고쳐 쓰다

고쳐 쓰다

데비안 11을 사용합니다.

.ovpn저는 CyberGhost VPN이 웹사이트에서 제공하는 파일, 클라이언트 키, 인증서를 사용하여 설정했습니다. 모든 파일을 에 복사하면 /etc/openvpn/다음 명령을 사용하여 터미널에 연결할 수 있습니다.

cd /etc/openvpn

sudo openvpn --config openvpn.ovpn

성공적으로 연결하려면 디렉터리에 있어야 합니다. /etc/openvpn그렇지 않으면 키와 인증서를 찾을 수 없다는 메시지가 나타납니다.

설정에서 GUI(GNOME NetworkManager)를 통해 연결하려고 하면 연결이 즉시 실패합니다.

실행할 때 다음 오류가 발생합니다 sudo systemctl status NetworkManager.

Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: UID set to nm-openvpn
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: Initialization Sequence Completed
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: event_wait : Interrupted system call (code=4)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: net_addr_v4_del: 10.10.4.64 dev tun0
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info>  [1690369375.0903] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: started (4)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: Linux can't del IP from iface tun0
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info>  [1690369375.0905] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopping (5)
Jul 26 13:02:55 debian-desktop NetworkManager[851]: <info>  [1690369375.0905] vpn-connection[0x55acfc3d84f0,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopped (6)
Jul 26 13:02:55 debian-desktop nm-openvpn[5657]: SIGTERM[hard,] received, process exiting

sudo tail -f /var/log/syslog더 많은 통찰력 제공:

Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4656] audit: op="connection-activate" uuid="a278295b-7548-4b85-872a-437b96a2cc46" name="CyberGhost" pid=1975 uid=1000 result="success"
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4681] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: Started the VPN service, PID 6190
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4720] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: Saw the service appear; activating connection
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4979] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: starting (3)
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.4979] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN connection: (ConnectInteractive) reply received
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: file '/etc/openvpn/client.key' is group or others accessible
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: TCP/UDP: Preserving recently used remote address: [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UDP link local: (not bound)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UDP link remote: [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1553'
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: [belgrade-rack403.nodes.gen4.ninja] Peer Connection Initiated with [AF_INET]37.46.115.44:443
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: TUN/TAP device tun0 opened
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --debug 0 6190 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_6 --tun -- tun0 1500 1552 10.3.4.78 255.255.255.0 init
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8377] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/7)
Jul 26 13:30:16 debian-desktop systemd-udevd[6202]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8417] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN connection: (IP Config Get) reply received.
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8422] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: (IP4 Config Get) reply received
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8425] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: (IP6 Config Get) reply received
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <warn>  [1690371016.8425] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: invalid IP6 config received!
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <warn>  [1690371016.8426] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",7:(tun0)]: VPN connection: did not receive valid IP config information
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: GID set to nm-openvpn
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: UID set to nm-openvpn
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: Initialization Sequence Completed
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8438] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: started (4)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: event_wait : Interrupted system call (code=4)
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: net_addr_v4_del: 10.3.4.78 dev tun0
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: Linux can't del IP from iface tun0
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8460] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopping (5)
Jul 26 13:30:16 debian-desktop NetworkManager[851]: <info>  [1690371016.8461] vpn-connection[0x55acfc3d8700,a278295b-7548-4b85-872a-437b96a2cc46,"CyberGhost",0]: VPN plugin: state changed: stopped (6)
Jul 26 13:30:16 debian-desktop gnome-shell[1975]: Removing a network device that was not added
Jul 26 13:30:16 debian-desktop nm-openvpn[6196]: SIGTERM[hard,] received, process exiting

나는 이것이 중대한 오류가 발생하는 곳이라고 생각합니다.

invalid IP6 config received!
VPN connection: did not receive valid IP config information

오류는 IPv6 구성에 있는 것 같지만 이유는 확실하지 않습니다. CyberGhost는 IPv6를 완전히 끄고 cat /proc/sys/net/ipv6/conf/all/disable_ipv6return 을 실행할 것을 권장합니다 1. 이는 IPv6가 비활성화됨을 의미합니다. IPv6을 활성화하면 동일한 문제가 발생할 수 있습니다.

파일에서 GUI의 연결을 가져왔습니다 .ovpn.

소프트웨어 패키지가 최신 상태입니다.

편집: IPv6는 시스템 및 VPN 구성에서 비활성화되어 있습니다(CyberGhost는 비활성화할 것을 권장합니다). 다른 모든 설정은 기본값입니다.

고쳐 쓰다

따라서 이 문제를 해결하기 위해 몇 시간을 소비한 저와 같은 불쌍한 사람들을 위한 해결책이 있습니다! 문제는 network-manager-openvpnDebian 11에 IPv6에 버그가 있다는 것입니다. 이 문제를 해결하기 위해 불안정한 브랜치에서 업데이트된 버전을 설치합니다. 이렇게 하려면 다음 단계를 따르세요.

다음 행을 추가하십시오 /etc/apt/sources.list.

deb https://deb.debian.org/debian/ unstable main contrib non-free
deb-src https://deb.debian.org/debian/ unstable main contrib non-free

다음으로 이 파일을 생성 /etc/apt/preferences.d/99debian-unstable하고 다음 텍스트를 추가합니다.

Package: *
Pin: release a=unstable
Pin-Priority: 50

이 옵션은 시스템이 불안정한 상태에서 모든 패키지를 가져오는 것을 방지하고 사용자가 지정한 패키지만 설치하는 것을 방지하기 위해 추가되었습니다. 불안정한 패키지, 특히 안정적인 패키지를 혼합하여 사용하는 것은 시스템의 안정성을 해칠 수 있으므로 설치를 권장하지 않지만 이것이 유일한 해결 방법입니다.

달리기 sudo apt update. 불안정한 분기가 추가되기 전에 시스템이 최신 상태이고 이 명령이 업그레이드해야 할 패키지가 있음을 나타내는 경우 업그레이드하지 마십시오. 이런 일이 발생하면 기본 설정을 올바르게 설정하지 않았음을 의미하며 전체 안정 시스템을 불안정 분기로 업그레이드하면 환경 설정이 깨질 수 있습니다.

모든 것이 정상이면 다음 명령을 실행하십시오.

sudo apt install -t unstable network-manager-openvpn network-manager-openvpn-gnome

그런 다음 실행sudo systemctl restart NetworkManager

가셔도 좋을 것 같아요!

관련 정보