英文:
Configure Open VPN on a local Centos 7 serer
问题
I applied the configuration listed in this Website https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7
我应用了该网站上列出的配置 https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7
I was able to run the VPN server and it stay running, but not able to connect from the client after trying to connect as shown in the picture below
我能够运行VPN服务器并保持运行,但在尝试连接后,无法从客户端连接,如下图所示:
Logs after checking the server status:
检查服务器状态后的日志:
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-05-25 21:32:46 CST; 13min ago
Main PID: 18741 (openvpn)
Status: "Initialization Sequence Completed"
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
└─18741 /usr/sbin/openvpn --cd /etc/openvpn/ --config server.conf
May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 IFCONFIG POOL LIST
May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 Initialization Sequence Completed
May 25 21:32:48 localhost.localdomain openvpn[18741]: Thu May 25 21:32:48 2023 192.168.0.148:62830 TLS: Initial packet from [AF_INET]192.168.0.148:62830, sid=7bccaacb 8595effe
May 25 21:32:49 localhost.localdomain openvpn[18741]: Thu May 25 21:32:49 2023 192.168.0.148:62831 TLS: Initial packet from [AF_INET]192.168.0.148:62831, sid=1c641459 f17d5fad
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS handshake failed
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 SIGUSR1[soft,tls-error] received, client-instance restarting
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS handshake failed
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 SIGUSR1[soft,tls-error] received, client-instance restarting
[root@localhost ~]#
The client configuration are:
客户端配置如下:
tls-client
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote SERVER_IP_ADDRESS 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody
英文:
I applied the configuration listed in this Website https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7
I was able to run the VPN server and it stay running, but not able to connect from the client after trying to connect as shown in the picture below
Logs after checking the server status:
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-05-25 21:32:46 CST; 13min ago
Main PID: 18741 (openvpn)
Status: "Initialization Sequence Completed"
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
└─18741 /usr/sbin/openvpn --cd /etc/openvpn/ --config server.conf
May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 IFCONFIG POOL LIST
May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 Initialization Sequence Completed
May 25 21:32:48 localhost.localdomain openvpn[18741]: Thu May 25 21:32:48 2023 192.168.0.148:62830 TLS: Initial packet from [AF_INET]192.168.0.148:62830, sid=7bccaacb 8595effe
May 25 21:32:49 localhost.localdomain openvpn[18741]: Thu May 25 21:32:49 2023 192.168.0.148:62831 TLS: Initial packet from [AF_INET]192.168.0.148:62831, sid=1c641459 f17d5fad
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS handshake failed
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 SIGUSR1[soft,tls-error] received, client-instance restarting
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS handshake failed
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 SIGUSR1[soft,tls-error] received, client-instance restarting
[root@localhost ~]#
The client configuration are:
tls-client
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote SERVER_IP_ADDRESS 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody
答案1
得分: -1
我已经将客户端配置更改为以下内容,并成功连接:
client
proto udp
remote SERVER_IP_ADDRESS 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
dhcp-option DNS 8.8.8.8
verb 3
redirect-gateway def1
配置详情: https://docs.google.com/document/d/1fMisf1bCRzyIDX4Dtisb7DT173rJBzDQBshafsR2QWo/edit?usp=sharing
英文:
I changed the client configuration to the following and was able to connect
client
proto udp
remote SERVER_IP_ADDRESS 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
dhcp-option DNS 8.8.8.8
verb 3
redirect-gateway def1
Configuration details: https://docs.google.com/document/d/1fMisf1bCRzyIDX4Dtisb7DT173rJBzDQBshafsR2QWo/edit?usp=sharing
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论