我正在更新我的 OpenVPN 基础设施。我决定将服务器移到 Docker 容器上,并使用椭圆曲线代替 DH+RSA。 无论如何,在构建映像并运行服务器之后,我已经测试了客户端连接,但每次尝试时日志中都会出现相同的错误:
UDPv4 READ [363] from [AF_INET]_._._._:50334: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=277
TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
OpenSSL: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
但在我的配置中,我没有指定密码套件,客户端和服务器都具有相同版本的 openvpn 和 openssl。
服务器配置:
port 45678
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpnhomehub.crt
key /etc/openvpn/keys/vpnhomehub.key
tls-auth /etc/openvpn/keys/auth.key 0
dh none
ecdh-curve sect409r1
crl-verify /etc/openvpn/server/crl.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
max-clients 10
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 6
explicit-exit-notify 1
客户端配置:
client
dev tun
proto udp
remote _._._._ 45678
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client_1.crt
key client_1.key
tls-auth auth.key 1
auth SHA512
verb 7
我已经在网上四处寻找解决方案,但每个解决方案要么不起作用,要么建议从配置文件中删除密码套件。
(我在 Docker 上以主机模式工作)