{"id":4921,"date":"2018-08-07T10:55:50","date_gmt":"2018-08-07T02:55:50","guid":{"rendered":"https:\/\/www.hmouse.tk\/?p=4921"},"modified":"2018-08-07T10:55:50","modified_gmt":"2018-08-07T02:55:50","slug":"openvpn-%e5%ae%89%e8%a3%85%e9%85%8d%e7%bd%ae%e6%96%87%e6%a1%a3-5","status":"publish","type":"post","link":"https:\/\/www.hmouse.cn\/?p=4921","title":{"rendered":"openvpn \u5b89\u88c5\u914d\u7f6e\u6587\u6863"},"content":{"rendered":"

\u5ba2\u6237\u7aef\u5bc6\u94a5\u5bc6\u7801\u4fdd\u5b58 \u548c\u591a\u7528\u53c2\u8003URL\uff1ahttp:\/\/tevic.github.io\/2016\/05\/02\/openvpn-tips\/<\/a>
\u670d\u52a1\u5668\u7aef\u7684\u5b89\u88c5\u53c2\u8003\u6587\u6863\uff1a
https:\/\/blog.csdn.net\/orangleliu\/article\/details\/43157955<\/a>
https:\/\/www.tielemao.com\/406.html<\/a>
\u7531\u4e8e\u88c5\u7684\u5306\u5fd9\uff0c\u5c31\u6ca1\u6709\u6df1\u5165\u7814\u7a76\uff0c\u53ea\u662f\u4e3a\u4e86\u80fd\u4f7f\u7528\uff0c\u8bb0\u5f55\u4e0b\u9047\u5230\u7684\u95ee\u9898\uff1a
1\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]116.236.249.238:11504
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 Fatal TLS error (check_tls_errors_co), restarting
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 SIGUSR1[soft,tls-error] received, client-instance restarting
\u5904\u7406\u529e\u6cd5\uff1a\u5173\u95edTLS\u5b89\u5168\u68c0\u9a8c\u3002
\u4fee\u6539sever\u7684\u914d\u7f6e\u6587\u4ef6server.conf
#tls-auth \/etc\/openvpn\/ta.key 0
2\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 09:20:43 2018 116.236.249.238:55193 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Aug  7 09:20:48 2018 TCP connection established with [AF_INET]116.236.249.238:55396
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 TLS: Initial packet from [AF_INET]116.236.249.238:55396, sid=7254a7ac ed44795d
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 Connection reset, restarting [0]
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Aug  7 09:20:54 2018 TCP connection established with [AF_INET]116.236.249.238:55677
Tue Aug  7 09:20:55 2018 116.236.249.238:55677 TLS: Initial packet from [AF_INET]116.236.249.238:55677, sid=2a29df34 41c57a95
Tue Aug  7 09:20:55 2018 116.236.249.238:55677 Connection reset, restarting [0]
\u5904\u7406\u529e\u6cd5\uff1a
\u4fee\u6539client\u7684\u914d\u7f6e\u6587\u4ef6
#ns-cert-type server
\u6ce8\u91ca\u6389ns-cert-type\uff0c\u539f\u7406\u4e0d\u662f\u5f88\u6e05\u695a\u5f53\u65f6\u662f\u770b\u5ba2\u6237\u7aef\u7684\u62a5\u9519\uff0c
Tue Aug 07 09:20:36 2018 VERIFY nsCertType ERROR: CN=server, require nsCertType=SERVER
Tue Aug 07 09:20:36 2018 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
\u6000\u7591\u662f\u8ba4\u8bc1\u6709\u95ee\u9898\uff0c\u540e\u9762\u6709\u7a7a\u53ef\u4ee5\u7814\u7a76\u7814\u7a76\u3002
3\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1560′, remote=’link-mtu 1544′
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘cipher’ is used inconsistently, local=’cipher AES-256-CBC’, remote=’cipher BF-CBC’
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘keysize’ is used inconsistently, local=’keysize 256′, remote=’keysize 128′
\u5904\u7406\u529e\u6cd5\uff1a
\u4fee\u6539sever\u7684\u914d\u7f6e\u6587\u4ef6server.conf\uff0c\u66f4\u6539\u5bf9\u5e94\u7684\u53c2\u6570\u3002
link-mtu 1544
#tun-mtu 1500
cipher BF-CBC
keysize 128
4\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 10:12:36 2018 116.236.249.238:9844 WARNING: ‘tun-mtu’ is used inconsistently, local=’tun-mtu 1420′, remote=’tun-mtu 1500′
\u5904\u7406\u529e\u6cd5\uff1a
\u670d\u52a1\u7aefudp\u6a21\u5f0f\u53ef\u4ee5\u8bbe\u7f6etun-mtu\uff0ctcp\u6a21\u5f0f\u8bbe\u7f6e\u4f1a\u62a5\u9519\uff0c\u7531\u4e8e\u662fwarn\uff0c\u6682\u65f6\u6ca1\u6709\u5904\u7406\uff0c\u540e\u9762\u6709\u7a7a\u53ef\u4ee5\u7814\u7a76\u7814\u7a76\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u5ba2\u6237\u7aef\u5bc6\u94a5\u5bc6\u7801\u4fdd\u5b58 \u548c\u591a\u7528\u53c2\u8003URL\uff1ahttp:\/\/tevic.github.io\/2016\/05\/02\/openvpn-tips\/<\/a>
\u670d\u52a1\u5668\u7aef\u7684\u5b89\u88c5\u53c2\u8003\u6587\u6863\uff1a
https:\/\/blog.csdn.net\/orangleliu\/article\/details\/43157955<\/a>
https:\/\/www.tielemao.com\/406.html<\/a>
\u7531\u4e8e\u88c5\u7684\u5306\u5fd9\uff0c\u5c31\u6ca1\u6709\u6df1\u5165\u7814\u7a76\uff0c\u53ea\u662f\u4e3a\u4e86\u80fd\u4f7f\u7528\uff0c\u8bb0\u5f55\u4e0b\u9047\u5230\u7684\u95ee\u9898\uff1a
1\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]116.236.249.238:11504
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 Fatal TLS error (check_tls_errors_co), restarting
Tue Aug  7 08:59:47 2018 116.236.249.238:11504 SIGUSR1[soft,tls-error] received, client-instance restarting
\u5904\u7406\u529e\u6cd5\uff1a\u5173\u95edTLS\u5b89\u5168\u68c0\u9a8c\u3002
\u4fee\u6539sever\u7684\u914d\u7f6e\u6587\u4ef6server.conf
#tls-auth \/etc\/openvpn\/ta.key 0
2\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 09:20:43 2018 116.236.249.238:55193 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Aug  7 09:20:48 2018 TCP connection established with [AF_INET]116.236.249.238:55396
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 TLS: Initial packet from [AF_INET]116.236.249.238:55396, sid=7254a7ac ed44795d
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 Connection reset, restarting [0]
Tue Aug  7 09:20:49 2018 116.236.249.238:55396 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Aug  7 09:20:54 2018 TCP connection established with [AF_INET]116.236.249.238:55677
Tue Aug  7 09:20:55 2018 116.236.249.238:55677 TLS: Initial packet from [AF_INET]116.236.249.238:55677, sid=2a29df34 41c57a95
Tue Aug  7 09:20:55 2018 116.236.249.238:55677 Connection reset, restarting [0]
\u5904\u7406\u529e\u6cd5\uff1a
\u4fee\u6539client\u7684\u914d\u7f6e\u6587\u4ef6
#ns-cert-type server
\u6ce8\u91ca\u6389ns-cert-type\uff0c\u539f\u7406\u4e0d\u662f\u5f88\u6e05\u695a\u5f53\u65f6\u662f\u770b\u5ba2\u6237\u7aef\u7684\u62a5\u9519\uff0c
Tue Aug 07 09:20:36 2018 VERIFY nsCertType ERROR: CN=server, require nsCertType=SERVER
Tue Aug 07 09:20:36 2018 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
\u6000\u7591\u662f\u8ba4\u8bc1\u6709\u95ee\u9898\uff0c\u540e\u9762\u6709\u7a7a\u53ef\u4ee5\u7814\u7a76\u7814\u7a76\u3002
3\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1560′, remote=’link-mtu 1544′
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘cipher’ is used inconsistently, local=’cipher AES-256-CBC’, remote=’cipher BF-CBC’
Tue Aug  7 09:38:27 2018 116.236.249.238:63377 WARNING: ‘keysize’ is used inconsistently, local=’keysize 256′, remote=’keysize 128′
\u5904\u7406\u529e\u6cd5\uff1a
\u4fee\u6539sever\u7684\u914d\u7f6e\u6587\u4ef6server.conf\uff0c\u66f4\u6539\u5bf9\u5e94\u7684\u53c2\u6570\u3002
link-mtu 1544
#tun-mtu 1500
cipher BF-CBC
keysize 128
4\uff1a\u62a5\u9519\u5982\u4e0b\uff1a
Tue Aug  7 10:12:36 2018 116.236.249.238:9844 WARNING: ‘tun-mtu’ is used inconsistently, local=’tun-mtu 1420′, remote=’tun-mtu 1500′
\u5904\u7406\u529e\u6cd5\uff1a
\u670d\u52a1\u7aefudp\u6a21\u5f0f\u53ef\u4ee5\u8bbe\u7f6etun-mtu\uff0ctcp\u6a21\u5f0f\u8bbe\u7f6e\u4f1a\u62a5\u9519\uff0c\u7531\u4e8e\u662fwarn\uff0c\u6682\u65f6\u6ca1\u6709\u5904\u7406\uff0c\u540e\u9762\u6709\u7a7a\u53ef\u4ee5\u7814\u7a76\u7814\u7a76\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[243],"class_list":["post-4921","post","type-post","status-publish","format-standard","hentry","category-5","tag-openvpn","category-5-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=\/wp\/v2\/posts\/4921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4921"}],"version-history":[{"count":1,"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=\/wp\/v2\/posts\/4921\/revisions"}],"predecessor-version":[{"id":4922,"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=\/wp\/v2\/posts\/4921\/revisions\/4922"}],"wp:attachment":[{"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hmouse.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}