xukai 于 2009-06-03 17:34(15 年以前) 发表:
Wed Jun 03 13:40:30 2009 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
Wed Jun 03 13:40:30 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 03 13:40:30 2009 Cannot load certificate file xukai.crt: error:02001002:scd: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Wed Jun 03 13:40:30 2009 Exiting
我按照楼主的做下来,连接的时候的报错,上面是log中的文件。
报错是connecting to client has failed.
XiaoHui 回复于 2009-06-03 18:10:
证书的配置没有做对。
xukai 于 2009-06-03 18:21(15 年以前) 发表:
Wed Jun 03 16:10:32 2009 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
Wed Jun 03 16:10:32 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 03 16:10:32 2009 LZO compression initialized
Wed Jun 03 16:10:32 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 03 16:10:32 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 03 16:10:32 2009 Local Options hash (VER=V4): '41690919'
Wed Jun 03 16:10:32 2009 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jun 03 16:10:32 2009 UDPv4 link local (bound): [undef]:1194
Wed Jun 03 16:10:32 2009 UDPv4 link remote: 192.168.242.144:1194
Wed Jun 03 16:10:32 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:34 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:37 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:38 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:40 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:42 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:45 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:47 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:50 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:52 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:55 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:56 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:58 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:01 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:03 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:06 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:08 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:11 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:13 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:15 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:17 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:19 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:21 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:24 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:25 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:27 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:29 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:31 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:32 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 03 16:11:32 2009 TLS Error: TLS handshake failed
Wed Jun 03 16:11:32 2009 TCP/UDP: Closing socket
Wed Jun 03 16:11:32 2009 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 03 16:11:32 2009 Restart pause, 2 second(s)
上面的问题解决了,现在老这样了,请问怎么回事?
XiaoHui 回复于 2009-06-03 22:32:
客户端与服务端的物理链接不通。确认 1194 端口是开的,客户端与服务端能够正常PING通。下面是 OPENVPN 官方解释,你自己对照排除一下:
You get the error message: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity). This error indicates that the client was unable to establish a network connection with the server.
Solutions:
- Make sure the client is using the correct hostname/IP address and port number which will allow it to reach the OpenVPN server.
- If the OpenVPN server machine is a single-NIC box inside a protected LAN, make sure you are using a correct port forward rule on the server's gateway firewall. For example, suppose your OpenVPN box is at 192.168.4.4 inside the firewall, listening for client connections on UDP port 1194. The NAT gateway servicing the 192.168.4.x subnet should have a port forward rule that says forward UDP port 1194 from my public IP address to 192.168.4.4.
- Open up the server's firewall to allow incoming connections to UDP port 1194 (or whatever TCP/UDP port you have configured in the server config file).