Configure OpenVPN在本地Centos 7服务器上。

huangapple go评论61阅读模式
英文:

Configure Open VPN on a local Centos 7 serer

问题

I applied the configuration listed in this Website https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7

我应用了该网站上列出的配置 https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7

I was able to run the VPN server and it stay running, but not able to connect from the client after trying to connect as shown in the picture below

我能够运行VPN服务器并保持运行,但在尝试连接后,无法从客户端连接,如下图所示:

Logs after checking the server status:

检查服务器状态后的日志:

openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-05-25 21:32:46 CST; 13min ago
 Main PID: 18741 (openvpn)
   Status: "Initialization Sequence Completed"
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─18741 /usr/sbin/openvpn --cd /etc/openvpn/ --config server.conf

May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 IFCONFIG POOL LIST
May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 Initialization Sequence Completed
May 25 21:32:48 localhost.localdomain openvpn[18741]: Thu May 25 21:32:48 2023 192.168.0.148:62830 TLS: Initial packet from [AF_INET]192.168.0.148:62830, sid=7bccaacb 8595effe
May 25 21:32:49 localhost.localdomain openvpn[18741]: Thu May 25 21:32:49 2023 192.168.0.148:62831 TLS: Initial packet from [AF_INET]192.168.0.148:62831, sid=1c641459 f17d5fad
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS handshake failed
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 SIGUSR1[soft,tls-error] received, client-instance restarting
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS handshake failed
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 SIGUSR1[soft,tls-error] received, client-instance restarting
[root@localhost ~]# 

The client configuration are:

客户端配置如下:

tls-client
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote SERVER_IP_ADDRESS 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody

Configure OpenVPN在本地Centos 7服务器上。

英文:

I applied the configuration listed in this Website https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7

I was able to run the VPN server and it stay running, but not able to connect from the client after trying to connect as shown in the picture below
Configure OpenVPN在本地Centos 7服务器上。

Logs after checking the server status:

openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-05-25 21:32:46 CST; 13min ago
 Main PID: 18741 (openvpn)
   Status: "Initialization Sequence Completed"
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─18741 /usr/sbin/openvpn --cd /etc/openvpn/ --config server.conf

May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 IFCONFIG POOL LIST
May 25 21:32:46 localhost.localdomain openvpn[18741]: Thu May 25 21:32:46 2023 Initialization Sequence Completed
May 25 21:32:48 localhost.localdomain openvpn[18741]: Thu May 25 21:32:48 2023 192.168.0.148:62830 TLS: Initial packet from [AF_INET]192.168.0.148:62830, sid=7bccaacb 8595effe
May 25 21:32:49 localhost.localdomain openvpn[18741]: Thu May 25 21:32:49 2023 192.168.0.148:62831 TLS: Initial packet from [AF_INET]192.168.0.148:62831, sid=1c641459 f17d5fad
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 TLS Error: TLS handshake failed
May 25 21:33:48 localhost.localdomain openvpn[18741]: Thu May 25 21:33:48 2023 192.168.0.148:62830 SIGUSR1[soft,tls-error] received, client-instance restarting
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 TLS Error: TLS handshake failed
May 25 21:33:49 localhost.localdomain openvpn[18741]: Thu May 25 21:33:49 2023 192.168.0.148:62831 SIGUSR1[soft,tls-error] received, client-instance restarting
[root@localhost ~]#

The client configuration are:

tls-client
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote SERVER_IP_ADDRESS 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody

Configure OpenVPN在本地Centos 7服务器上。

答案1

得分: -1

我已经将客户端配置更改为以下内容,并成功连接:

client
proto udp
remote SERVER_IP_ADDRESS 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
dhcp-option DNS 8.8.8.8
verb 3
redirect-gateway def1

配置详情: https://docs.google.com/document/d/1fMisf1bCRzyIDX4Dtisb7DT173rJBzDQBshafsR2QWo/edit?usp=sharing

英文:

I changed the client configuration to the following and was able to connect

client
proto udp
remote SERVER_IP_ADDRESS 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
tls-crypt myvpn.tlsauth
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
dhcp-option DNS 8.8.8.8
verb 3
redirect-gateway def1

Configuration details: https://docs.google.com/document/d/1fMisf1bCRzyIDX4Dtisb7DT173rJBzDQBshafsR2QWo/edit?usp=sharing

huangapple
  • 本文由 发表于 2023年5月25日 22:09:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/76333227.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定