客户端连接超时
danielchan-25 opened this issue · comments
司徒仲豪 commented
任务列表
- [√] 我已阅读 自述文件
- [√] 我已按照说明 配置 VPN 客户端
- [√] 我搜索了已有的 Issues
- [?] 这个 bug 是关于 VPN 安装脚本,而不是 OpenVPN 本身
问题描述
成功安装后,服务启动成功了,但客户端无法连接。
重现步骤
重现该 bug 的步骤:
(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo bash openvpn.sh --auto
OpenVPN Script
https://github.com/hwdsl2/openvpn-install
Starting OpenVPN setup using default options.
Server IP: xxx.xxx.xxx.xxx(公网IP)
Port: UDP/1194
Client name: client
Client DNS: Google Public DNS
Installing OpenVPN, please wait...
+ apt-get -yqq update
+ apt-get -yqq --no-install-recommends install openvpn
+ apt-get -yqq install openssl ca-certificates
+ ./easyrsa --batch init-pki
+ ./easyrsa --batch build-ca nopass
+ ./easyrsa --batch --days=3650 build-server-full server nopass
+ ./easyrsa --batch --days=3650 build-client-full client nopass
+ ./easyrsa --batch --days=3650 gen-crl
+ openvpn --genkey --secret /etc/openvpn/server/tc.key
+ systemctl enable --now openvpn-iptables.service
+ systemctl enable --now openvpn-server@server.service
Finished!
The client configuration is available in: /home/ecs-user/client.ovpn
New clients can be added by running this script again.
端口占用情况(已在阿里云服务器防火墙中放行 1194 端口):
(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo nmap -sU -p 1194 xxx.xxx.xxx.xxx(公网IP)
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-30 11:00 CST
Nmap scan report for 8.134.204.10
Host is up (0.00036s latency).
PORT STATE SERVICE
1194/udp open|filtered openvpn
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo nmap -sU -p 1194 127.0.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-30 11:00 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000055s latency).
PORT STATE SERVICE
1194/udp closed openvpn
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo netstat -anu | grep 1194
udp 0 0 172.31.73.177:1194 0.0.0.0:*
使用默认生成的 Client.ovpn
文件,导入 Windows 的 OpenVPN 客户端连接,显示:Connection failed to establish within given time
期待的正确结果
客户端正常连接服务端。
日志
OpenVPN 进程状态:
(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo systemctl status openvpn-server@server.service
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-04-30 10:58:49 CST; 3min 49s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 421746 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 2195)
Memory: 1.2M
CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
└─421746 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: UDPv4 link local (bound): [AF_INET]172.31.73.177:1194
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: UDPv4 link remote: [AF_UNSPEC]
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: GID set to nogroup
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: UID set to nobody
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: MULTI: multi_init called, r=256 v=256
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: IFCONFIG POOL LIST
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: Initialization Sequence Completed
服务器信息(请填写以下信息)
- 操作系统: Ubuntu 20.04.6 LTS
- 服务提供商(如果适用): 阿里云
客户端信息(请填写以下信息)
- 设备: PC
- 操作系统: Windows 11
其它信息
添加关于该 bug 的其它信息。
Lin Song commented
@danielchan-25 你好!你的日志显示连接请求没有到达服务器。这可能是客户端和服务器之间的网络问题导致的。对于阿里云服务器,需要在防火墙配置出站和入站方向都打开端口 UDP 1194。请参见 hwdsl2/setup-ipsec-vpn#433