OpenVPN不适用于TCP

我正在尝试configurationopenvpn，我使用了OpenVPN自带的configuration和证书/密钥示例。 当我使用UDP的时候它工作的很好，但是它不能和TCP一起工作

服务器tls.conf

# OpenVPN config "server-tls.conf" # # test using: openvpn –-config server-tls.conf proto tcp #default dev tun #default port 8080 #default management 127.0.0.1 8080 # Tunnel IP-number plan: # network: 10.4.0.0/24 all tunnel-endpoints (TEPs) # IP: 10.4.0.1 server # IP: 10.4.0.2 server p2p address (not-used) # IP: 10.4.0.5 client-1 p2p address (not-used) # IP: 10.4.0.6 client-1 # IP: 10.4.0.9 client-2 p2p address (not-used) # IP: 10.4.0.10 client-2 # IP: 10.4.0.13 client-3 p2p address (not-used) # IP: 10.4.0.14 client-3 # etc... This setup allows (2^(32-24)/4)-1=63 clients server 10.4.0.0 255.255.255.0 # the server Tunnel-IP will be .1 # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. ifconfig-pool-persist ipp.txt # The 'server' command also established a pool of Tunnel-IPs for the clients (like DHCP) #route 10.4.0.0 255.255.255.0 # this command is implicit with 'server' command cd /etc/openvpn/ log /var/log/openvpn.log ca ca.crt cert server.crt key server.key dh dh1024.pem tls-auth ta.key 0 # Use 0=server, 1=client verb 3 keepalive 10 60 persist-tun persist-key persist-local-ip comp-lzo duplicate-cn # needed if all clients use same client.crt/key # Uncomment following line if you want to allow client-to-client traffic: # (dont use this option if you want to filter the client-to-client packets via iptables) #client-to-client #push "route 10.4.0.0 255.255.255.0" # this is done automatically with client-to-client command (else do specify) # end of "server-tls.conf" 

客户tls.conf

 # OpenVPN config "client-tls.conf" # # run with: openvpn –config client-tls.conf proto tcp #default dev tun #default client remote xxxx 8080 #cd /etc/openvpn/ #log /var/log/openvpn.log #log openvpn.log ca ca.crt cert client.crt key client.key tls-auth ta.key 1 # Use 0=server, 1=client # Verify that we are connected with the correct server: tls-remote "Test-Server" ns-cert-type server nobind verb 3 keepalive 10 60 comp-lzo explicit-exit-notify 2 # end of "client-tls.conf" 

服务器日志：

• FortiGate 80c端口转发
• OpenVPN服务器不会redirectstream量
• 如何为所有使用OpenVPN的用户使用共享密钥和证书？
• OpenVPN客户端连接，但不能在VPN地址范围内ping
• 在Linux上设置VPN，通过ssh连接

 cat /var/log/openvpn.log Tue Dec 11 17:36:18 2012 OpenVPN 2.2.0 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jul 4 2011 Tue Dec 11 17:36:18 2012 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:8080 Tue Dec 11 17:36:18 2012 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn Tue Dec 11 17:36:18 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Dec 11 17:36:18 2012 Diffie-Hellman initialized with 1024 bit key Tue Dec 11 17:36:18 2012 WARNING: file 'server.key' is group or others accessible Tue Dec 11 17:36:18 2012 WARNING: file 'ta.key' is group or others accessible Tue Dec 11 17:36:18 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Dec 11 17:36:18 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Dec 11 17:36:18 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Dec 11 17:36:18 2012 TLS-Auth MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Dec 11 17:36:18 2012 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue Dec 11 17:36:18 2012 TCP/UDP: Socket bind failed on local address [undef]: Address already in use Tue Dec 11 17:36:18 2012 Exiting 

客户端日志：

 Options error: --explicit-exit-notify can only be used with --proto udp Use --help for more information. 

为什么它不能在TCP模式下工作？

 port 8080 management 127.0.0.1 8081 

 explicit-exit-notify 2