32:41 2017 Diffie-Hellman initialized with 1024 bit key Sun Apr 30 12:32:41 2017 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400) Sun Apr 30 12:32:41 2017 TUN/TAP device tun0 opened Sun Apr 30 12:32:41 2017 TUN/TAP TX queue length set to 100 Sun Apr 30 12:32:41 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sun Apr 30 12:32:41 2017 /sbin/ifconfig tun0 10.217.88.1 netmask 255.255.255.0 mtu 1400 broadcast 10.217.88.255 Sun Apr 30 12:32:41 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Sun Apr 30 12:32:41 2017 UDP: Cannot create UDP/UDP6 socket: Address family not supported by protocol (errno=97) Sun Apr 30 12:32:41 2017 Exiting due to fatal error Sun Apr 30 12:32:41 2017 /tmp/openvpn/route-down.sh tun0 1400 1522 10.217.88.1 255.255.255.0 init Sun Apr 30 12:32:41 2017 Closing TUN/TAP interface Sun Apr 30 12:32:41 2017 /sbin/ifconfig tun0 0.0.0.0
编辑:澄清,我的沮丧是,我不能让服务器和客户端握手,至less相互回应。
我怀疑这是一个症状正在检查canyouseeme看到1194 UPD结果被closures。 尽pipe我已经configuration了IP表,如上所述。 即使完全closures防火墙,仍然会导致OpenVPN等待状态。