Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

客户端连接超时 #40

Closed
danielchan-25 opened this issue Apr 30, 2024 · 1 comment
Closed

客户端连接超时 #40

danielchan-25 opened this issue Apr 30, 2024 · 1 comment

Comments

@danielchan-25
Copy link

任务列表

问题描述
成功安装后,服务启动成功了,但客户端无法连接。

重现步骤
重现该 bug 的步骤:

(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo bash openvpn.sh --auto

OpenVPN Script
https://github.com/hwdsl2/openvpn-install

Starting OpenVPN setup using default options.

Server IP: xxx.xxx.xxx.xxx(公网IP)
Port: UDP/1194
Client name: client
Client DNS: Google Public DNS

Installing OpenVPN, please wait...
+ apt-get -yqq update
+ apt-get -yqq --no-install-recommends install openvpn
+ apt-get -yqq install openssl ca-certificates
+ ./easyrsa --batch init-pki
+ ./easyrsa --batch build-ca nopass
+ ./easyrsa --batch --days=3650 build-server-full server nopass
+ ./easyrsa --batch --days=3650 build-client-full client nopass
+ ./easyrsa --batch --days=3650 gen-crl
+ openvpn --genkey --secret /etc/openvpn/server/tc.key
+ systemctl enable --now openvpn-iptables.service
+ systemctl enable --now openvpn-server@server.service

Finished!

The client configuration is available in: /home/ecs-user/client.ovpn
New clients can be added by running this script again.

端口占用情况(已在阿里云服务器防火墙中放行 1194 端口):

(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo nmap -sU -p 1194 xxx.xxx.xxx.xxx(公网IP)
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-30 11:00 CST
Nmap scan report for 8.134.204.10
Host is up (0.00036s latency).

PORT     STATE         SERVICE
1194/udp open|filtered openvpn

Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo nmap -sU -p 1194 127.0.0.1
Starting Nmap 7.80 ( https://nmap.org ) at 2024-04-30 11:00 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000055s latency).

PORT     STATE  SERVICE
1194/udp closed openvpn

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo netstat -anu | grep 1194
udp        0      0 172.31.73.177:1194      0.0.0.0:*

使用默认生成的 Client.ovpn 文件,导入 Windows 的 OpenVPN 客户端连接,显示:Connection failed to establish within given time

期待的正确结果
客户端正常连接服务端。

日志
OpenVPN 进程状态:

(base) ecs-user@iZ7xv4vnmz1e4gejf3cxxyZ:~$ sudo systemctl status openvpn-server@server.service
● openvpn-server@server.service - OpenVPN service for server
     Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-04-30 10:58:49 CST; 3min 49s ago
       Docs: man:openvpn(8)
             https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
             https://community.openvpn.net/openvpn/wiki/HOWTO
   Main PID: 421746 (openvpn)
     Status: "Initialization Sequence Completed"
      Tasks: 1 (limit: 2195)
     Memory: 1.2M
     CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
             └─421746 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf

Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: UDPv4 link local (bound): [AF_INET]172.31.73.177:1194
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: UDPv4 link remote: [AF_UNSPEC]
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: GID set to nogroup
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: UID set to nobody
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: MULTI: multi_init called, r=256 v=256
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: IFCONFIG POOL LIST
Apr 30 10:58:49 iZ7xv4vnmz1e4gejf3cxxyZ openvpn[421746]: Initialization Sequence Completed

服务器信息(请填写以下信息)

  • 操作系统: Ubuntu 20.04.6 LTS
  • 服务提供商(如果适用): 阿里云

客户端信息(请填写以下信息)

  • 设备: PC
  • 操作系统: Windows 11

其它信息
添加关于该 bug 的其它信息。
@hwdsl2
Copy link
Owner

hwdsl2 commented Apr 30, 2024
edited
Loading

@danielchan-25 你好!你的日志显示连接请求没有到达服务器。这可能是客户端和服务器之间的网络问题导致的。对于阿里云服务器,需要在防火墙配置出站和入站方向都打开端口 UDP 1194。请参见 hwdsl2/setup-ipsec-vpn#433

@hwdsl2 hwdsl2 closed this as completed Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hwdsl2 @danielchan-25