http://openvpn.net/index.php/open-source/documentation/howto.html页面告诉错误是:“这个错误表明客户端无法与服务器build立networking连接。”但是我认为情况并非如此。
这是我的configuration:OpenVPN服务器已经安装在一个Windows 2008有10个有效的IP地址。 我可以ping外部的OpenVPN的IP地址也没有安装在服务器上的防火墙来阻止端口。
OpenVPN Server Configuration: local 96.31.90.174 port 1937 proto tcp dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 OpenVPN客户端configuration:我已经安装在我的Windows 7没有防火墙。
client dev tun proto tcp remote 96.31.90.174 1937 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key ns-cert-type server comp-lzo verb 3
这里是客户端日志:
Tue Dec 08 23:42:06 2009 LZO compression initialized Tue Dec 08 23:42:06 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET: 0 EL:0 ] Tue Dec 08 23:42:06 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET: 0 EL:0 AF:3/1 ] Tue Dec 08 23:42:06 2009 Local Options hash (VER=V4): '69109d17' Tue Dec 08 23:42:06 2009 Expected Remote Options hash (VER=V4): 'c0103fa8' Tue Dec 08 23:42:06 2009 Attempting to establish TCP connection with 96.31.90.17 4:1937 Tue Dec 08 23:42:06 2009 TCP connection established with 96.31.90.174:1937 Tue Dec 08 23:42:06 2009 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Dec 08 23:42:06 2009 TCPv4_CLIENT link local: [undef] Tue Dec 08 23:42:06 2009 TCPv4_CLIENT link remote: 96.31.90.174:1937 Tue Dec 08 23:42:08 2009 TLS: Initial packet from 96.31.90.174:1937, sid=fdc04dc 5 451dd470 Tue Dec 08 23:43:06 2009 TLS Error: TLS key negotiation failed to occur within 6 0 seconds (check your network connectivity) Tue Dec 08 23:43:06 2009 TLS Error: TLS handshake failed Tue Dec 08 23:43:06 2009 Fatal TLS error (check_tls_errors_co), restarting Tue Dec 08 23:43:06 2009 TCP/UDP: Closing socket Tue Dec 08 23:43:06 2009 SIGUSR1[soft,tls-error] received, process restarting Tue Dec 08 23:43:06 2009 Restart pause, 5 second(s)
这里是服务器日志:
Tue Dec 08 15:26:13 2009 ROUTE default_gateway=96.31.90.129 Tue Dec 08 15:26:13 2009 TAP-WIN32 device [Local Area Connection 2] opened: \\.\ Global\{0602F6D1-2000-4C16-B681-3E9FEFE3200D}.tap Tue Dec 08 15:26:13 2009 TAP-Win32 Driver Version 9.6 Tue Dec 08 15:26:13 2009 TAP-Win32 MTU=1500 Tue Dec 08 15:26:13 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1 0.8.0.1/255.255.255.252 on interface {0602F6D1-2000-4C16-B681-3E9FEFE3200D} [DHC P-serv: 10.8.0.2, lease-time: 31536000] Tue Dec 08 15:26:13 2009 Sleeping for 10 seconds... Tue Dec 08 15:26:23 2009 Successful ARP Flush on interface [21] {0602F6D1-2000-4 C16-B681-3E9FEFE3200D} Tue Dec 08 15:26:24 2009 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255 .255.0 10.8.0.2 Tue Dec 08 15:26:24 2009 ROUTE: route addition failed using CreateIpForwardEntry : The object already exists. [status=5010 if_index=21] Tue Dec 08 15:26:24 2009 Route addition via IPAPI failed [adaptive] Tue Dec 08 15:26:24 2009 Route addition fallback to route.exe The route addition failed: The object already exists. Tue Dec 08 15:26:24 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET: 0 EL:0 AF:3/1 ] Tue Dec 08 15:26:24 2009 Listening for incoming TCP connection on 96.31.90.174:1 937 Tue Dec 08 15:26:24 2009 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Dec 08 15:26:24 2009 TCPv4_SERVER link local (bound): 96.31.90.174:1937 Tue Dec 08 15:26:24 2009 TCPv4_SERVER link remote: [undef] Tue Dec 08 15:26:25 2009 MULTI: multi_init called, r=256 v=256 Tue Dec 08 15:26:25 2009 IFCONFIG POOL: base=10.8.0.4 size=62 Tue Dec 08 15:26:25 2009 IFCONFIG POOL LIST Tue Dec 08 15:26:25 2009 MULTI: TCP INIT maxclients=60 maxevents=64 Tue Dec 08 15:26:25 2009 Initialization Sequence Completed Tue Dec 08 15:26:33 2009 MULTI: multi_create_instance called Tue Dec 08 15:26:33 2009 Re-using SSL/TLS context Tue Dec 08 15:26:33 2009 LZO compression initialized Tue Dec 08 15:26:33 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET: 0 EL:0 ] Tue Dec 08 15:26:34 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET: 0 EL:0 AF:3/1 ] Tue Dec 08 15:26:34 2009 Local Options hash (VER=V4): 'c0103fa8' Tue Dec 08 15:26:34 2009 Expected Remote Options hash (VER=V4): '69109d17' Tue Dec 08 15:26:34 2009 TCP connection established with 62.220.113.29:56336 Tue Dec 08 15:26:34 2009 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Dec 08 15:26:34 2009 TCPv4_SERVER link local: [undef] Tue Dec 08 15:26:34 2009 TCPv4_SERVER link remote: 62.220.113.29:56336 Tue Dec 08 15:26:34 2009 62.220.113.29:56336 TLS: Initial packet from 62.220.113 .29:56336, sid=fa280cbb 89e9998b Tue Dec 08 15:26:38 2009 MULTI: multi_create_instance called Tue Dec 08 15:26:38 2009 Re-using SSL/TLS context Tue Dec 08 15:26:38 2009 LZO compression initialized Tue Dec 08 15:26:38 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET: 0 EL:0 ] Tue Dec 08 15:26:39 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET: 0 EL:0 AF:3/1 ] Tue Dec 08 15:26:39 2009 Local Options hash (VER=V4): 'c0103fa8' Tue Dec 08 15:26:39 2009 Expected Remote Options hash (VER=V4): '69109d17' Tue Dec 08 15:26:39 2009 TCP connection established with 81.91.158.242:62068 Tue Dec 08 15:26:39 2009 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Dec 08 15:26:39 2009 TCPv4_SERVER link local: [undef] Tue Dec 08 15:26:39 2009 TCPv4_SERVER link remote: 81.91.158.242:62068 Tue Dec 08 15:26:39 2009 81.91.158.242:62068 TLS: Initial packet from 81.91.158. 242:62068, sid=cc8b77bc 966250fd Tue Dec 08 15:27:34 2009 62.220.113.29:56336 TLS Error: TLS key negotiation fail ed to occur within 60 seconds (check your network connectivity) Tue Dec 08 15:27:34 2009 62.220.113.29:56336 TLS Error: TLS handshake failed Tue Dec 08 15:27:34 2009 62.220.113.29:56336 Fatal TLS error (check_tls_errors_c o), restarting Tue Dec 08 15:27:34 2009 62.220.113.29:56336 SIGUSR1[soft,tls-error] received, c lient-instance restarting Tue Dec 08 15:27:34 2009 TCP/UDP: Closing socket Tue Dec 08 15:27:39 2009 81.91.158.242:62068 TLS Error: TLS key negotiation fail ed to occur within 60 seconds (check your network connectivity) Tue Dec 08 15:27:39 2009 81.91.158.242:62068 TLS Error: TLS handshake failed Tue Dec 08 15:27:39 2009 81.91.158.242:62068 Fatal TLS error (check_tls_errors_c o), restarting Tue Dec 08 15:27:39 2009 81.91.158.242:62068 SIGUSR1[soft,tls-error] received, c lient-instance restarting Tue Dec 08 15:27:40 2009 TCP/UDP: Closing socket
您的客户端configuration中指定了端口1937,但指定服务器在您的服务器configuration中侦听的端口1194。 话虽如此,您的服务器日志显示它正在侦听1937端口,至less在您logging该日志时。 除此之外,没有什么看起来不适合我。
它肯定看起来像你在客户端和服务器之间获得良好的TCP连接。 为了排除任何PKI问题,我首先从静态密钥configuration开始,一旦有效,就转到公钥configuration。
您可以先检查几件事情:
我前几天也有同样的问题,我解决了这个问题。 我添加了客户端的* .csr文件到客户端包与证书和密钥,一切工作。