初始化序列完成,但終端不提示
我剛剛使用本教程中的說明
openvpn安裝在遠端CentOS 7伺服器上。我對本教程所做的唯一更改是使用@GarethTheRed 的說明來配置 firewalld而不是 iptables,如本教程的第 4 步所述。
問題是教程以一行客戶端程式碼結束,導致終端無法返回命令提示符(見下文)。 如何從本地 CentOS 7 devbox成功連接
OpenVPN到遠端伺服器?CentOS 7以下是我迄今為止嘗試過的連接步驟:
在本教程的第 6 步結束時,我
yum install openvpn在輸入之前成功地在我的 devbox 上使用了sudo openvpn --config /path/to/client.ovpn.問題是
sudo openvpn --config /path/to/client.ovpn導致列印後終端鎖定Initialization Sequence Completed。完整的輸出是:
[root@localhost ~]# openvpn --config /etc/openvpn/client.ovpn Wed Feb 11 16:46:06 2015 OpenVPN 2.3.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 2 2014 Wed Feb 11 16:46:06 2015 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06 Wed Feb 11 16:46:06 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Feb 11 16:46:06 2015 Socket Buffers: R=[212992->131072] S=[212992->131072] Wed Feb 11 16:46:06 2015 UDPv4 link local: [undef] Wed Feb 11 16:46:06 2015 UDPv4 link remote: [AF_INET]192.96.215.22:1194 Wed Feb 11 16:46:06 2015 TLS: Initial packet from [AF_INET]192.96.215.22:1194, sid=1f320288 ab1f20d3 Wed Feb 11 16:46:07 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SomeTown, O=Fort-Funston, OU=MyOrganizationalUnit, CN=serverdomain.com, name=server, emailAddress=me@somedomain.com Wed Feb 11 16:46:07 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SomeTown, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@somedomain.com Wed Feb 11 16:46:08 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Feb 11 16:46:08 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 11 16:46:08 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Wed Feb 11 16:46:08 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 11 16:46:08 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Wed Feb 11 16:46:08 2015 [server] Peer Connection Initiated with [AF_INET]192.96.215.22:1194 Wed Feb 11 16:46:10 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Wed Feb 11 16:46:10 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Wed Feb 11 16:46:10 2015 OPTIONS IMPORT: timers and/or timeouts modified Wed Feb 11 16:46:10 2015 OPTIONS IMPORT: --ifconfig/up options modified Wed Feb 11 16:46:10 2015 OPTIONS IMPORT: route options modified Wed Feb 11 16:46:10 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Wed Feb 11 16:46:10 2015 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=p4p1 HWADDR=14:fe:b5:aa:57:60 Wed Feb 11 16:46:10 2015 TUN/TAP device tun0 opened Wed Feb 11 16:46:10 2015 TUN/TAP TX queue length set to 100 Wed Feb 11 16:46:10 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Wed Feb 11 16:46:10 2015 /usr/sbin/ip link set dev tun0 up mtu 1500 Wed Feb 11 16:46:10 2015 /usr/sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5 Wed Feb 11 16:46:10 2015 /usr/sbin/ip route add 192.96.215.22/32 via 10.0.0.1 Wed Feb 11 16:46:10 2015 /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.5 Wed Feb 11 16:46:10 2015 /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.5 Wed Feb 11 16:46:10 2015 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5 Wed Feb 11 16:46:10 2015 Initialization Sequence Completed在此輸出的末尾,只有一個游標,但沒有命令提示符。除了列印您在終端螢幕上鍵入的內容外,鍵入游標或按輸入沒有任何效果。
我閱讀了另一個文章,其中描述了類似的錯誤,並指出問題出在 DNS 配置中,但我完全按照教程的 DNS 配置說明進行操作。伺服器還處理由 httpd 提供的對 mydomain.com 的請求。早在添加 OpenVPN 之前,域名註冊商就已經將 mydomain.com 的請求指向伺服器的 IP。這會引起某種衝突嗎?我怎樣才能完成連接?
嘗試使用以下
--daemon選項啟動客戶端:openvpn --daemon從
openvpn的手冊頁:--daemon [progname] Become a daemon after all initialization functions are completed
openvpn要在它是守護程序後與之互動,請將--management選項添加到命令中。這允許您使用此處telnet描述的方式與它進行互動。或者,打開另一個終端並使用它。這樣,您可以通過在原始終端中
openvpn按下來退出執行。CtlC如果客戶端是使用網路管理器的桌面系統,則使用 OpenVPN 外掛從那裡控制它 - 不需要終端。