저는 vps와 라즈베리파이를 사용하여 openvpn을 설정하려고 했습니다. raspi는 natted이고 vps는 공개입니다. 또한 내 민트 노트북에서 openvpn에 연결을 시도했지만 작동하지 않았습니다. 서버 구성:
dev tun
tls-server
dh /etc/openvpn/dh2048.pem
ca /etc/openvpn/cacert.pem
cert /etc/openvpn/vpn.wilhelm.co.za.crt
key /etc/openvpn/vpn.wilhelm.co.za.key
server 10.8.0.0 255.255.255.0
client-to-client
duplicate-cn
cipher AES-128-CBC
status openvpn-status.log
log-append openvpn.log
comp-lzo
mute 20
port 20
proto udp
push "redirect-gateway"
client-config-dir ccd
route 10.0.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
클라이언트 구성:
client
dev tun
proto udp
remote vpn.wilhelm.co.za 20
resolv-retry infinite
nobind
persist-key
persist-tun
ca cacert.pem
cert client.crt
key client.key
comp-lzo
verb 3
mute 20
내가 한 일: 노트북:
my-lat wilhelm # openvpn --client --ca /cacert.pem --key erasmuswill.key --cert erasmuswill.crt --remote vpn.wilhelm.co.za 20 --dev tun --tls-client --verb 3
Thu Apr 16 21:00:14 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Thu Apr 16 21:00:14 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Enter Private Key Password:
Thu Apr 16 21:00:18 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Apr 16 21:00:18 2015 WARNING: file 'erasmuswill.key' is group or others accessible
Thu Apr 16 21:00:18 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Apr 16 21:00:18 2015 UDPv4 link local (bound): [undef]
Thu Apr 16 21:00:18 2015 UDPv4 link remote: [AF_INET]107.182.132.16:20
Thu Apr 16 21:00:19 2015 TLS: Initial packet from [AF_INET]107.182.132.16:20, sid=97c7f438 95342f30
Thu Apr 16 21:00:24 2015 VERIFY OK: depth=1, CN=LOLVE
Thu Apr 16 21:00:24 2015 VERIFY OK: depth=0, C=ZA, ST=Gauteng, L=Kenmare, O=LOLVE, OU=SSL, CN=vpn.wilhelm.co.za, [email protected]
Thu Apr 16 21:01:18 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 16 21:01:18 2015 TLS Error: TLS handshake failed
Thu Apr 16 21:01:18 2015 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr 16 21:01:18 2015 Restart pause, 2 second(s)
Thu Apr 16 21:01:20 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Apr 16 21:01:20 2015 WARNING: file 'erasmuswill.key' is group or others accessible
Thu Apr 16 21:01:20 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Apr 16 21:01:20 2015 UDPv4 link local (bound): [undef]
Thu Apr 16 21:01:20 2015 UDPv4 link remote: [AF_INET]107.182.132.16:20
Thu Apr 16 21:01:20 2015 TLS: Initial packet from [AF_INET]107.182.132.16:20, sid=0a42191c d09c3f10
Thu Apr 16 21:01:25 2015 VERIFY OK: depth=1, CN=LOLVE
Thu Apr 16 21:01:25 2015 VERIFY OK: depth=0, C=ZA, ST=Gauteng, L=Kenmare, O=LOLVE, OU=SSL, CN=vpn.wilhelm.co.za, [email protected]
^CThu Apr 16 21:02:00 2015 event_wait : Interrupted system call (code=4)
Thu Apr 16 21:02:00 2015 SIGINT[hard,] received, process exiting
my-lat wilhelm #
섬기는 사람:
==> openvpn.log <==
Thu Apr 16 15:01:46 2015 105.210.95.124:1024 TLS_ERROR: BIO read tls_read_plaintext error: error:1408E098:SSL routines:SSL3_GET_MESSAGE:excessive message size
Thu Apr 16 15:01:46 2015 105.210.95.124:1024 TLS Error: TLS object -> incoming plaintext read error
Thu Apr 16 15:01:46 2015 105.210.95.124:1024 TLS Error: TLS handshake failed
나의 궁극적인 목표는 pi를 VPN에 연결하고, 로컬 LAN을 VPN에 연결한 다음, vps(nat) 및 로컬 LAN 액세스를 통한 안전한 인터넷 브라우징을 위해 노트북을 VPN에 연결하는 것입니다.
답변1
문제를 발견했습니다. 키 크기가 너무 컸습니다. 이제 2048비트를 성공적으로 사용했습니다. 분명히 8192 비트는 openvpn에 비해 너무 많은 것 같습니다.