【问题标题】:Vpn connection succeeds from machine #A but fails from machine #BVpn 连接从机器#A 成功,但从机器#B 失败
【发布时间】:2020-03-15 21:31:09
【问题描述】:

在这些黑暗时期,虽然(由于冠状病毒)有(像许多人一样)在家办公,但我必须连接到我公司的 VPN。 后者为我的笔记本电脑#A(ubuntu 16.04.6 LTS)配置了 openvpn,以便我可以访问 VPN,并且它可以正常工作。

然后我尝试通过安装 openvpn(相同版本:2.4.8 x86_64-pc-linux-gnu)和复制来为自己配置第二台更强大的笔记本电脑(笔记本电脑#B,ubuntu 19.10):

  • 配置文件 (myConfig.ovpn)
  • 包含我的 P12 文件 用户 ID (MyUserId.p12)
  • TLS 加密密钥文件 (myEncryptionKey.key)
  • 包含我的标识符的文件 (auth.txt)
  • 我公司的 CA 证书 (my_company_ca.crt)

但是,尽管在我的机器#B 上显示连接序列已完成的消息,但整个日志更短(缺少有关 dhcp-option 的一些消息),并且我无法将我的公司服务器与它连接。 看起来像是一些 DNS 配置问题,但我不确定。

我该如何解决这个问题?

这是我在笔记本电脑#A 上的日志(连接成功):

Fri Mar 13 09:11:22 2020 WARNING: file 'MyUserId.p12' is group or others accessible
Fri Mar 13 09:11:22 2020 WARNING: file 'myEncryptionKey.key' is group or others accessible
Fri Mar 13 09:11:22 2020 WARNING: file 'auth.txt' is group or others accessible
Fri Mar 13 09:11:22 2020 OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 31 2019
Fri Mar 13 09:11:22 2020 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Fri Mar 13 09:11:22 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 13 09:11:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:23 2020 Attempting to establish TCP connection with [AF_INET]aaa.bb.94.187:1194 [nonblock]
Fri Mar 13 09:11:24 2020 TCP connection established with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:24 2020 TCP_CLIENT link local: (not bound)
Fri Mar 13 09:11:24 2020 TCP_CLIENT link remote: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:24 2020 [my.company.com] Peer Connection Initiated with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:31 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.4.8)
Fri Mar 13 09:11:31 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
Fri Mar 13 09:11:31 2020 TUN/TAP device tun0 opened
Fri Mar 13 09:11:31 2020 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 13 09:11:31 2020 /sbin/ip addr add dev tun0 ccc.dd.2.116/23 broadcast ccc.dd.3.255
Fri Mar 13 09:11:31 2020 /etc/openvpn/update-resolv-conf tun0 1500 1555 ccc.dd.2.116 255.255.254.0 init
dhcp-option DOMAIN pfa.tds
dhcp-option DNS xx.yy.zzz.93
dhcp-option DNS xx.yy.zzz.94
dhcp-option DOMAIN my.company.com
dhcp-option DOMAIN company.local
dhcp-option DOMAIN bla.foo.doh
Fri Mar 13 09:11:33 2020 Initialization Sequence Complete

还有我在笔记本电脑 #B 上的日志(连接失败):

Fri Mar 13 18:56:56 2020 WARNING: file 'MyUserId.p12' is group or others accessible
Fri Mar 13 18:56:56 2020 WARNING: file 'myEncryptionKey.key' is group or others accessible
Fri Mar 13 18:56:56 2020 WARNING: file 'auth.txt' is group or others accessible
Fri Mar 13 18:56:56 2020 OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Fri Mar 13 18:56:56 2020 library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.10
Fri Mar 13 18:56:56 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 13 18:56:56 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:56:56 2020 Attempting to establish TCP connection with [AF_INET]aaa.bb.94.187:1194 [nonblock]
Fri Mar 13 18:56:57 2020 TCP connection established with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:56:57 2020 TCP_CLIENT link local: (not bound)
Fri Mar 13 18:56:57 2020 TCP_CLIENT link remote: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:56:58 2020 [my.company.com] Peer Connection Initiated with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:57:00 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.4.8)
Fri Mar 13 18:57:00 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
Fri Mar 13 18:57:00 2020 TUN/TAP device tun0 opened
Fri Mar 13 18:57:00 2020 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 13 18:57:00 2020 /sbin/ip addr add dev tun0 ccc.dd.2.116/23 broadcast ccc.dd.3.255
Fri Mar 13 18:57:00 2020 /etc/openvpn/update-resolv-conf tun0 1500 1555 ccc.dd.2.116 255.255.254.0 init
Fri Mar 13 18:57:00 2020 Initialization Sequence Completed

这是我的 ovpn 配置文件:

dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM:AES-256-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote my.company.com 1194 tcp-client
verify-x509-name "my.company.com" name
auth-user-pass auth.txt
ca my_company_ca.crt
pkcs12 MyUserId.p12
tls-crypt myEncryptionKey.key
comp-lzo adaptive
auth-nocache
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-con

非常感谢您的帮助!

【问题讨论】:

    标签: dns openvpn


    【解决方案1】:

    较新版本的 Ubuntu 将使用较新版本的 OpenVPN。从 Ubuntu 16.04 迁移到 18.04 会中断与服务器的 OpenVPN 连接,因为默认加密更高且现在需要。这可能是你的问题。 openvpn --version 在两台笔记本电脑上生成相同的版本?

    另外,不要尝试从两个客户端同时使用相同的密钥连接到服务器,这会导致问题。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2014-02-11
      • 2012-04-07
      • 2018-04-11
      • 2011-09-08
      • 2016-09-14
      • 2011-05-08
      • 2019-02-27
      • 1970-01-01
      相关资源
      最近更新 更多