原创内容,转载请注明出处:https://www.myzhenai.com.cn/post/1860.html https://www.myzhenai.com/thread-16312-1-1.html
前些天遇到一个问题,不知道为什么我配置的Pptpd和OpenVPN都无法连接了,不知道是不是BuyVM升级了OpenVZ补丁所至,反正是两种VPN方法都无法连接了,我重装了几遍始终解决不了,因些还与BuyVM的技术客服-jessie沟通了好几天,我把服务器上的CenTos5.8升级到了CenTos6.4,并且-jessie帮我重新布署了Pptp和OpenVPN,但是最后我配置本地的时候却还是发现无法连接,于是我又将服务器重装了,重装安装和配置了Pptpd和OpenVPN,最后我发现Pptpd无法连接是我本地客户端的问题,可能系统缓存了什么错误的密码或是其他东西,我重新配置后可以了,详情可以参考Centos下PPtpD本地无法连接的解决方法,最烦人的是OpenVPN的配置,在本地CenTos+NetworkManager-openvpn里却看不到用户私钥文件,但是这个文件我已经从服务器上下载到本地了,始终无法导入用户密钥文件,我以为是服务器上生成的key文件有问题,还在本地进行了生成,但还是无法解决,这个问题我问了好多社区,并且在一些Linux技术群里询问都得不到解决方法.搜索网络上也找不到相应的问题,所以只好自己折腾,经过两天的折腾,终于解决了,故障发生原因我不知道,可能是easy-rsa文件包里的openssl生成密钥文件的时候加密过程中发生了什么,所以无法正常导入.
Centos下PPtpD本地无法连接的解决方法:https://www.myzhenai.com/thread-16309-1-1.html https://www.myzhenai.com.cn/post/1854.html
解决方法:
请先参考以下《Centos VPS安装Pptp和OpenVpn的方法与经验分享》这个文章配置,可以突略过安装部份
Centos VPS安装Pptp和OpenVpn的方法与经验分享:https://www.myzhenai.com/thread-15394-1-1.html https://www.myzhenai.com.cn/post/871.html
#cd /etc/openvpn/easy-rsa/2.0/ #vi vars #./vars #. ./vars #./clean-all #./build-ca #./build-key-server server #./build-key client-name #./build-dh #cd keys #openssl rsa -in keys/client-name.key -out keys/client-name.pem #cp ca.crt ca.key ta.key dh2048.pem server.crt server.csr server.key /etc/openvpn/ #mkdir /etc/client #cp ca.crt ca.key ta.key client-name.crt client-name.csr client-name.key client-name.pem /etc/client/
在vi vars这一步的时候切记看一看配置文件里的export KEY_SIZE=后边的值是2048还是1024,server.conf里的dh dh****.pem要与你生成的dh文件名一致,如果export KEY_SIZE=2048的话,生成的文件应该是dh2048.pem,可能是加密的方式,所以你的server.conf里也要把dh dh1024.pem改成dh dh2048.pem.
我看到官方文档好像说把server.conf里的;client-to-client前边的分号;去掉就能解决无法看到client-name.key文件的问题,我没试过,您可以试一试.我使用的是利用openssh重新加密把client-name.key生成client-name.pem.我试过可以解决问题.
如果你配置完本地客户端后发现能连接上但是却上不了网,并且vi /var/log/messages本地日志里发现以下关键字的话,请调整你本地openvpn的配置,我说的是NetworkManager-openvpn里的安全性配置.
Aug 31 12:54:55 JiaYuBlog openvpn[12354]: 112.67.216.135:43944 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Aug 31 12:54:55 JiaYuBlog openvpn[12354]: 112.67.216.135:43944 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Aug 31 12:54:55 JiaYuBlog openvpn[12354]: 112.67.216.135:43944 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Aug 31 12:54:55 JiaYuBlog openvpn[12354]: 112.67.216.135:43944 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Aug 31 12:54:55 JiaYuBlog openvpn[12354]: 112.67.216.135:43944 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Aug 31 12:54:55 JiaYuBlog openvpn[12354]: 112.67.216.135:43944 [client-name] Peer Connection Initiated with [AF_INET]112.67.216.135:43944 Aug 31 12:54:55 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Aug 31 12:54:55 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 MULTI: Learn: 10.8.0.6 -> client-name/112.67.216.135:43944 Aug 31 12:54:55 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 MULTI: primary virtual IP for client-name/112.67.216.135:43944: 10.8.0.6 Aug 31 12:54:57 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 PUSH: Received control message: 'PUSH_REQUEST' Aug 31 12:54:57 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 send_push_reply(): safe_cap=940 Aug 31 12:54:57 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 SENT CONTROL [client-name]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1) Aug 31 12:59:00 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 [client-name] Inactivity timeout (--ping-restart), restarting Aug 31 12:59:00 JiaYuBlog openvpn[12354]: client-name/112.67.216.135:43944 SIGUSR1[soft,ping-restart] received, client-instance restarting
sicnature ---------------------------------------------------------------------
I P 地 址: 3.15.141.151
区 域 位 置: 美国
系 统 信 息:
Original content, please indicate the source:
同福客栈论坛 | 蟒蛇科普 | 海南乡情论坛 | JiaYu Blog
sicnature ---------------------------------------------------------------------
2条评论
openssl rsa -in keys/client-name.key -out keys/client-name.pem
Standard commands
asn1parse ca ciphers cms
crl crl2pkcs7 dgst dh
dhparam dsa dsaparam ec
ecparam enc engine errstr
gendh gendsa genpkey genrsa
nseq ocsp passwd pkcs12
pkcs7 pkcs8 pkey pkeyparam
pkeyutl prime rand req
rsa rsautl s_client s_server
s_time sess_id smime speed
spkac ts verify version
x509
Message Digest commands (see the `dgst’ command for more details)
md2 md4 md5 rmd160
sha sha1
Cipher commands (see the `enc’ command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb
aes-256-cbc aes-256-ecb base64 bf
bf-cbc bf-cfb bf-ecb bf-ofb
camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb
camellia-256-cbc camellia-256-ecb cast cast-cbc
cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des des-cbc des-cfb des-ecb
des-ede des-ede-cbc des-ede-cfb des-ede-ofb
des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea
idea-cbc idea-cfb idea-ecb idea-ofb
rc2 rc2-40-cbc rc2-64-cbc rc2-cbc
rc2-cfb rc2-ecb rc2-ofb rc4
rc4-40 seed seed-cbc seed-cfb
seed-ecb seed-ofb zlib