OpenVPN 无法通过 TCP 连接

问题描述 投票:0回答:0

情况是:我有一个带有 Ubuntu 22.04LTS 的 Raspberry Pi 4B,并在其上运行 OpenVPN 服务器,我从 https://github.com/Nyr/openvpn-install 安装了来自 https://computingforgeeks 的链接.com/easy-way-to-install-and-configure-openvpn-server-on-ubuntu/?expand_article=1。只要我坚持使用 UDP,这就有效。

当我切换到 TCP 时(这里是服务器配置)

local 192.168.0.60
port 1194
#proto udp
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 10.8.0.1"
#push "dhcp-option DNS 1.1.1.1"
#push "dhcp-option DNS 1.0.0.1"
push "block-outside-dns"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
#explicit-exit-notify

服务器正常启动,并且确实在监听

root@raspberrypi:~# netstat -an  | grep 1194
tcp        0      0 192.168.0.60:1194       0.0.0.0:*               LISTEN     
unix  3      [ ]         STREAM     CONNECTED     21194

但是当我连接 macOS OpenVPN 连接应用程序时(在同一网络中,地址 192.168.0.60 是 PI 的路由器地址,10.8.0.1 是 Pi 的 tun 地址),我收到以下错误:

[Aug 2, 2023, 17:24:21] SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
GET
unix:///var/run/agent_ovpnconnect.sock]/tun
-destroy: 200 OK
/sbin/route delete -net 10.8.0.0 -netmask
255.255.255.0 10.8.0.2
delete net 10.8.0.0: gateway 10.8.0.2
/sbin/route delete -net 10.8.0.0 -netmask
255.255.255.0 10.8.0.1
route: writing to routing socket: not in table delete net 10.8.0.0: gateway 10.8.0.1: not in table
/sbin/route delete -net 192.168.0.60 -netmask
255.255.255.255 192.168.0.254
delete net 192.168.0.60: gateway
192.168.0.254
/sbin/route delete -net 0.0.0.0 -netmask
128.0.0.0 10.8.0.1
delete net 0.0.0.0: gateway 10.8.0.1
/sbin/route delete -net 128.0.0.0 -netmask
128.0.0.0 10.8.0.1
delete net 128.0.0.0: gateway 10.8.0.1
/sbin/ifconfig utun3 down
MacDNSAction: FLAGS=ESF
[Aug 2, 2023, 17:24:21] MacLifeCycle
NET_IFACE en0

我首先禁用了 Pi 上的防火墙 

ufw disable
,以排除防火墙阻止任何传输。 客户端看起来像:

client
dev tun
proto tcp-client
#proto udp

#remote raspberrypi.local 1194
remote 192.168.0.60 1194 tcp 
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
push "dhcp-option DNS 10.8.0.1"
# push "dhcp-option DNS 192.168.0.60"
# push "dhcp-option DNS 8.8.8.8"
route 10.8.0.0 255.255.255.0

<ca>
CA
</ca>
<cert>
CERT
</cert>
<key>
KEY
</key>
<tls-crypt>
CRYPT
</tls-crypt>

我使用 Pi 作为 DNS 服务器,因为它也运行 Pihole 并且可以正常使用 UDP。 当我将客户端上的 

proto tcp-client
更改为 
proto udp
并将服务器(pi)端上的 
proto tcp-server
更改为 
proto udp
时,一切正常。 我也尝试了两边
proto tcp

出了什么问题?

tcp openvpn
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.