OPENVPN服务端设置好后如何用OpenVPN GUI连接？

coolglay · 发表于 2018-7-3 11:10:39

按官方教程设置好OPENVPN服务端，并通过https://openvpn.net/index.php/open-source/downloads.html下载了客户端，但不知道如何连接，提示需要导入.ovpn格式的文件，而爱快OPENVPN服务端生成的配置文件却是OpenVPN-Client.conf，有没有大神懂的？

PS：我看过爱快官方客户端教程https://www.ikuai8.com/support_article.php?id=0000000669，但这好像说的是两边都使用爱快设备的方法

hmtaohan · 发表于 2019-6-25 15:06:53

coolglay 发表于 2018-7-6 22:17
谢谢！问题已解决

你好，我遇到和你一样的问题，改成TAP 客户端连接成功，改成tun不行，你是怎样解决的谢谢:handshake

coolglay · 发表于 2018-7-3 11:19:05

本帖最后由 coolglay 于 2018-7-3 11:25 编辑

把配置快件改成.ovpn后，终于可以连接了，但出错，日志如下

Tue Jul 03 11:16:59 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Tue Jul 03 11:16:59 2018 Windows version 6.1 (Windows 7) 64bit
Tue Jul 03 11:16:59 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Tue Jul 03 11:16:59 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jul 03 11:16:59 2018 Need hold release from management interface, waiting...
Tue Jul 03 11:17:00 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jul 03 11:17:00 2018 MANAGEMENT: CMD 'state on'
Tue Jul 03 11:17:00 2018 MANAGEMENT: CMD 'log all on'
Tue Jul 03 11:17:00 2018 MANAGEMENT: CMD 'echo all on'
Tue Jul 03 11:17:00 2018 MANAGEMENT: CMD 'bytecount 5'
Tue Jul 03 11:17:00 2018 MANAGEMENT: CMD 'hold off'
Tue Jul 03 11:17:00 2018 MANAGEMENT: CMD 'hold release'
Tue Jul 03 11:17:12 2018 MANAGEMENT: CMD 'username "Auth" "rex"'
Tue Jul 03 11:17:12 2018 MANAGEMENT: CMD 'password [...]'
Tue Jul 03 11:17:12 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 03 11:17:12 2018 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Jul 03 11:17:12 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]139.216.183.69:1194
Tue Jul 03 11:17:12 2018 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jul 03 11:17:12 2018 UDP link local: (not bound)
Tue Jul 03 11:17:12 2018 UDP link remote: [AF_INET]139.226.173.59:1194
Tue Jul 03 11:17:12 2018 MANAGEMENT: >STATE:1530587832,WAIT,,,,,,
Tue Jul 03 11:17:12 2018 MANAGEMENT: >STATE:1530587832,AUTH,,,,,,
Tue Jul 03 11:17:12 2018 TLS: Initial packet from [AF_INET]139.226.173.59:1194, sid=c7f08ec3 9dc805bf
Tue Jul 03 11:17:12 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 03 11:17:13 2018 VERIFY OK: depth=1, C=CN, O=iKuai, CN=iKuai Device CA
Tue Jul 03 11:17:13 2018 VERIFY OK: depth=0, C=CN, O=iKuai, CN=iKuai OpenVPN Server
Tue Jul 03 11:17:13 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jul 03 11:17:13 2018 [iKuai OpenVPN Server] Peer Connection Initiated with [AF_INET]139.226.173.59:1194
Tue Jul 03 11:17:14 2018 MANAGEMENT: >STATE:1530587834,GET_CONFIG,,,,,,
Tue Jul 03 11:17:14 2018 SENT CONTROL [iKuai OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Tue Jul 03 11:17:14 2018 PUSH: Received control message: 'PUSH_REPLY,route 10.7.0.0 255.255.0.0,route 10.7.7.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.7.7.50 10.7.7.1'
Tue Jul 03 11:17:14 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 03 11:17:14 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 03 11:17:14 2018 OPTIONS IMPORT: route options modified
Tue Jul 03 11:17:14 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 03 11:17:14 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jul 03 11:17:14 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 03 11:17:14 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 03 11:17:14 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jul 03 11:17:14 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 03 11:17:14 2018 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Tue Jul 03 11:17:14 2018 MANAGEMENT: Client disconnected
Tue Jul 03 11:17:14 2018 There is a problem in your selection of --ifconfig endpoints [local=10.7.7.50, remote=10.7.7.1].  The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.  This is a limitation of --dev tun when used with the TAP-WIN32 driver.  Try 'openvpn --show-valid-subnets' option for more info.
Tue Jul 03 11:17:14 2018 Exiting due to fatal error

coolglay · 发表于 2018-7-3 11:31:51

发现把隧道类型从TUN改成TAP，再生成配置文件导入，就能连接成功了！官方，这是BUG吗？

fhlmshxha · 发表于 2018-7-3 16:10:37

coolglay 发表于 2018-7-3 11:31
发现把隧道类型从TUN改成TAP，再生成配置文件导入，就能连接成功了！官方，这是BUG吗？ ...

不是BUG，那是因为你的客户端和服务器端网络问题！

coolglay · 发表于 2018-7-5 11:56:28

fhlmshxha 发表于 2018-7-3 16:10
不是BUG，那是因为你的客户端和服务器端网络问题！

具体是什么原因导致的呢？大神可否提示一下

朝颜.net · 发表于 2018-7-5 16:49:45

coolglay 发表于 2018-7-5 11:56
具体是什么原因导致的呢？大神可否提示一下

参考这个说明：

OpenVPN固定IP只适用于使用爱快路由以及Linux作为客户端连接，并不保证兼容所有客户端，请不要在iOS、安卓、Windows等系统下以设置固定IP的账号拨OpenVPN。

爱快技术支持04 · 发表于 2018-7-5 18:16:19

楼主您好
1.爱快这边openVPN服务端生成的配置文件确实是.conf的格式。至于中间如何转换成爱快的格式，这个您需要自己去确认了
2.根据您目前提供的信息这边能够判断出的是根据您日志里的子网掩码，能够判断出的是您客户端指定了固定IP。而您使用的客户端是WINDOWS系统做的openVPN客户端。根据我的了解一般openVPN客户端的工具都会支持TUN和TAP。所以，这边怀疑两个问题
（1）要么是您的widows客户端的oepnVPN工具不支持TUN
（2）要么是TUN下不支持固定IP
另外在建立openVPN的时候，还需要注意的是爱快服务端不校验客户端证书。客户端证书和私钥可不填写。如果非爱快设备，服务端要求客户端校验证书，那么客户端证书，由服务端提供。如果有想更改对应证书和密钥的，可以通过OPENVPNSSL生成；如果没有或不懂怎么生成的，使用默认的证书和密钥即可
同时您也可以测试验证下，不使用固定IP的条件下，使用相同的配置是否可以连接成功。就能定位问题点了

coolglay · 发表于 2018-7-6 22:17:08

爱快技术支持04 发表于 2018-7-5 18:16
楼主您好
1.爱快这边openVPN服务端生成的配置文件确实是.conf的格式。至于中间如何转换成爱快的格式，这个 ...

谢谢！问题已解决

爱快技术支持04 · 发表于 2018-7-9 10:48:02

coolglay 发表于 2018-7-6 22:17
谢谢！问题已解决

不客气。感谢您对爱快的支持与信赖:handshake

yblaiqyy · 发表于 2019-6-22 23:15:45

咋弄的，我也正在弄这个问题

		自动登录	找回密码
密码			立即注册

[问题反馈] OPENVPN服务端设置好后如何用OpenVPN GUI连接？

站长推荐 /1