Kubuntu 16.04.3 e OpenVPN (pacote openvpn): não funciona

Question

Kubuntu 16.04.3 e OpenVPN (pacote openvpn): não funciona

#1 resposta do pim (0 votos)

1

Eu tenho um servidor Ubuntu e o OpenVPN está funcionando bem lá. Eu posso traceroute / ping com sucesso muitos servidores. Também nesta máquina (com ou sem o OpenVPN rodando), o /etc/resolv.conf está pegando os servidores DNS sugeridos pelo meu modem / roteador que são apenas servidores OpenDNS.

Eu configurei o Kubuntu recentemente e configurei o OpenVPN, mas o que eu faço não consigo uma conexão externa. Traceroute / ping falha. Com ou sem o OpenVPN, meu /etc/resolv.conf sempre aponta para 127.0.1.1. Usando o NetworkManager, alterei as entradas DNS do IPv4 DNS para meu dispositivo Wi-Fi e tun0 para apontar para OpenDNS. Eu ainda não tenho conexão externa.

Eu pesquisei pela rede e descobri a necessidade de instalar o pacote network-manager-openvpn. Eu o instalei e, em seguida, importei meu arquivo de configuração OpenVPN (do servidor ubuntu). e ainda sem conexão. (mensagem de log na parte inferior). Meu provedor de VPN fornece apenas o certificado de CA.

Alguma idéia de como corrigir isso?

Obrigado

Configuração do OpenVPN do provedor

client
remote my-server-here.com 1194 udp
remote my-server-here.com 443 tcp-client

pull
auth-user-pass 
comp-lzo adaptive
ca ca.crt
dev tun
tls-client
script-security 2
cipher AES-256-CBC
mute 10

route-delay 5
redirect-gateway def1
resolv-retry infinite
#dhcp-renew
#dhcp-release
persist-key
persist-tun
remote-cert-tls server
mssfix

/ var / log / syslog

Sep 17 11:10:54 tree NetworkManager[3705]: <info>  [1505612454.3007] audit: op="connection-activate" uuid="15e1c79d-d6e8-49e4-83bc-6ea882f99322" name="default" pid=4994 uid=1000 result="success"
Sep 17 11:10:54 tree NetworkManager[3705]: <info>  [1505612454.3074] vpn-connection[0x22ff580,15e1c79d-d6e8-49e4-83bc-6ea882f99322,"default",0]: Started the VPN service, PID 6701
Sep 17 11:10:54 tree NetworkManager[3705]: <info>  [1505612454.3220] vpn-connection[0x22ff580,15e1c79d-d6e8-49e4-83bc-6ea882f99322,"default",0]: Saw the service appear; activating connection
Sep 17 11:10:54 tree NetworkManager[3705]: nm-openvpn-Message: openvpn[6704] started
Sep 17 11:10:54 tree NetworkManager[3705]: <info>  [1505612454.3543] vpn-connection[0x22ff580,15e1c79d-d6e8-49e4-83bc-6ea882f99322,"default",0]: VPN plugin: state changed: starting (3)
Sep 17 11:10:54 tree nm-openvpn[6704]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sep 17 11:10:54 tree nm-openvpn[6704]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Sep 17 11:10:54 tree nm-openvpn[6704]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sep 17 11:10:54 tree nm-openvpn[6704]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 17 11:10:54 tree nm-openvpn[6704]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Sep 17 11:10:54 tree nm-openvpn[6704]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sep 17 11:10:54 tree nm-openvpn[6704]: UDPv4 link local: [undef]
Sep 17 11:10:54 tree nm-openvpn[6704]: UDPv4 link remote: [AF_INET]164.220.22.23:443
Sep 17 11:11:54 tree nm-openvpn[6704]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep 17 11:11:54 tree nm-openvpn[6704]: TLS Error: TLS handshake failed
Sep 17 11:11:54 tree nm-openvpn[6704]: SIGUSR1[soft,tls-error] received, process restarting
Sep 17 11:11:55 tree NetworkManager[3705]: <warn>  [1505612515.0985] vpn-connection[0x22ff580,15e1c79d-d6e8-49e4-83bc-6ea882f99322,"default",0]: VPN connection: connect timeout exceeded.
Sep 17 11:11:55 tree NetworkManager[3705]: libnm-Message: Connect timer expired, disconnecting.
Sep 17 11:11:55 tree NetworkManager[3705]: nm-openvpn-Message: openvpn[6704]: send SIGTERM
Sep 17 11:11:55 tree nm-openvpn[6704]: SIGTERM[hard,init_instance] received, process exiting
Sep 17 11:11:55 tree NetworkManager[3705]: <warn>  [1505612515.1014] vpn-connection[0x22ff580,15e1c79d-d6e8-49e4-83bc-6ea882f99322,"default",0]: VPN plugin: failed: connect-failed (1)
Sep 17 11:11:55 tree NetworkManager[3705]: <info>  [1505612515.1016] vpn-connection[0x22ff580,15e1c79d-d6e8-49e4-83bc-6ea882f99322,"default",0]: VPN plugin: state changed: stopping (5)
Sep 17 11:11:55 tree NetworkManager[3705]: nm-openvpn-Message: openvpn[6704] exited with success
Sep 17 11:11:55 tree NetworkManager[3705]: <info>  [1505612515.1018] vpn-connection[0x22ff580,15e1c79d-d6e8-49e4-83bc-6ea882f99322,"default",0]: VPN plugin: state changed: stopped (6)
Sep 17 11:11:55 tree org.kde.kdeconnect[4181]: "No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/ActiveConnection/6"

por mrjayviper 17.09.2017 / 03:53

1 resposta

“update-alternatives” tenta alocar 184467440715620679668 bytes Ubuntu 16.04 em Asus d541 N bloco ruim [fechado]

score 0 · Answer 1

Esta linha:

Sep 17 11:10:54 tree nm-openvpn[6704]: UDPv4 link remote:[AF_INET]164.220.22.23:443

mostra que openvpn está tentando se conectar usando UDP à porta TCP que você está tentando configurar.

A linha de configuração correspondente deve ser:

remote my-server-here.com 443 tcp

E não tcp-client , tcp-client é uma opção da configuração --proto .

Acho que você está usando duas versões diferentes de openvpn e uma delas é mais rigorosa em relação aos parâmetros.