我需要配置一个在Windows上成功运行的OpenVPN连接,但是在DigitalOcean的Linux Ubuntu 16.04上尝试它之后,它失败,并显示以下输出:
Tue Oct 1 13:33:13 2019 us=273565 Current Parameter Settings:
Tue Oct 1 13:33:13 2019 us=273892 config = 'VPN.ovpn'
Tue Oct 1 13:33:13 2019 us=274158 mode = 0
Tue Oct 1 13:33:13 2019 us=274423 persist_config = DISABLED
Tue Oct 1 13:33:13 2019 us=274670 persist_mode = 1
Tue Oct 1 13:33:13 2019 us=274847 show_ciphers = DISABLED
Tue Oct 1 13:33:13 2019 us=275017 show_digests = DISABLED
Tue Oct 1 13:33:13 2019 us=275178 show_engines = DISABLED
Tue Oct 1 13:33:13 2019 us=275352 genkey = DISABLED
Tue Oct 1 13:33:13 2019 us=275513 key_pass_file = '/etc/openvpn/psk.pass'
Tue Oct 1 13:33:13 2019 us=275688 NOTE: --mute triggered...
Tue Oct 1 13:33:13 2019 us=275855 267 variation(s) on previous 10 message(s) suppressed by --mute
Tue Oct 1 13:33:13 2019 us=276058 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 9 2019
Tue Oct 1 13:33:13 2019 us=276260 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Tue Oct 1 13:33:13 2019 us=276483 WARNING: file '/etc/openvpn/auth.txt' is group or others accessible
Tue Oct 1 13:33:13 2019 us=280348 WARNING: file '/etc/openvpn/cert_export_Cliente.key' is group or others accessible
Tue Oct 1 13:33:13 2019 us=280690 Control Channel MTU parms [ L:1559 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Tue Oct 1 13:33:13 2019 us=280905 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Oct 1 13:33:13 2019 us=281991 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:12 ET:0 EL:3 ]
Tue Oct 1 13:33:13 2019 us=282182 Local Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Tue Oct 1 13:33:13 2019 us=282375 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Tue Oct 1 13:33:13 2019 us=282573 Local Options hash (VER=V4): 'dfa3fe29'
Tue Oct 1 13:33:13 2019 us=282748 Expected Remote Options hash (VER=V4): '3e5d5b9b'
Tue Oct 1 13:33:13 2019 us=282929 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:yyyy [nonblock]
Tue Oct 1 13:33:14 2019 us=283319 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:yyyy
Tue Oct 1 13:33:14 2019 us=283727 TCPv4_CLIENT link local: [undef]
Tue Oct 1 13:33:14 2019 us=283966 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:yyyy
Tue Oct 1 13:33:14 2019 us=284370 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:yyyy, sid=0b902ea0 7f60a7fd
Tue Oct 1 13:33:15 2019 us=680440 VERIFY OK: depth=1, CN=XXXXXX
Tue Oct 1 13:33:15 2019 us=681045 Validating certificate key usage
Tue Oct 1 13:33:15 2019 us=681337 ++ Certificate has key usage 00b6, expects 00a0
Tue Oct 1 13:33:15 2019 us=681559 ++ Certificate has key usage 00b6, expects 0088
Tue Oct 1 13:33:15 2019 us=681796 VERIFY KU ERROR
Tue Oct 1 13:33:15 2019 us=682061 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Tue Oct 1 13:33:15 2019 us=682256 TLS Error: TLS object -> incoming plaintext read error
Tue Oct 1 13:33:15 2019 us=682469 TLS Error: TLS handshake failed
Tue Oct 1 13:33:15 2019 us=682702 Fatal TLS error (check_tls_errors_co), restarting
Tue Oct 1 13:33:15 2019 us=682894 TCP/UDP: Closing socket
Tue Oct 1 13:33:15 2019 us=683149 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 1 13:33:15 2019 us=683327 Restart pause, 5 second(s)
^CTue Oct 1 13:33:17 2019 us=514911 SIGINT[hard,init_instance] received, process exiting
VPN提供商说VPN是为Windows配置的,而不是为Linux配置的,但我并不完全相信这是正确的。有没有办法连接到VPN?
这是我的.ovpn文件:
client
dev tun
proto tcp-client
remote vpn.xxxxxxxx.com.yyy
port YYYY
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
askpass /etc/openvpn/psk.pass
ca /etc/openvpn/cert_export_SERVER.crt
cert /etc/openvpn/cert_export_CLIENT.crt
key /etc/openvpn/cert_export_CLIENTE.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass /etc/openvpn/auth.txt
auth-nocache
route 10.0.0.0 255.0.0.0 192.168.15.254
升级到Ubuntu 18.04,现在可以连接。