V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
bincoredump
V2EX  ›  问与答

请教各位大神一个VPS上搭建OpenVPN后却无法连接上的问题

  •  
  •   bincoredump · 2013-03-05 19:09:52 +08:00 · 21875 次点击
    这是一个创建于 4285 天前的主题,其中的信息可能已经有所发展或是发生改变。
    1.概况:我在linode的VPS(Ubuntu系统)上准备搭建个VPN,用的是OpenVPN。

    现在客户端的日志如下:
    Tue Mar 05 18:46:16 2013 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
    Tue Mar 05 18:46:16 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Tue Mar 05 18:46:16 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Tue Mar 05 18:46:16 2013 LZO compression initialized
    Tue Mar 05 18:46:16 2013 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Tue Mar 05 18:46:16 2013 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
    Tue Mar 05 18:46:16 2013 Local Options hash (VER=V4): '69109d17'
    Tue Mar 05 18:46:16 2013 Expected Remote Options hash (VER=V4): 'c0103fa8'
    Tue Mar 05 18:46:16 2013 Attempting to establish TCP connection with XX.XX.XX.XX:1194
    Tue Mar 05 18:46:16 2013 TCP connection established with 96.126.98.54:1194
    Tue Mar 05 18:46:16 2013 TCPv4_CLIENT link local: [undef]
    Tue Mar 05 18:46:16 2013 TCPv4_CLIENT link remote: 96.126.98.54:1194
    Tue Mar 05 18:46:16 2013 Connection reset, restarting [-1]
    Tue Mar 05 18:46:16 2013 TCP/UDP: Closing socket
    Tue Mar 05 18:46:16 2013 SIGUSR1[soft,connection-reset] received, process restarting
    Tue Mar 05 18:46:16 2013 Restart pause, 5 second(s)

    服务器端syslog中的日志:
    Mar 5 06:04:25 localhost ovpn-server[19057]: MULTI: multi_create_instance called
    Mar 5 06:04:25 localhost ovpn-server[19057]: Re-using SSL/TLS context
    Mar 5 06:04:25 localhost ovpn-server[19057]: LZO compression initialized
    Mar 5 06:04:25 localhost ovpn-server[19057]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Mar 5 06:04:25 localhost ovpn-server[19057]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
    Mar 5 06:04:25 localhost ovpn-server[19057]: Local Options hash (VER=V4): 'c0103fa8'
    Mar 5 06:04:25 localhost ovpn-server[19057]: Expected Remote Options hash (VER=V4): '69109d17'
    Mar 5 06:04:25 localhost ovpn-server[19057]: TCP connection established with [AF_INET]117.88.18.249:13886
    Mar 5 06:04:25 localhost ovpn-server[19057]: Socket Buffers: R=[131072->131072] S=[131072->131072]
    Mar 5 06:04:25 localhost ovpn-server[19057]: TCPv4_SERVER link local: [undef]
    Mar 5 06:04:25 localhost ovpn-server[19057]: TCPv4_SERVER link remote: [AF_INET]117.88.18.249:13886
    Mar 5 06:04:25 localhost ovpn-server[19057]: 117.88.18.249:13886 TLS: Initial packet from [AF_INET]117.88.18.249:13886, sid=a5e55d90 22b5ae99
    Mar 5 06:04:25 localhost ovpn-server[19057]: 117.88.18.249:13886 Connection reset, restarting [-1]
    Mar 5 06:04:25 localhost ovpn-server[19057]: 117.88.18.249:13886 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Mar 5 06:04:25 localhost ovpn-server[19057]: TCP/UDP: Closing socket


    2.服务器端配置文件如下:
    local 96.126.98.54
    port 1194
    proto tcp
    dev tun
    ca ca.crt
    cert myservername.crt
    key myservername.key
    dh dh1024.pem
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    push "redirect-gateway def1"
    keepalive 10 120
    persist-key
    persist-tun
    comp-lzo
    verb 3
    push "dhcp-option DNS 10.8.0.1"

    3.客户端配置文件:
    client
    dev tun
    proto tcp
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    comp-lzo
    verb 3

    请求各位大神指点啊~~~~
    12 条回复    2017-08-06 17:59:40 +08:00
    adspe
        1
    adspe  
       2013-03-05 19:47:23 +08:00
    reset了还有什么好讲。
    ericFork
        2
    ericFork  
       2013-03-05 20:11:49 +08:00
    无它,但被墙耳
    bincoredump
        3
    bincoredump  
    OP
       2013-03-05 22:28:01 +08:00
    @adspe
    @ericFork

    二位大侠,我不是很明白呀。被墙了?可是我可以ping通这个ip呀,也可以telnet上去
    gateswong
        4
    gateswong  
       2013-03-05 22:36:45 +08:00
    和你访问被墙网站的reset是一个道理
    bincoredump
        5
    bincoredump  
    OP
       2013-03-05 22:43:49 +08:00
    @gateswong ip没被墙,是端口被墙了吗?我换个端口试试?
    ericFork
        6
    ericFork  
       2013-03-05 23:01:36 +08:00
    @bincoredump 换端口之后 24 小时左右必墙,反复几次之后即封 IP
    bincoredump
        7
    bincoredump  
    OP
       2013-03-05 23:15:48 +08:00
    @ericFork 啊。。。请问那这怎么办?还有解决办法吗?
    TONYHEAD
        8
    TONYHEAD  
       2013-03-05 23:52:46 +08:00
    @bincoredump 一般的OpenVPN很容易被封,试试 OpenVPN+混淆 。
    ericFork
        9
    ericFork  
       2013-03-05 23:59:22 +08:00
    molinxx
        10
    molinxx  
       2013-03-06 02:56:51 +08:00 via Android   ❤️ 7
    要是自用的话何必OpenVPN呢?PPTP和L2TP够用了~
    yylzcom
        11
    yylzcom  
       2013-03-06 17:45:14 +08:00
    centos有一键安装pptp的脚本,openvpn在国内已死……
    mikangchan
        12
    mikangchan  
       2017-08-06 17:59:40 +08:00
    不是吧..我国内的服务器还有墙?还加了 TLS
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5233 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 03:54 · PVG 11:54 · LAX 19:54 · JFK 22:54
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.