设为首页收藏本站
切换到宽版

全球主机交流论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

全球主机交流论坛»论坛 主机综合交流 美国VPS综合讨论 求救啊!OpenVZ下安装Openvpn的问题
CeraNetworks网络延迟测速工具IP归属甄别会员请立即修改密码
12下一页
返回列表 发新帖
查看: 5352|回复: 10

[已解决] 求救啊!OpenVZ下安装Openvpn的问题

[复制链接]
solemn
发表于 2010-1-1 06:18:42 | 显示全部楼层 |阅读模式
实在搞不定了,弄了一个通宵了,看了n多教程,本论坛内所有关于openvpn的帖子都看了,仍不知道问题出在哪里,求高人救命,日志如下:
Fri Jan 01 06:14:17 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Fri Jan 01 06:14:17 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 01 06:14:17 2010 LZO compression initialized
Fri Jan 01 06:14:17 2010 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jan 01 06:14:17 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jan 01 06:14:17 2010 Local Options hash (VER=V4): '69109d17'
Fri Jan 01 06:14:17 2010 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri Jan 01 06:14:17 2010 Attempting to establish TCP connection with 216.245.199.43:1194
Fri Jan 01 06:14:18 2010 TCP connection established with 216.245.199.43:1194
Fri Jan 01 06:14:18 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 01 06:14:18 2010 TCPv4_CLIENT link local: [undef]
Fri Jan 01 06:14:18 2010 TCPv4_CLIENT link remote: 216.245.199.43:1194
Fri Jan 01 06:14:18 2010 TLS: Initial packet from 216.245.199.43:1194, sid=dac16c90 ba904260
Fri Jan 01 06:14:21 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=CN/ST=HB/L=WH/O=SOLEMN/CN=mnizz/emailAddress=cnhacker@live.com
Fri Jan 01 06:14:21 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jan 01 06:14:21 2010 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 01 06:14:21 2010 TLS Error: TLS handshake failed
Fri Jan 01 06:14:21 2010 Fatal TLS error (check_tls_errors_co), restarting
Fri Jan 01 06:14:21 2010 TCP/UDP: Closing socket
Fri Jan 01 06:14:21 2010 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 01 06:14:21 2010 Restart pause, 5 second(s)
Fri Jan 01 06:14:26 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 01 06:14:26 2010 Re-using SSL/TLS context
Fri Jan 01 06:14:26 2010 LZO compression initialized
Fri Jan 01 06:14:26 2010 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jan 01 06:14:26 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jan 01 06:14:26 2010 Local Options hash (VER=V4): '69109d17'
Fri Jan 01 06:14:26 2010 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri Jan 01 06:14:26 2010 Attempting to establish TCP connection with 216.245.199.43:1194
Fri Jan 01 06:14:26 2010 TCP/UDP: Closing socket
Fri Jan 01 06:14:26 2010 SIGTERM[hard,init_instance] received, process exiting
恳请高手或有过安装经验的人不吝赐教,成功后第一时间服务大家!

[ 本帖最后由 solemn 于 2010-1-1 09:05 编辑 ]
回复

举报

solemn
 楼主| 发表于 2010-1-1 07:56:56 | 显示全部楼层
昏啊,来人救命啊,zhihao啊,帮忙啊!搞了一晚上都没搞定,结果半夜发个帖子还遇上一条疯狗乱咬,心烦意乱啊!
回复 支持 反对

举报

solemn
 楼主| 发表于 2010-1-1 08:33:24 | 显示全部楼层
晕,证书认证问题搞定了,最后一步貌似又不行了:
Fri Jan 01 08:31:11 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Fri Jan 01 08:31:11 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 01 08:31:11 2010 LZO compression initialized
Fri Jan 01 08:31:11 2010 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jan 01 08:31:11 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jan 01 08:31:11 2010 Local Options hash (VER=V4): '69109d17'
Fri Jan 01 08:31:11 2010 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri Jan 01 08:31:11 2010 Attempting to establish TCP connection with 216.245.199.43:1194
Fri Jan 01 08:31:11 2010 TCP connection established with 216.245.199.43:1194
Fri Jan 01 08:31:11 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 01 08:31:11 2010 TCPv4_CLIENT link local: [undef]
Fri Jan 01 08:31:11 2010 TCPv4_CLIENT link remote: 216.245.199.43:1194
Fri Jan 01 08:31:11 2010 TLS: Initial packet from 216.245.199.43:1194, sid=33b98a18 6a72e12c
Fri Jan 01 08:31:13 2010 VERIFY OK: depth=1, /C=CN/ST=HB/L=WH/O=SOLEMN/CN=server/emailAddress=cnhacker@live.com
Fri Jan 01 08:31:13 2010 VERIFY OK: nsCertType=SERVER
Fri Jan 01 08:31:13 2010 VERIFY OK: depth=0, /C=CN/ST=HB/L=WH/O=SOLEMN/CN=server/emailAddress=cnhacker@live.com
Fri Jan 01 08:31:19 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 01 08:31:19 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 01 08:31:19 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jan 01 08:31:19 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 01 08:31:19 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 01 08:31:19 2010 [server] Peer Connection Initiated with 216.245.199.43:1194
Fri Jan 01 08:31:22 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Jan 01 08:31:23 2010 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Jan 01 08:31:23 2010 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 01 08:31:23 2010 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 01 08:31:23 2010 OPTIONS IMPORT: route options modified
Fri Jan 01 08:31:23 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jan 01 08:31:23 2010 ROUTE default_gateway=221.235.57.206
Fri Jan 01 08:31:23 2010 CreateFile failed on TAP device: \\.\Global\{771A205E-811F-43E2-BB0F-A6B6A84EBE76}.tap
Fri Jan 01 08:31:23 2010 All TAP-Win32 adapters on this system are currently in use.
Fri Jan 01 08:31:23 2010 Exiting
回复 支持 反对

举报

Meiam
发表于 2010-1-1 08:41:13 | 显示全部楼层
用这个
http://www.hostloc.com/thread-8474-1-6.html
回复 支持 反对

举报

solemn
 楼主| 发表于 2010-1-1 09:05:37 | 显示全部楼层
Ok,搞定了,是虚拟网卡没启动,汗一个!仍然感谢大家!
回复 支持 反对

举报

cpuer
发表于 2010-1-1 11:03:34 | 显示全部楼层

回复 5# 的帖子

虚拟网卡没启动,学习了
回复 支持 反对

举报

solemn
 楼主| 发表于 2010-1-1 12:01:39 | 显示全部楼层
一点经验:
一楼的错误是证书生成过程中有错误,所以验证失败。三楼的错误是虚拟网卡没启动。
不过现在连上了,错误更多了
首先是选择的tcp,结果连上不到两分钟必然没速度!搜索看了下,很多人都有这个问题,貌似暂时还没人给出彻底解决方法,我试过好多方法,都不行!
现在另一个问题:我换作udp协议后,可以连上,但是无法连外网,只能ping通服务器。我的vps是openvz的,貌似不支持那个什么iptables -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE,会提示出错,但是iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to-source ip 就不会出错。实在难以理解!!!
回复 支持 反对

举报

cpuer
发表于 2010-1-1 13:50:29 | 显示全部楼层

回复 7# 的帖子

OpenVZ架构的VPS没有eth0,所以你前面的命令会出错。
回复 支持 反对

举报

solemn
 楼主| 发表于 2010-1-1 14:08:20 | 显示全部楼层

回复 8# 的帖子

不是的,我把eth0换成venet0,还是会出错
现在无论tcp还是udp,连上之后访问不了外网,连网关都ping不通,疯了疯了!
回复 支持 反对

举报

qiqi13245
发表于 2010-1-1 14:14:45 | 显示全部楼层



用echo 1 > /proc/sys/net/ipv4/ip_forward这个吧。。我的珍藏。。
回复 支持 反对

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

Archiver|手机版|小黑屋|全球主机交流论坛

GMT+8, 2024-5-11 13:49 , Processed in 0.065025 second(s), 9 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表