几个月,如果不是几周的话,我已经通过 OpenSuse 上的“NetworkManager”与 ExpressVPN 服务器建立了功能齐全的连接,但现在,突然,它在每次尝试连接到任何 VPN 服务器时都报告“激活失败”——我添加了多个 VPN 服务器以确保问题出在我的机器上。
以下是sudo journalctl -fu NetworkManager
打印出来的内容——因为我不确定哪些信息可以留下哪些不可以,我将编辑其中的一些信息,这些信息可能应该公开:
NetworkManager[12792]: <info> [1685282870.1677] vpn[redacted,redacted,"New vpn connection"]: starting openvpn
NetworkManager[12792]: <info> [1685282870.1681] audit: op="connection-activate" uuid="redacted" name="New vpn connection" pid=14141 uid=1000 result="success"
nm-openvpn[3441]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
nm-openvpn[3441]: OpenVPN 2.6.4 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
nm-openvpn[3441]: library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
nm-openvpn[3441]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
nm-openvpn[3441]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nm-openvpn[3441]: TCP/UDP: Preserving recently used remote address: [AF_INET]45.132.226.118:1195
nm-openvpn[3441]: UDPv4 link local: (not bound)
nm-openvpn[3441]: UDPv4 link remote: [AF_INET]45.132.226.118:1195
nm-openvpn[3441]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
NetworkManager[12792]: <warn> [1685282930.2749] vpn[redacted,redacted,"New vpn connection"]: connect timeout exceeded
nm-openvpn-serv[3435]: Connect timer expired, disconnecting.
nm-openvpn[3441]: SIGTERM received, sending exit notification to peer
nm-openvpn[3441]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
nm-openvpn[3441]: TLS Error: TLS handshake failed
nm-openvpn[3441]: Converting soft SIGUSR1 received during exit notification to SIGTERM
nm-openvpn[3441]: SIGTERM[soft,exit-with-notification] received, process exiting
我已经尝试启用“TLS-Auth”和“TLS-Crypt”选项,当然,我提供了 *-tls-auth.pem 文件。但我仍然得到同样的信息。
尝试通过两种方式建立 VPN 连接:
自动通过 *.ovpn 文件这导致了以下输出
NetworkManager[12792]: <info> [1685280959.0985] audit: op="connection-activate" uuid="redacted" name="MY_VPN" pid=14141 uid=1000 result="success" NetworkManager[31100]: Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: keysize (2.6.4) NetworkManager[31100]: Use --help for more information. NetworkManager[12792]: <warn> [1685280959.1498] vpn[redacted,redacted,"MY_VPN"]: dbus: failure: connect-failed (1) NetworkManager[12792]: <warn> [1685280959.1498] vpn[redacted,redacted,"MY_VPN"]: dbus: failure: connect-failed (1)
由于 OpenVPN 更新到 2.4 版,这似乎已经改变。
手动从 *.ovpn 文件中提取所有字段,这导致了我在开头提到的输出。
是的,我问了 ChatGPT 4,它也没有帮助,所以我想需要真正的智能而不是人工智能。
因此,我能够通过使用 OpenVPN 工具本身而不是网络管理器的内置功能连接到 VPN 来解决这个问题。
不过,要实现这一点,需要通过删除定义选项的行来修改 OVPN 文件
keysize
,从版本 2.6 开始,似乎不再支持该选项(文档)。编辑:澄清一下,它与防火墙或任何其他连接问题无关。问题似乎出在 OpenSuse 的网络管理器上。