我在 Synology Router 上设置了 OpenVPN 服务器,但无法让 IPv4 和 IPv6 连接正常工作。最初,我在弄清楚这一点时非常头疼,但我已将其缩小到这一点:我可以通过它的 IPv6 地址成功连接到我的 OpenVPN 服务器,但每次仅通过 IPv4 地址连接都会失败。
我正在通过使用 DDNS 设置的域名进行连接。如果我手动将记录设置为仅 IPv4 地址,它当然会失败。一旦我更新 IPv6 记录,它就会正常工作。
我已经在几个不同的客户端和网络上对此进行了测试,以确保它不是我的客户端所在的网络。
这是我的服务器配置: 服务器配置
和客户端配置文件:
dev tun
tls-client
remote my.domain.com 1194
redirect-gateway def1
pull
proto udp
script-security 2
reneg-sec 0
auth SHA1
cipher AES-128-CBC
auth-user-pass
key-direction 1
comp-lzo
explicit-exit-notify
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
这是客户端连接日志文件,已针对个人信息进行了编辑:
5/20/2020, 1:03:10 AM OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Feb 19 2020 17:36:01
⏎5/20/2020, 1:03:10 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/20/2020, 1:03:10 AM UNUSED OPTIONS
1 [tls-client]
4 [pull]
6 [script-security] [2]
13 [explicit-exit-notify]
⏎5/20/2020, 1:03:10 AM EVENT: RESOLVE
⏎5/20/2020, 1:03:10 AM EVENT: WAIT
⏎5/20/2020, 1:03:10 AM Contacting 104.232.115.21:1194 via UDP
⏎5/20/2020, 1:03:10 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:03:20 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:03:20 AM EVENT: RECONNECTING
⏎5/20/2020, 1:03:20 AM EVENT: RESOLVE
⏎5/20/2020, 1:03:20 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:03:20 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:03:20 AM EVENT: WAIT
⏎5/20/2020, 1:03:30 AM Server poll timeout, trying next remote entry...
5 次尝试失败,直到超时:
⏎5/20/2020, 1:04:10 AM EVENT: CONNECTION_TIMEOUT
⏎5/20/2020, 1:04:10 AM EVENT: DISCONNECTED
现在尝试 IPv6 地址
⏎5/20/2020, 1:04:46 AM OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Feb 19 2020 17:36:01
⏎5/20/2020, 1:04:46 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/20/2020, 1:04:46 AM UNUSED OPTIONS
1 [tls-client]
4 [pull]
6 [script-security] [2]
13 [explicit-exit-notify]
⏎5/20/2020, 1:04:46 AM EVENT: RESOLVE
⏎5/20/2020, 1:04:46 AM EVENT: WAIT
⏎5/20/2020, 1:04:46 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:04:46 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:04:56 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:04:56 AM EVENT: RECONNECTING
⏎5/20/2020, 1:04:56 AM EVENT: RESOLVE
⏎5/20/2020, 1:04:56 AM EVENT: WAIT
⏎5/20/2020, 1:04:56 AM Contacting 104.232.115.21:1194 via UDP
⏎5/20/2020, 1:04:56 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:05:06 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:05:06 AM EVENT: RECONNECTING
⏎5/20/2020, 1:05:06 AM EVENT: RESOLVE
⏎5/20/2020, 1:05:06 AM EVENT: WAIT
⏎5/20/2020, 1:05:06 AM Contacting [xxxx::xxxx]:1194 via UDP
⏎5/20/2020, 1:05:06 AM Connecting to [my.domain.com]:1194 (xxxx::xxxx) via UDPv6
⏎5/20/2020, 1:05:06 AM EVENT: CONNECTING
⏎5/20/2020, 1:05:06 AM Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
⏎5/20/2020, 1:05:06 AM Creds: Username/Password
⏎5/20/2020, 1:05:06 AM Peer Info:
IV_GUI_VER=OCmacOS_3.1.2-572
IV_VER=3.git::15c71c44
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
⏎5/20/2020, 1:05:06 AM VERIFY OK : depth=1
Certificate Information
⏎5/20/2020, 1:05:06 AM VERIFY OK : depth=0
Certificate Information
⏎5/20/2020, 1:05:08 AM SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
⏎5/20/2020, 1:05:08 AM Session is ACTIVE
⏎5/20/2020, 1:05:08 AM Sending PUSH_REQUEST to server...
⏎5/20/2020, 1:05:08 AM EVENT: GET_CONFIG
⏎5/20/2020, 1:05:09 AM EVENT: DISCONNECTED
如您所见,使用 IPv6 地址时,它可以正常连接。但是当尝试连接 IPv4 地址时,它每次都会失败。这与我的 ISP 阻止某些 UDP 数据包有关吗?我很好奇为什么它只适用于 IPv6。
只花了几个小时的故障排除,但我想通了,现在看起来很明显,我不想承认。
在这一切开始时,我从 Synology 阅读了一些需要在路由器上设置端口转发规则的错误文档。但是他们忽略了提到如果您在路由器本身上使用 VPN 服务器,您不应该这样做!
我一起删除了端口转发规则,仔细检查了我的防火墙规则并让它正常工作。