歡迎您光臨本站 註冊首頁

openvpn 新問題請教各位

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

openvpn 新問題請教各位

我用openvpn客戶端撥號,出現如下問題,
# /usr/sbin/openvpn --config client.conf
Mon Mar  1 00:00:02 2010 WARNING: file 'pass.txt' is group or others accessible
Mon Mar  1 00:00:02 2010 IMPORTANT: OpenVPN's default port number is now 1194, b
ased on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earl
ier used 5000 as the default port.
Mon Mar  1 00:00:02 2010 WARNING: No server certificate verification method has
been enabled.  See http://openvpn.net/howto.html#mitm for more info.

我用這個openvpn做伺服器端的時候,用電腦客戶端都可以撥號成功,
現在我用另外一台做伺服器,用這個做客戶端,撥號就出現上面信息,後面沒有任何信息了,
不知道問題出現在什麼地方,

我看到有人撥號成功的日誌信息開始幾行也和我上面一樣,但是我這個緊跟著後面就沒有信息了。調試都沒有
辦法進行、
希望有遇到同樣問題的朋友幫幫忙,多謝。
《解決方案》

回復 1# cltnet


    實際上應該是編譯的版本差異 和 所參考的資料不一直呵呵
《解決方案》

做客戶端的時候

不是 /usr/sbin/openvpn --config client.conf

是 /usr/sbin/openvpn client.conf
《解決方案》

# /usr/sbin/openvpn --config client.conf
Sat Jan  1 08:53:48 2000 OpenVPN 2.0.9 mips-unknown-linux bu
ilt on Nov  6 2009
Sat Jan  1 08:53:48 2000 WARNING: file 'pass.txt' is group or others accessible
Sat Jan  1 08:53:48 2000 IMPORTANT: OpenVPN's default port number is now 1194, b
ased on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earl
ier used 5000 as the default port.
Sat Jan  1 08:53:48 2000 WARNING: No server certificate verification method has
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jan  1 08:53:48 2000 LZO compression initialized
Sat Jan  1 08:53:48 2000 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Sat Jan  1 08:53:48 2000 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Sat Jan  1 08:53:48 2000 Local Options hash (VER=V4): 'd79ca330'
Sat Jan  1 08:53:48 2000 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sat Jan  1 08:53:48 2000 UDPv4 link local:
Sat Jan  1 08:53:48 2000 UDPv4 link remote: 192.168.50.89:8000
Sat Jan  1 08:53:48 2000 TLS: Initial packet from 192.168.50.89:8000, sid=8db72f
8b ca6d8a0a
Sat Jan  1 08:53:52 2000 VERIFY ERROR: depth=1, error=certificate is not yet val
id: /C=CN/ST=SiChuan/L=ChengDu/O=NS/OU=NS_RND/CN=NS_RND_TC/ema
ilAddress=ns@163.com
Sat Jan  1 08:53:52 2000 TLS_ERROR: BIO read tls_read_plaintext error: error:140
90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan  1 08:53:52 2000 TLS Error: TLS object -> incoming plaintext read error
Sat Jan  1 08:53:52 2000 TLS Error: TLS handshake failed
Sat Jan  1 08:53:52 2000 TCP/UDP: Closing socket
Sat Jan  1 08:53:52 2000 SIGUSR1 received, process restarting
Sat Jan  1 08:53:52 2000 Restart pause, 2 second(s)
Sat Jan  1 08:53:54 2000 IMPORTANT: OpenVPN's default port number is now 1194, b
ased on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earl
ier used 5000 as the default port.
Sat Jan  1 08:53:54 2000 WARNING: No server certificate verification method has
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jan  1 08:53:54 2000 Re-using SSL/TLS context
Sat Jan  1 08:53:54 2000 LZO compression initialized
Sat Jan  1 08:53:54 2000 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Sat Jan  1 08:53:54 2000 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Sat Jan  1 08:53:54 2000 Local Options hash (VER=V4): 'd79ca330'
Sat Jan  1 08:53:54 2000 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sat Jan  1 08:53:54 2000 UDPv4 link local:
Sat Jan  1 08:53:54 2000 UDPv4 link remote: 192.168.50.89:8000
Sat Jan  1 08:53:54 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:54 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:54 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:54 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:54 2000 TLS: Initial packet from 192.168.50.89:8000, sid=5361f8
b7 979dea17
Sat Jan  1 08:53:58 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:58 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:58 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:58 2000 TLS Error: Unroutable control packet received from 192.
168.50.89:8000 (si=3 op=P_CONTROL_V1)
Sat Jan  1 08:53:59 2000 VERIFY ERROR: depth=1, error=certificate is not yet val
id: /C=CN/ST=SiChuan/L=ChengDu/O=NS/OU=NS_RND/CN=NS_RND_TC/ema
ilAddress=ns@163.comSat Jan  1 08:53:59 2000 TLS_ERROR: BIO read tls_read_plaintext error: error:140
90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan  1 08:53:59 2000 TLS Error: TLS object -> incoming plaintext read error
Sat Jan  1 08:53:59 2000 TLS Error: TLS handshake failed
Sat Jan  1 08:53:59 2000 TCP/UDP: Closing socket
Sat Jan  1 08:53:59 2000 SIGUSR1 received, process restarting
Sat Jan  1 08:53:59 2000 Restart pause, 2 second(s)
Sat Jan  1 08:54:01 2000 IMPORTANT: OpenVPN's default port number is now 1194, b
ased on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earl
ier used 5000 as the default port.
Sat Jan  1 08:54:01 2000 WARNING: No server certificate verification method has
been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jan  1 08:54:01 2000 Re-using SSL/TLS context
Sat Jan  1 08:54:01 2000 LZO compression initialized
Sat Jan  1 08:54:01 2000 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Sat Jan  1 08:54:01 2000 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Sat Jan  1 08:54:01 2000 Local Options hash (VER=V4): 'd79ca330'
Sat Jan  1 08:54:01 2000 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sat Jan  1 08:54:01 2000 UDPv4 link local:
Sat Jan  1 08:54:01 2000 UDPv4 link remote: 192.168.50.89:8000
Sat Jan  1 08:54:01 2000 TLS: Initial packet from 192.168.50.89:8000, sid=0777c8
cb ef5e9851
Sat Jan  1 08:54:05 2000 VERIFY ERROR: depth=1, error=certificate is not yet val
id: /C=CN/ST=SiChuan/L=ChengDu/O=NS/OU=NS_RND/CN=NS_RND_TC/ema
ilAddress=ns@163.com
Sat Jan  1 08:54:05 2000 TLS_ERROR: BIO read tls_read_plaintext error: error:140
90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan  1 08:54:05 2000 TLS Error: TLS object -> incoming plaintext read error
Sat Jan  1 08:54:05 2000 TLS Error: TLS handshake failed
Sat Jan  1 08:54:05 2000 TCP/UDP: Closing socket
Sat Jan  1 08:54:05 2000 SIGUSR1 received, process restarting
Sat Jan  1 08:54:05 2000 Restart pause, 2 second(s)
Sat Jan  1 08:54:05 2000 SIGINT received, process exiting
#

上面是我的是輸出調試信息,我在網上看到有朋友說是時間不一致的原因,但是我使用NTP更新時間后還是會出現這個錯誤,並且,我直接用電腦撥號時可以撥的,
所以在伺服器上應該是沒有什麼問題的。希望大家幫幫忙。謝謝
《解決方案》

似乎是證書有問題吧.
《解決方案》

回復 5# congli


    證書什麼問題呢?我也懷疑是證書的問題,所以我重新生成了證書,但是問題還是一樣?
《解決方案》

# openvpn --config client.conf --cd <path>
加上--cd參數看看,<path>是client.conf及證書存放的目錄.
另伺服器端也需要添加該參數.
最好把配置文件貼上來看看.
《解決方案》

# cat /etc/openvpn/server.conf
port 8000
;proto tcp
proto udp
dev tap
;dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 192.168.186.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
#plugin /usr/local/lib/openvpn-auth-pam.so "login name root password admin1120"
auth-user-pass-verify ./checkpsw.sh via-env
;push "route 192.168.18.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
client-config-dir ccd
client-cert-not-required
username-as-common-name
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway"
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"
client-to-client
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
;cipher BF-CBC
;cipher AES-128-CBC
;cipher DES-EDE3-CBC
comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
;log-append  openvpn.log
verb 3
mute 20
push "route 192.168.1.0 255.255.255.0"
## cat /etc/openvpn/client.conf
client
dev tap
;dev tun
;dev-node MyTap
;proto tcp
proto udp
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy
;mute-replay-warnings
ca ca.crt
;cert elm.crt
;key elm.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
mute 20
auth-user-pass pass.txt
;auth-user-pass
remote 192.168.50.89 8000
#我添加了--cd參數后還是同樣的問題。。。。盼望幫忙。謝謝
《解決方案》

本帖最後由 congli 於 2010-08-18 15:21 編輯

關於時間問題,你得看生成證書的時間和現在系統的時間對比.也許生成證書的時間比現在系統時間要晚.

配置文件沒發現什麼.
《解決方案》

Sat Jan  1 08:54:05 2000 TLS_ERROR: BIO read tls_read_plaintext error: error:140
90086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan  1 08:54:05 2000 TLS Error: TLS object -> incoming plaintext read error
Sat Jan  1 08:54:05 2000 TLS Error: TLS handshake failed
這裡顯示年份怎會是2000年?

[火星人 ] openvpn 新問題請教各位已經有4286次圍觀

http://coctec.com/docs/service/show-post-16855.html