openvpn 安装配置文档

 工作学习经历  Add comments
8 月 072018
 

客户端密钥密码保存 和多用参考URL:http://tevic.github.io/2016/05/02/openvpn-tips/
服务器端的安装参考文档:
https://blog.csdn.net/orangleliu/article/details/43157955
https://www.tielemao.com/406.html
由于装的匆忙,就没有深入研究,只是为了能使用,记录下遇到的问题:
1:报错如下:
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]116.236.249.238:11504
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 Fatal TLS error (check_tls_errors_co), restarting
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 SIGUSR1[soft,tls-error] received, client-instance restarting
处理办法:关闭TLS安全检验。
修改sever的配置文件server.conf
#tls-auth /etc/openvpn/ta.key 0
2:报错如下:
Tue Aug  7 09:20:43 2018 116.236.249.238:55193 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Aug  7 09:20:48 2018 TCP connection established with [AF_INET]116.236.249.238:55396
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 TLS: Initial packet from [AF_INET]116.236.249.238:55396, sid=7254a7ac ed44795d
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 Connection reset, restarting [0]
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Aug  7 09:20:54 2018 TCP connection established with [AF_INET]116.236.249.238:55677
Tue Aug  7 09:20:55 2018 116.236.249.238:55677 TLS: Initial packet from [AF_INET]116.236.249.238:55677, sid=2a29df34 41c57a95
Tue Aug  7 09:20:55 2018 116.236.249.238:55677 Connection reset, restarting [0]
处理办法:
修改client的配置文件
#ns-cert-type server
注释掉ns-cert-type,原理不是很清楚当时是看客户端的报错,
Tue Aug 07 09:20:36 2018 VERIFY nsCertType ERROR: CN=server, require nsCertType=SERVER
Tue Aug 07 09:20:36 2018 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
怀疑是认证有问题,后面有空可以研究研究。
3:报错如下:
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1560′, remote=’link-mtu 1544′
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘cipher’ is used inconsistently, local=’cipher AES-256-CBC’, remote=’cipher BF-CBC’
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘keysize’ is used inconsistently, local=’keysize 256′, remote=’keysize 128′
处理办法:
修改sever的配置文件server.conf,更改对应的参数。
link-mtu 1544
#tun-mtu 1500
cipher BF-CBC
keysize 128
4:报错如下:
Tue Aug  7 10:12:36 2018 116.236.249.238:9844 WARNING: ‘tun-mtu’ is used inconsistently, local=’tun-mtu 1420′, remote=’tun-mtu 1500′
处理办法:
服务端udp模式可以设置tun-mtu,tcp模式设置会报错,由于是warn,暂时没有处理,后面有空可以研究研究。

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

这个站点使用 Akismet 来减少垃圾评论。了解你的评论数据如何被处理

This website stores cookies on your computer. These cookies are used to provide a more personalized experience and to track your whereabouts around our website in compliance with the European General Data Protection Regulation. If you decide to to opt-out of any future tracking, a cookie will be setup in your browser to remember this choice for one year.

Accept or Deny