Question

我的办公室里有几台机器可以连接到使用 OpenVPN （UDP）的服务器，因为它的 .ovpn 文件。我也可以从我的个人计算机连接到同一台服务器，该计算机位于另一个网络中。我还能够从运行Windows Server 2012的干净Azure VM连接到该服务器，我刚刚创建了它来测试它。但是，我无法从托管Azure云服务的计算机连接到同一台服务器（相同的.ovpn文件）。

Azure云服务是使用默认网络配置创建的，端口443（TCP）和1194（UDP）上的InputEndpoints，我添加了防火墙例外，允许任何连接到UDP和TCP端口。

然而，当我尝试从Azure VM连接到OpenVPN服务器时，我收到消息：

TLS错误：TLS密钥协商未能在60秒内发生（检查您的网络连接）

除了我应该添加到云服务的防火墙例外之外是否有任何配置，以便它能够连接到使用UDP的OpenVPN服务器？

以下是完整日志：

PS C:\config\config> openvpn .\client.ovpn
Fri Jul 22 15:32:55 2016 Option 'nobind' in .\client.ovpn:46 is ignored by previous <connection> blocks
Fri Jul 22 15:32:55 2016 us=764333 Current Parameter Settings:
Fri Jul 22 15:32:55 2016 us=764333   config = '.\client.ovpn'
Fri Jul 22 15:32:55 2016 us=764333   mode = 0
Fri Jul 22 15:32:55 2016 us=764333   show_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333   show_digests = DISABLED
Fri Jul 22 15:32:55 2016 us=764333   show_engines = DISABLED
Fri Jul 22 15:32:55 2016 us=764333   genkey = DISABLED
Fri Jul 22 15:32:55 2016 us=764333   key_pass_file = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333   show_tls_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 Connection profiles [default]:
Fri Jul 22 15:32:55 2016 us=764333   proto = udp
Fri Jul 22 15:32:55 2016 us=764333   local = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333   local_port = 1194
Fri Jul 22 15:32:55 2016 us=764333   remote = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333   remote_port = 1194
Fri Jul 22 15:32:55 2016 us=764333   remote_float = DISABLED
Fri Jul 22 15:32:55 2016 us=764333   bind_defined = DISABLED
Fri Jul 22 15:32:55 2016 us=795589   bind_local = DISABLED
Fri Jul 22 15:32:55 2016 us=795589   connect_retry_seconds = 5
Fri Jul 22 15:32:55 2016 us=795589   connect_timeout = 10
Fri Jul 22 15:32:55 2016 us=795589 NOTE: --mute triggered...
Fri Jul 22 15:32:55 2016 us=795589 618 variation(s) on previous 20 message(s) suppressed by --mute
Fri Jul 22 15:32:55 2016 us=795589 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan
 4 2016
Fri Jul 22 15:32:55 2016 us=795589 Windows version 6.2 (Windows 8 or greater)
Fri Jul 22 15:32:55 2016 us=795589 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Fri Jul 22 15:32:55 2016 us=983250 Control Channel Authentication: using 'engSimaTef.key' as a OpenVPN static key file
Fri Jul 22 15:32:56 2016 us=3179 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=3179 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=14347 LZO compression initialized
Fri Jul 22 15:32:56 2016 us=14347 Control Channel MTU parms [ L:1602 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Jul 22 15:32:56 2016 us=14347 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jul 22 15:32:56 2016 us=168985 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:143 ET:0 EL:3 AF:3/1 ]
Fri Jul 22 15:32:56 2016 us=168985 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lz
o,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDP
v4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Jul 22 15:32:56 2016 us=168985 Local Options hash (VER=V4): 'a5d50645'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options hash (VER=V4): '14d315e7'
Fri Jul 22 15:32:56 2016 us=168985 UDPv4 link local: [undef]
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 link remote: [AF_INET][[SOME_HIDDEN_IP]]:10055
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Fri Jul 22 15:32:58 2016 us=558842 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:02 2016 us=785774 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:11 2016 us=85405 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 kid
=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:27 2016 us=873602 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network
connectivity)
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS handshake failed
Fri Jul 22 15:33:57 2016 us=129612 TCP/UDP: Closing socket
Fri Jul 22 15:33:57 2016 us=129612 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 22 15:33:57 2016 us=129612 Restart pause, 2 second(s)
Fri Jul 22 15:33:59 2016 us=148186 Re-using SSL/TLS context
Fri Jul 22 15:33:59 2016 us=148186 LZO compression initialized
...

Answer 1

错误告诉OpenVPN试图连接到主机

WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki d=0 pid=[ #1 ] [ ] pid=0 DATA len=0

但尚未收到任何答复：

UDPv4 READ [0] from [undef]: DATA UNDEF len=-1

在5次试用后，客户端停止尝试连接：

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

进程在等待回复的第一个活动中停止：

vpn connection http://core0.staticworld.net/images/idge/imported/article/nww/2007/07/10fig04-100298268-orig.jpg

在这些情况下，可能存在连接问题。过去，一旦问题未启用所需端口，我就遇到了同样的问题。（看看传出和传入的firevall规则。）另一个问题可能是服务器没有运行或无法访问。

TLDR：签出（VPN）服务可用性和防火墙规则。在极端情况下，ISP可能存在路由问题（发生在我的朋友身上），在这种情况下，您应该向他们报告问题并且他们会修复它。

从Azure云服务客户端连接到OpenVPN服务器

1 个答案: