【发布时间】:2020-03-15 21:31:09
【问题描述】:
在这些黑暗时期,虽然(由于冠状病毒)有(像许多人一样)在家办公,但我必须连接到我公司的 VPN。 后者为我的笔记本电脑#A(ubuntu 16.04.6 LTS)配置了 openvpn,以便我可以访问 VPN,并且它可以正常工作。
然后我尝试通过安装 openvpn(相同版本:2.4.8 x86_64-pc-linux-gnu)和复制来为自己配置第二台更强大的笔记本电脑(笔记本电脑#B,ubuntu 19.10):
- 配置文件 (myConfig.ovpn)
- 包含我的 P12 文件 用户 ID (MyUserId.p12)
- TLS 加密密钥文件 (myEncryptionKey.key)
- 包含我的标识符的文件 (auth.txt)
- 我公司的 CA 证书 (my_company_ca.crt)
但是,尽管在我的机器#B 上显示连接序列已完成的消息,但整个日志更短(缺少有关 dhcp-option 的一些消息),并且我无法将我的公司服务器与它连接。 看起来像是一些 DNS 配置问题,但我不确定。
我该如何解决这个问题?
这是我在笔记本电脑#A 上的日志(连接成功):
Fri Mar 13 09:11:22 2020 WARNING: file 'MyUserId.p12' is group or others accessible
Fri Mar 13 09:11:22 2020 WARNING: file 'myEncryptionKey.key' is group or others accessible
Fri Mar 13 09:11:22 2020 WARNING: file 'auth.txt' is group or others accessible
Fri Mar 13 09:11:22 2020 OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 31 2019
Fri Mar 13 09:11:22 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Fri Mar 13 09:11:22 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 13 09:11:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:23 2020 Attempting to establish TCP connection with [AF_INET]aaa.bb.94.187:1194 [nonblock]
Fri Mar 13 09:11:24 2020 TCP connection established with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:24 2020 TCP_CLIENT link local: (not bound)
Fri Mar 13 09:11:24 2020 TCP_CLIENT link remote: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:24 2020 [my.company.com] Peer Connection Initiated with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 09:11:31 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.4.8)
Fri Mar 13 09:11:31 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
Fri Mar 13 09:11:31 2020 TUN/TAP device tun0 opened
Fri Mar 13 09:11:31 2020 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 13 09:11:31 2020 /sbin/ip addr add dev tun0 ccc.dd.2.116/23 broadcast ccc.dd.3.255
Fri Mar 13 09:11:31 2020 /etc/openvpn/update-resolv-conf tun0 1500 1555 ccc.dd.2.116 255.255.254.0 init
dhcp-option DOMAIN pfa.tds
dhcp-option DNS xx.yy.zzz.93
dhcp-option DNS xx.yy.zzz.94
dhcp-option DOMAIN my.company.com
dhcp-option DOMAIN company.local
dhcp-option DOMAIN bla.foo.doh
Fri Mar 13 09:11:33 2020 Initialization Sequence Complete
还有我在笔记本电脑 #B 上的日志(连接失败):
Fri Mar 13 18:56:56 2020 WARNING: file 'MyUserId.p12' is group or others accessible
Fri Mar 13 18:56:56 2020 WARNING: file 'myEncryptionKey.key' is group or others accessible
Fri Mar 13 18:56:56 2020 WARNING: file 'auth.txt' is group or others accessible
Fri Mar 13 18:56:56 2020 OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Fri Mar 13 18:56:56 2020 library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10
Fri Mar 13 18:56:56 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 13 18:56:56 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:56:56 2020 Attempting to establish TCP connection with [AF_INET]aaa.bb.94.187:1194 [nonblock]
Fri Mar 13 18:56:57 2020 TCP connection established with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:56:57 2020 TCP_CLIENT link local: (not bound)
Fri Mar 13 18:56:57 2020 TCP_CLIENT link remote: [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:56:58 2020 [my.company.com] Peer Connection Initiated with [AF_INET]aaa.bb.94.187:1194
Fri Mar 13 18:57:00 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.4.8)
Fri Mar 13 18:57:00 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.8)
Fri Mar 13 18:57:00 2020 TUN/TAP device tun0 opened
Fri Mar 13 18:57:00 2020 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 13 18:57:00 2020 /sbin/ip addr add dev tun0 ccc.dd.2.116/23 broadcast ccc.dd.3.255
Fri Mar 13 18:57:00 2020 /etc/openvpn/update-resolv-conf tun0 1500 1555 ccc.dd.2.116 255.255.254.0 init
Fri Mar 13 18:57:00 2020 Initialization Sequence Completed
这是我的 ovpn 配置文件:
dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM:AES-256-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote my.company.com 1194 tcp-client
verify-x509-name "my.company.com" name
auth-user-pass auth.txt
ca my_company_ca.crt
pkcs12 MyUserId.p12
tls-crypt myEncryptionKey.key
comp-lzo adaptive
auth-nocache
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-con
非常感谢您的帮助!
【问题讨论】: