OpenVPN với vấn đề Tor trong Linux Distros

Tôi đang cố gắng kết nối với máy chủ OpenVPN thông qua Tor Vớ Proxy.

Tôi đã chỉnh sửa tệp .ovpn thêm socks-proxy 127.0.0.1 và socks-proxy-retry lựa chọn nhưng không thành công.

Đây là vấn đề: Tất cả đều ổn và tôi thấy Initialization Sequence Completed thông báo nhưng sau vài giây, máy khách openvpn cố gắng kết nối lại nhiều lần và báo lỗi hết thời gian 115,

Tôi hiện đang sử dụng Ubuntu 16.04

Đây là nhật ký:

Sat Sep 17 16:38:08 2016 DEPRECATED OPTION: http-proxy-retry and socks-proxy-retry: In OpenVPN 2.4 proxy connection retries are handled like regular connections. Use connect-retry-max 1 to get a similar behavior as before.
Sat Sep 17 16:38:08 2016 OpenVPN 2.3_git x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [IPv6] built on Sep 17 2016
Sat Sep 17 16:38:08 2016 library versions: OpenSSL 1.0.2g-fips  1 Mar 2016, LZO 2.08
Sat Sep 17 16:38:08 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 17 16:38:08 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9050
Sat Sep 17 16:38:08 2016 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sat Sep 17 16:38:08 2016 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9050 [nonblock]
Sat Sep 17 16:38:08 2016 TCP connection established with [AF_INET]127.0.0.1:9050
Sat Sep 17 16:38:08 2016 TCP_CLIENT link local: (not bound)
Sat Sep 17 16:38:08 2016 TCP_CLIENT link remote: [AF_INET]127.0.0.1:9050
Sat Sep 17 16:38:09 2016 TLS: Initial packet from [AF_INET]127.0.0.1:9050, sid=8f81fa06 41348202
Sat Sep 17 16:38:10 2016 VERIFY OK: depth=0, CN=49njfbdc.com, O=m4jhl x3avvp9iijj, C=US
Sat Sep 17 16:38:12 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Sep 17 16:38:12 2016 [49njfbdc.com] Peer Connection Initiated with [AF_INET]127.0.0.1:9050
Sat Sep 17 16:38:13 2016 SENT CONTROL [49njfbdc.com]: 'PUSH_REQUEST' (status=1)
Sat Sep 17 16:38:14 2016 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.73 10.211.1.74,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.74,redirect-gateway def1'
Sat Sep 17 16:38:14 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sat Sep 17 16:38:14 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sat Sep 17 16:38:14 2016 OPTIONS IMPORT: route options modified
Sat Sep 17 16:38:14 2016 OPTIONS IMPORT: route-related options modified
Sat Sep 17 16:38:14 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Sep 17 16:38:14 2016 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Sep 17 16:38:14 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 17 16:38:14 2016 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Sep 17 16:38:14 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Sep 17 16:38:14 2016 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=*hidden* HWADDR=*hidden*
Sat Sep 17 16:38:14 2016 TUN/TAP device tun0 opened
Sat Sep 17 16:38:14 2016 TUN/TAP TX queue length set to 100
Sat Sep 17 16:38:14 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Sep 17 16:38:14 2016 /sbin/ifconfig tun0 10.211.1.73 pointopoint 10.211.1.74 mtu 1500
Sat Sep 17 16:38:14 2016 /sbin/route add -net 127.0.0.1 netmask 255.255.255.255 gw 192.168.1.254
Sat Sep 17 16:38:14 2016 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.211.1.74
Sat Sep 17 16:38:14 2016 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.211.1.74
Sat Sep 17 16:38:14 2016 Initialization Sequence Completed
Sat Sep 17 16:38:24 2016 [49njfbdc.com] Inactivity timeout (--ping-restart), restarting
Sat Sep 17 16:38:24 2016 SIGUSR1[soft,ping-restart] received, process restarting
Sat Sep 17 16:38:24 2016 Restart pause, 5 second(s)
Sat Sep 17 16:38:29 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Sep 17 16:38:29 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9050
Sat Sep 17 16:38:29 2016 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sat Sep 17 16:38:29 2016 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9050 [nonblock]
Sat Sep 17 16:38:29 2016 TCP connection established with [AF_INET]127.0.0.1:9050
Sat Sep 17 16:38:34 2016 recv_socks_reply: TCP port read timeout expired: Operation now in progress (errno=115)
Sat Sep 17 16:38:34 2016 SIGUSR1[soft,init_instance] received, process restarting
Sat Sep 17 16:38:34 2016 Restart pause, 5 second(s)
^CSat Sep 17 16:38:36 2016 /sbin/route del -net 127.0.0.1 netmask 255.255.255.255
Sat Sep 17 16:38:36 2016 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sat Sep 17 16:38:36 2016 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sat Sep 17 16:38:36 2016 Closing TUN/TAP interface
Sat Sep 17 16:38:36 2016 /sbin/ifconfig tun0 0.0.0.0
Sat Sep 17 16:38:36 2016 SIGINT[hard,init_instance] received, process exiting

Đây là tệp .ovpn:

socks-proxy 127.0.0.1 9150
socks-proxy-retry
###############################################################################
# OpenVPN 2.0 Sample Configuration File
# for PacketiX VPN / SoftEther VPN Server
# 
# !!! AUTO-GENERATED BY SOFTETHER VPN SERVER MANAGEMENT TOOL !!!
# 
# !!! YOU HAVE TO REVIEW IT BEFORE USE AND MODIFY IT AS NECESSARY !!!
# 
# This configuration file is auto-generated. You might use this config file
# in order to connect to the PacketiX VPN / SoftEther VPN Server.
# However, before you try it, you should review the descriptions of the file
# to determine the necessity to modify to suitable for your real environment.
# If necessary, you have to modify a little adequately on the file.
# For example, the IP address or the hostname as a destination VPN Server
# should be confirmed.
# 
# Note that to use OpenVPN 2.0, you have to put the certification file of
# the destination VPN Server on the OpenVPN Client computer when you use this
# config file. Please refer the below descriptions carefully.


###############################################################################
# Specify the type of the layer of the VPN connection.
# 
# To connect to the VPN Server as a "Remote-Access VPN Client PC",
#  specify 'dev tun'. (Layer-3 IP Routing Mode)
#
# To connect to the VPN Server as a bridging equipment of "Site-to-Site VPN",
#  specify 'dev tap'. (Layer-2 Ethernet Bridgine Mode)

dev tun


###############################################################################
# Specify the underlying protocol beyond the Internet.
# Note that this setting must be correspond with the listening setting on
# the VPN Server.
# 
# Specify either 'proto tcp' or 'proto udp'.

proto tcp


###############################################################################
# The destination hostname / IP address, and port number of
# the target VPN Server.
# 
# You have to specify as 'remote <HOSTNAME> <PORT>'. You can also
# specify the IP address instead of the hostname.
# 
# Note that the auto-generated below hostname are a "auto-detected
# IP address" of the VPN Server. You have to confirm the correctness
# beforehand.
# 
# When you want to connect to the VPN Server by using TCP protocol,
# the port number of the destination TCP port should be same as one of
# the available TCP listeners on the VPN Server.
# 
# When you use UDP protocol, the port number must same as the configuration
# setting of "OpenVPN Server Compatible Function" on the VPN Server.

remote 180.183.122.187 1639


###############################################################################
# The HTTP/HTTPS proxy setting.
# 
# Only if you have to use the Internet via a proxy, uncomment the below
# two lines and specify the proxy address and the port number.
# In the case of using proxy-authentication, refer the OpenVPN manual.

;http-proxy-retry
;http-proxy [proxy server] [proxy port]


###############################################################################
# The encryption and authentication algorithm.
# 
# Default setting is good. Modify it as you prefer.
# When you specify an unsupported algorithm, the error will occur.
# 
# The supported algorithms are as follows:
#  cipher: [NULL-CIPHER] NULL AES-128-CBC AES-192-CBC AES-256-CBC BF-CBC
#          CAST-CBC CAST5-CBC DES-CBC DES-EDE-CBC DES-EDE3-CBC DESX-CBC
#          RC2-40-CBC RC2-64-CBC RC2-CBC
#  auth:   SHA SHA1 MD5 MD4 RMD160

cipher AES-128-CBC
auth SHA1


###############################################################################
# Other parameters necessary to connect to the VPN Server.
# 
# It is not recommended to modify it unless you have a particular need.

resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
#auth-user-pass


###############################################################################
# The certificate file of the destination VPN Server.
# 
# The CA certificate file is embedded in the inline format.
# You can replace this CA contents if necessary.
# Please note that if the server certificate is not a self-signed, you have to
# specify the signer's root certificate (CA) here.

Kiểm tra proxy vớ với các chương trình khác sử dụng vớ. Nếu chúng hoạt động và OpenVPN thì không, đó là cấu hình OpenVPN của bạn, đó là vấn đề. Mục nhập nhật ký của bạn với [*.opengw.net] có vẻ hơi nghi ngờ - đó không phải là tên máy chủ hợp lệ! Bạn có thể muốn đăng ít nhất một phần của tệp cấu hình của mình ở đây để chúng tôi có thể xem có gì tanh không. (Tôi đã sử dụng OpenVPN được khoảng 8 năm rồi).

Thí dụ: Bạn mở một kết nối telnet thông qua proxy vớ (proxychains?). Mở một phiên tới địa chỉ máy chủ trong ví dụ của bạn, sử dụng số cổng thích hợp. Giao thức là TCP. Nếu kết nối telnet hoạt động (bạn sẽ thấy các ký tự "rác" tại dấu nhắc), điều đó có nghĩa là proxy vớ đang hoạt động bình thường.

Nếu openvpn không thể kết nối, nhưng telnet có thể, thì bạn có thể thiếu thông tin xác thực cho proxy vớ trong tệp OVPN hoặc các phiên bản / triển khai vớ không tương thích.