客户端遗产
信任(身份验证和证书)
*111.311.115.122 服务器IP
222.239.212.126 客户端 IP OpnSene(是客户端)*
客户端配置由脚本
client
proto udp
explicit-exit-notify
remote 111.311.115.122 49973
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_ve4XMxxxxxnkhHWL1 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxx
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxx
-----END OpenVPN Static key V1-----
</tls-crypt>
服务器配置
port 49973
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_ve4XMxxxxxnkhHWL1.crt
key server_ve4XMxxxxxnkhHWL1.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
服务器版本
# openvpn --version
OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 27 2024
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
客户端版本
openvpn --version
OpenVPN 2.6.12 amd64-portbld-freebsd14.1 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
DCO version: FreeBSD 14.1-RELEASE-p5 stable/24.7-n267855-304cf693716 SMP
Originally developed by James Yonan
Copyright (C) 2002-2024 OpenVPN Inc <sales@openvpn.net>
客户日志
2024-11-02T00:03:56 Notice openvpn_client1 UDPv4 link remote: [AF_INET]111.311.115.122:49973
2024-11-02T00:03:56 Notice openvpn_client1 UDPv4 link local: (not bound)
2024-11-02T00:03:56 Notice openvpn_client1 TCP/UDP: Preserving recently used remote address: [AF_INET]111.311.115.122:49973
2024-11-02T00:03:56 Warning openvpn_client1 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-11-02T00:03:56 Notice openvpn_client1 DCO version: FreeBSD 14.1-RELEASE-p5 stable/24.7-n267855-304cf693716 SMP
2024-11-02T00:03:56 Notice openvpn_client1 library versions: OpenSSL 3.0.15 3 Sep 2024, LZO 2.10
2024-11-02T00:03:56 Notice openvpn_client1 OpenVPN 2.6.12 amd64-portbld-freebsd14.1 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
客户端界面
ovpnc1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
groups: tun openvpn
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
服务器错误日志
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed from [AF_INET]222.239.212.126:60982
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed from [AF_INET]222.239.212.126:60982
tls-crypt unwrap error: packet authentication failed
TLS Error: tls-crypt unwrapping failed from [AF_INET]222.239.212.126:60982
3
tls-crypt.key并且里面的内容<tls-crypt>必须相同。是吗?–
–
–
|