“Menunggu respons server” di OpenVPN

3

Saya membuat VPN dengan OpenVPN di Rapsberry Pi 3 saya (Ubuntu Mate) dengan tutorial ini: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing . Tetapi ketika saya mencoba menghubungkan komputer saya di VPN saya dengan Tunnelblick, saya memiliki kesalahan ini:

http://www.auplod.com/u/adopul8dd8a.gif

Ini file lognya:

2016-12-18 21:48:55 us=588356 Current Parameter Settings:
2016-12-18 21:48:55 us=588588   config = '/.../config.ovpn'
2016-12-18 21:48:55 us=588603   mode = 0
2016-12-18 21:48:55 us=588613   show_ciphers = DISABLED
2016-12-18 21:48:55 us=588623   show_digests = DISABLED
2016-12-18 21:48:55 us=588632   show_engines = DISABLED
2016-12-18 21:48:55 us=588641   genkey = DISABLED
2016-12-18 21:48:55 us=588651   key_pass_file = '[UNDEF]'
2016-12-18 21:48:55 us=588661   show_tls_ciphers = DISABLED
2016-12-18 21:48:55 us=588670 Connection profiles [default]:
2016-12-18 21:48:55 us=588683   proto = udp
2016-12-18 21:48:55 us=588693   local = '[UNDEF]'
2016-12-18 21:48:55 us=588703   local_port = 0
2016-12-18 21:48:55 us=588712   remote = 'MYIP'
2016-12-18 21:48:55 us=588722   remote_port = 1194
2016-12-18 21:48:55 us=588731   remote_float = DISABLED
2016-12-18 21:48:55 us=588741   bind_defined = DISABLED
2016-12-18 21:48:55 us=588750   bind_local = DISABLED
2016-12-18 21:48:55 us=588760   connect_retry_seconds = 5
2016-12-18 21:48:55 us=588769   connect_timeout = 10
2016-12-18 21:48:55 us=588778 NOTE: --mute triggered...
2016-12-18 21:48:55 us=588799 255 variation(s) on previous 20 message(s) suppressed by --mute
2016-12-18 21:48:55 us=588812 OpenVPN 2.3.12 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Nov 17 2016
2016-12-18 21:48:55 us=588830 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
2016-12-18 21:48:55 us=589832 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1339
2016-12-18 21:48:55 us=589940 Need hold release from management interface, waiting...
2016-12-18 21:48:55 us=998065 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1339
2016-12-18 21:48:55 *Tunnelblick: openvpnstart starting OpenVPN
2016-12-18 21:48:56 *Tunnelblick: Established communication with OpenVPN
2016-12-18 21:48:56 *Tunnelblick: Obtained passphrase from the Keychain
2016-12-18 21:48:56 us=15623 MANAGEMENT: CMD 'pid'
2016-12-18 21:48:56 us=15778 MANAGEMENT: CMD 'state on'
2016-12-18 21:48:56 us=15946 MANAGEMENT: CMD 'state'
2016-12-18 21:48:56 us=16068 MANAGEMENT: CMD 'bytecount 1'
2016-12-18 21:48:56 us=16155 MANAGEMENT: CMD 'hold release'
2016-12-18 21:48:56 us=16395 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-12-18 21:48:56 us=37387 MANAGEMENT: CMD 'password [...]'
2016-12-18 21:48:56 us=37565 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-12-18 21:48:56 us=38716 Control Channel Authentication: tls-auth using INLINE static key file
2016-12-18 21:48:56 us=38788 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-12-18 21:48:56 us=38840 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-12-18 21:48:56 us=38914 LZO compression initialized
2016-12-18 21:48:56 us=39034 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2016-12-18 21:48:56 us=39119 Socket Buffers: R=[196724->196724] S=[9216->9216]
2016-12-18 21:48:56 us=39180 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
2016-12-18 21:48:56 us=39241 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2016-12-18 21:48:56 us=39289 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2016-12-18 21:48:56 us=39340 Local Options hash (VER=V4): '272f1b58'
2016-12-18 21:48:56 us=39392 Expected Remote Options hash (VER=V4): 'a2e63101'
2016-12-18 21:48:56 us=39444 UDPv4 link local: [undef]
2016-12-18 21:48:56 us=39496 UDPv4 link remote: [AF_INET]myip:1194
2016-12-18 21:48:56 us=39561 MANAGEMENT: >STATE:1482094136,WAIT,,,
2016-12-18 21:48:56 us=39689 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2016-12-18 21:48:58 us=416600 UDPv4 WRITE [42] to [AF_INET]MYIP:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:03 us=192515 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:11 us=502022 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:27 us=831284 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0

Ini adalah file konfigurasi:

local 192.168.1.21
dev tun
proto udp 
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/NissaVPN.crt 
key /etc/openvpn/easy-rsa/keys/NissaVPN.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem 
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.21 255.255.255.0" 
push "dhcp-option DNS 192.168.1.1" 
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

Berikut adalah kunci RSA default:

client
dev tun
proto udp
remote MYIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20

Ini adalah file firewall openvpn:

#!/bin/sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.21

Apa yang bisa saya lakukan untuk memperbaikinya? Saya menonaktifkan firewall saya dan router saya dikonfigurasi.

Lulucmy
sumber
Tidak ada detail yang cukup. Harap berikan file konfigurasi klien dan server, termasuk verb 3log klien lengkap .
Daniel B
Halo, saya baru saja menambahkan log dan file. Terima kasih :)
Lulucmy
Masih belum verb 3, tapi terserahlah. Saya berasumsi MYIPadalah alamat IP eksternal Anda (saat ini), bukan? Dari mana Anda mencoba terhubung ke sana? Dari belakang router Anda? Ketika Anda mengatakan "router dikonfigurasi", apakah itu berarti Anda mengatur penerusan port untuk port 1194 UDP?
Daniel B
Ya, saya mengatur port forwarding, saya mencoba menghubungkan di rumah saya. Maaf, tapi saya tidak tahu apa itu "kata kerja 3": / ...
Lulucmy
Router Anda mungkin tidak mendukung NAT jepit rambut. Jadi menghubungkan ke alamat IP publik Anda tidak akan berhasil. Hubungkan ke alamat IP internal Anda. // Itu pilihan, verbosity. Anda sekarang punya verb 1. Untuk mendiagnosis kesalahan, Anda harus meningkatkannya.
Daniel B

Jawaban:

2

Saya akhirnya menyelesaikan masalah saya: Itu karena router saya, saya belum memperbarui untuk waktu yang lama. Dan di akhir pembaruan, semuanya bekerja :)

Terima kasih

Lulucmy
sumber
Senang Anda bisa memperbaikinya sendiri. Firmware apa yang dijalankan router Anda sebelum pembaruan? Apa model router Anda? Dan apa firmware Anda saat ini di mana masalah ini diselesaikan? Ini semua bisa membantu orang lain yang mengalami masalah serupa.
music2myear
Ini adalah Livebox (router Prancis)
Lulucmy
Tapi saya bisa masuk web ... Apakah Anda merekomendasikan saya untuk membuka posting baru?
Lulucmy
Jika Anda mengalami masalah baru, ya, buat pertanyaan baru.
music2myear