我正在尝试设置一个openVPN服务器并使用Tunnelblick连接到它。 我的OpenVPN版本是2.4.3。 我正在使用EastRSA-3.0.1。 我的证书使用椭圆曲线secp521v1。
openvpn日志
Thu Jul 6 14:56:25 2017 999.222.18.250:37144 TLS错误:服务器没有与客户端共同的TLS密码组。 你的–tls-cipher设置可能太严格了。 Thu Jul 6 14:56:25 2017 999.222.18.250:37144 OpenSSL:错误:1408A0C1:SSL例程:SSL3_GET_CLIENT_HELLO:没有共享密码Thu Jul 6 14:56:25 2017 999.222.18.250:37144 TLS_ERROR:BIO读取tls_read_plaintext错误Thu Jul 7 6 14:56:25 2017 999.222.18.250:37144 TLS错误:TLS对象 – >传入明文读取错误Thu Jul 6 14:56:25 2017 999.222.18.250:37144 TLS Error:TLS handshake f
这是我的server.conf
dev tun proto udp port 1194 user nobody group nogroup ca ca.crt cert server.crt # SWAP WITH YOUR CRT NAME key server.key # SWAP WITH YOUR KEY NAME dh none server 192.168.8.0 255.255.255.0 ifconfig-pool-persist ipp.txt # ncp-disable cipher AES-256-CBC auth SHA512 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA tls-version-min 1.2 push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" compress lz4-v2 push "compress lz4-v2" keepalive 10 120 persist-key persist-tun tls-server tls-auth /usr/local/share/ca-certificates/ta.key 0 key-direction 0 status /var/log/openvpn2-status.log log /var/log/openvpn2.log verb 3 daemon client.ovpn
client proto udp dev tun remote vpn.mydomain.com 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC tls-version-min 1.2 tls-client ping 15 ping-restart 120 route 10.0.0.0 255.0.0.0 route-nopull key-direction 1 daemon user nobody group nogroup <ca> [Security-related line(s) omitted] </ca> <cert> [Security-related line(s) omitted] </cert> <key> [Security-related line(s) omitted] </key> <tls-auth> [Security-related line(s) omitted] </tls-auth>
解决的办法是我使用错误的tls-cipher椭圆曲线证书。 正确的tls-cipher是
tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384