CentOS7部署OpenVPN后外部无法访问1194端口的排查求助
2026-4-22
CentOS7部署OpenVPN后外部无法访问1194端口的排查求助
大家好,我在CentOS7上部署了OpenVPN服务器,看起来服务已经启动,但外部始终无法访问1194端口,想请大家帮忙排查一下问题。
目前的状态信息:
- 用nmap扫描本机UDP 1194端口的结果:
[root@linux ~]# nmap -sU linux.domain.com -p 1194 Starting Nmap 6.40 ( http://nmap.org ) at 2023-05-16 18:34 CEST Nmap scan report for linux.domain.com (163.179.xxx.xxx) Host is up. PORT STATE SERVICE 1194/udp open|filtered openvpn Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds
openvpn-server@server.service的状态显示正常运行:
[root@linux ~]# systemctl status openvpn-server@server.service ● openvpn-server@server.service - OpenVPN service for server Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2023-05-16 17:42:29 CEST; 45min ago Docs: man:openvpn(8) https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage https://community.openvpn.net/openvpn/wiki/HOWTO Main PID: 18917 (openvpn) Status: "Initialization Sequence Completed" CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service └─18917 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf
- 但
openvpn@server.service显示启动失败:
[root@linux ~]# sudo systemctl status openvpn@server.service ● openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2023-05-16 18:22:50 CEST; 3min 23s ago Process: 22518 ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE) Main PID: 22518 (code=exited, status=1/FAILURE) Status: "Pre-connection initialization successful"
- netstat显示OpenVPN确实在监听UDP 1194端口:
[root@linux ~]# netstat -tulp | grep openvpn udp 0 0 0.0.0.0:openvpn 0.0.0.0:* 18917/openvpn
端口访问问题:
我用外部端口检测工具检查1194端口,结果显示关闭,但我已经在iptables中添加了规则:
iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT
我的server.conf配置:
port 1194 proto udp dev tun user nobody group nobody persist-key persist-tun keepalive 10 120 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option DNS 94.xxx.xxx.xxx" push "dhcp-option DNS 94.xxx.xxx.xxx" push "redirect-gateway def1 bypass-dhcp" dh none ecdh-curve prime256v1 tls-crypt /etc/openvpn/tls-crypt.key crl-verify /etc/openvpn/crl.pem ca /etc/openvpn/ca.crt cert /etc/openvpn/server_szio3MfsApd8cnHE.crt key /etc/openvpn/server_szio3MfsApd8cnHE.key auth SHA256 cipher AES-128-GCM ncp-ciphers AES-128-GCM tls-server tls-version-min 1.2 tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 client-config-dir /etc/openvpn/ccd status /var/log/openvpn/status.log verb 3
请问大家,为什么外部还是无法访问这个端口?可能的问题出在哪里?
谢谢大家!
备注:内容来源于stack exchange,提问作者Raakh
