尝试设置 OpenVPN 以将 android 设备连接回我的家庭网络。目前我可以连接到 VPN 但无法传输任何数据,IE 无法 ping,无法访问站点等。这是我的服务器配置文件
port 1234
proto udp
dev tap
dev-node tap-bridge
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
topology subnet
push "topology subnet"
ifconfig-pool-persist ipp.txt
server-bridge 172.26.0.2 255.255.255.248 172.26.0.3 172.26.0.5
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
这是我的客户端配置
client
dev tap
dev-node tap-bridge
proto udp
remote **** 1234
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
topology subnet
这是来自 VPN 服务器的状态窗口
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 TLS: Initial packet from [AF_INET6]::ffff:174.215.16.183:15438, sid=8c2f0064 9d7a75c8
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 VERIFY OK: depth=1, CN=example.com
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 VERIFY OK: depth=0, CN=Client1
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_VER=3.git::662eae9a:Release
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_PLAT=android
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_NCP=2
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_TCPNL=1
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_PROTO=2
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_AUTO_SESS=1
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 peer info: IV_SSO=openurl
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1589', remote='link-mtu 1557'
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Mon Nov 8 20:50:33 2021 174.215.16.183:15438 [Client1] Peer Connection Initiated with [AF_INET6]::ffff:174.215.16.183:15438
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI_sva: pool returned IPv4=172.26.0.3, IPv6=(Not enabled)
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 SENT CONTROL [Client1]: 'PUSH_REPLY,topology subnet,route-gateway 172.26.0.2,ping 10,ping-restart 120,ifconfig 172.26.0.3 255.255.255.248,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI: Learn: 00:01:fe:80:00:00@0 -> Client1/174.215.16.183:15438
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI: Learn: 3a:ff:fe:80:00:00@0 -> Client1/174.215.16.183:15438
最后,这是来自 android 设备的日志。
20:10:43.123 -- ----- OpenVPN Start -----
20:10:43.124 -- EVENT: CORE_THREAD_ACTIVE
20:10:43.126 -- OpenVPN core 3.git::662eae9a:Release android arm64 64-bit PT_PROXY
20:10:43.127 -- Frame=512/2048/512 mssfix-ctrl=1250
20:10:43.127 -- UNUSED OPTIONS
1 [dev-node] [tap-bridge]
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
13 [verb] [3]
20:10:43.128 -- EVENT: RESOLVE
20:10:43.130 -- Contacting 1.2.3.4:1234 via UDP
20:10:43.131 -- EVENT: WAIT
20:10:43.132 -- Connecting to [example.com]:1234 (1.2.3.4) via UDPv4
20:10:43.200 -- EVENT: CONNECTING
20:10:43.204 -- Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
20:10:43.204 -- Creds: UsernameEmpty/PasswordEmpty
20:10:43.205 -- Peer Info:
IV_VER=3.git::662eae9a:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.2.5-7182
IV_SSO=openurl
20:10:43.296 -- VERIFY OK: depth=1, /CN=example
20:10:43.297 -- VERIFY OK: depth=0, /CN=server
20:10:43.428 -- SSL Handshake: CN=server, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
20:10:43.429 -- Session is ACTIVE
20:10:43.429 -- EVENT: GET_CONFIG
20:10:43.432 -- Sending PUSH_REQUEST to server...
20:10:43.486 -- OPTIONS:
0 [topology] [subnet]
1 [route-gateway] [172.26.0.2]
2 [ping] [10]
3 [ping-restart] [120]
4 [ifconfig] [172.26.0.3] [255.255.255.248]
5 [peer-id] [0]
6 [cipher] [AES-256-GCM]
20:10:43.487 -- PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
compress: NONE
peer ID: 0
20:10:43.488 -- EVENT: ASSIGN_IP
20:10:43.499 -- Connected via tun
20:10:43.500 -- EVENT: CONNECTED info='example.com:6832 (1.2.3.4) via /UDPv4 on tun/172.26.0.3/ gw=[172.26.0.2/]'
20:10:43.992 -- TUN write exception: write_some: Invalid argument
20:10:44.012 -- TUN write exception: write_some: Invalid argument
20:10:44.013 -- TUN write exception: write_some: Invalid argument
当从 android 设备发送指向 VPN 服务器(172.26.0.2)的 ping 时,我没有得到服务器的响应,但是服务器日志中的底线继续增长,我认为 mac 地址每次 ping 都会发生变化。当尝试从 LAN、网站、相机等请求某些内容时,也会发生这种情况。
Mon Nov 8 20:50:33 2021 Client1/174.215.16.183:15438 MULTI: Learn: 3a:ff:fe:80:00:00@0 -> Client1/174.215.16.183:15438
在 android 日志中,最后一行只是每隔几秒左右重复一次。
20:10:44.013 -- TUN write exception: write_some: Invalid argument