{"id":922,"date":"2026-06-18T08:29:33","date_gmt":"2026-06-18T00:29:33","guid":{"rendered":"https:\/\/www.suannai.link\/blog\/openvpn%e5%ae%a2%e6%88%b7%e7%ab%af%e9%85%8d%e7%bd%ae%e4%b8%8e%e8%bf%9e%e6%8e%a5%e6%8c%87%e5%8d%97\/"},"modified":"2026-06-18T08:29:33","modified_gmt":"2026-06-18T00:29:33","slug":"openvpn%e5%ae%a2%e6%88%b7%e7%ab%af%e9%85%8d%e7%bd%ae%e4%b8%8e%e8%bf%9e%e6%8e%a5%e6%8c%87%e5%8d%97","status":"publish","type":"post","link":"https:\/\/www.suannai.link\/blog\/openvpn%e5%ae%a2%e6%88%b7%e7%ab%af%e9%85%8d%e7%bd%ae%e4%b8%8e%e8%bf%9e%e6%8e%a5%e6%8c%87%e5%8d%97\/","title":{"rendered":"OpenVPN\u5ba2\u6237\u7aef\u914d\u7f6e\u4e0e\u8fde\u63a5\u6307\u5357"},"content":{"rendered":"

OpenVPN \u5ba2\u6237\u7aef\u914d\u7f6e\u7684\u6838\u5fc3\u5728\u4e8e\u6b63\u786e\u5bfc\u5165\u914d\u7f6e\u6587\u4ef6\uff08.ovpn \u6216 .conf\uff09\u5e76\u5904\u7406\u8bc1\u4e66\u9a8c\u8bc1\u3002\u672c\u6587\u9488\u5bf9\u901a\u7528\u684c\u9762\u4e0e\u79fb\u52a8\u7aef\u5e73\u53f0\uff0c\u68b3\u7406\u4ece\u6587\u4ef6\u83b7\u53d6\u3001\u53c2\u6570\u4fee\u6539\u5230\u8fde\u63a5\u9a8c\u8bc1\u7684\u5b8c\u6574\u6d41\u7a0b\uff0c\u91cd\u70b9\u89e3\u51b3\u8bc1\u4e66\u62a5\u9519\u3001\u534f\u8bae\u51b2\u7a81\u53ca\u8fde\u63a5\u8d85\u65f6\u7b49\u5e38\u89c1\u95ee\u9898\u3002<\/p>\n

\u914d\u7f6e\u6587\u4ef6\u7ed3\u6784\u4e0e\u5bfc\u5165\u65b9\u5f0f<\/h2>\n

OpenVPN \u7684\u914d\u7f6e\u6587\u4ef6\u901a\u5e38\u4ee5\u6587\u672c\u5f62\u5f0f\u5b58\u5728\uff0c\u5305\u542b\u670d\u52a1\u5668\u5730\u5740\u3001\u7aef\u53e3\u3001\u534f\u8bae\u3001\u52a0\u5bc6\u5957\u4ef6\u53ca\u8ba4\u8bc1\u4fe1\u606f\u3002\u4e0d\u540c\u5e73\u53f0\u5bf9\u914d\u7f6e\u6587\u4ef6\u7684\u5bfc\u5165\u673a\u5236\u5b58\u5728\u5dee\u5f02\uff0c\u7406\u89e3\u5176\u7ed3\u6784\u6709\u52a9\u4e8e\u6392\u67e5\u5bfc\u5165\u5931\u8d25\u7684\u95ee\u9898\u3002<\/p>\n

\u914d\u7f6e\u6587\u4ef6\u7684\u5173\u952e\u5b57\u6bb5<\/h3>\n

\u4e00\u4e2a\u6807\u51c6\u7684 OpenVPN \u914d\u7f6e\u6587\u4ef6\u901a\u5e38\u7531\u4e24\u90e8\u5206\u7ec4\u6210\uff1a\u5168\u5c40\u914d\u7f6e\u6307\u4ee4\u548c\u8ba4\u8bc1\u6570\u636e\u5757\u3002<\/p>\n\n\n\n\n\n\n\n\n\n
\u914d\u7f6e\u9879<\/th>\n\u5e38\u89c1\u53c2\u6570\u503c<\/th>\n\u4f5c\u7528\u8bf4\u660e<\/th>\n<\/tr>\n<\/thead>\n
dev<\/td>\ntun \/ tap<\/td>\n\u5b9a\u4e49\u865a\u62df\u7f51\u7edc\u63a5\u53e3\u7c7b\u578b\uff0ctun \u4e3a\u8def\u7531\u6a21\u5f0f\uff0ctap \u4e3a\u6865\u63a5\u6a21\u5f0f\u3002<\/td>\n<\/tr>\n
proto<\/td>\ntcp \/ udp<\/td>\n\u6307\u5b9a\u4f20\u8f93\u534f\u8bae\uff0cUDP \u5ef6\u8fdf\u4f4e\uff0cTCP \u7a7f\u900f\u6027\u5f3a\u3002<\/td>\n<\/tr>\n
remote<\/td>\nIP\/\u57df\u540d \u7aef\u53e3<\/td>\n\u6307\u5b9a\u76ee\u6807\u670d\u52a1\u5668\u7684\u5730\u5740\u548c\u7aef\u53e3\u53f7\u3002<\/td>\n<\/tr>\n
cipher<\/td>\nAES-256-GCM \u7b49<\/td>\n\u5b9a\u4e49\u6570\u636e\u52a0\u5bc6\u7b97\u6cd5\uff0c\u9700\u4e0e\u670d\u52a1\u5668\u7aef\u4e00\u81f4\u3002<\/td>\n<\/tr>\n
ca \/ cert \/ key<\/td>\n\u8bc1\u4e66\u5757\u5185\u5bb9<\/td>\n\u5b58\u653e\u5ba2\u6237\u7aef\u8ba4\u8bc1\u6240\u9700\u7684\u8bc1\u4e66\u548c\u5bc6\u94a5\uff0c\u901a\u5e38\u4ee5 `—–BEGIN…` \u5f00\u5934\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u5728\u5bfc\u5165\u914d\u7f6e\u524d\uff0c\u82e5\u914d\u7f6e\u6587\u4ef6\u62a5\u9519\uff0c\u9996\u5148\u68c0\u67e5 `remote` \u5b57\u6bb5\u662f\u5426\u6307\u5411\u4e86\u6709\u6548\u7684\u670d\u52a1\u5668\u5730\u5740\uff0c\u4ee5\u53ca `proto` \u662f\u5426\u4e0e\u5f53\u524d\u7f51\u7edc\u73af\u5883\u517c\u5bb9\u3002\u90e8\u5206\u4f01\u4e1a\u7ea7\u6216\u7279\u5b9a\u573a\u666f\u4e0b\u7684\u914d\u7f6e\u53ef\u80fd\u5305\u542b `ifconfig` \u6216 `route` \u6307\u4ee4\uff0c\u7528\u4e8e\u5f3a\u5236\u6307\u5b9a\u5ba2\u6237\u7aef IP \u6216\u8def\u7531\u7b56\u7565\uff0c\u4fee\u6539\u8fd9\u4e9b\u53c2\u6570\u9700\u786e\u4fdd\u4e86\u89e3\u5176\u7f51\u7edc\u5f71\u54cd\u3002<\/p>\n

\u684c\u9762\u7aef\u5bfc\u5165\u65b9\u6cd5<\/h3>\n

\u5728 Windows \u548c macOS \u4e0a\uff0c\u901a\u5e38\u901a\u8fc7\u53cc\u51fb `.ovpn` \u6587\u4ef6\u89e6\u53d1\u9ed8\u8ba4\u5ba2\u6237\u7aef\uff08\u5982 OpenVPN Connect\uff09\u8fdb\u884c\u5bfc\u5165\u3002\u82e5\u7cfb\u7edf\u672a\u5173\u8054\u9ed8\u8ba4\u5e94\u7528\uff0c\u9700\u624b\u52a8\u6253\u5f00\u5ba2\u6237\u7aef\uff0c\u9009\u62e9\u201cImport\u201d\u6216\u201c\u6dfb\u52a0\u914d\u7f6e\u6587\u4ef6\u201d\uff0c\u5e76\u6d4f\u89c8\u81f3\u6587\u4ef6\u4fdd\u5b58\u8def\u5f84\u3002<\/p>\n

\u5bfc\u5165\u540e\uff0c\u5ba2\u6237\u7aef\u901a\u5e38\u4f1a\u63d0\u793a\u8f93\u5165\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002\u82e5\u914d\u7f6e\u6587\u4ef6\u5185\u5df2\u5305\u542b `auth-user-pass` \u6307\u4ee4\uff0c\u5219\u5fc5\u987b\u8f93\u5165\u5bf9\u5e94\u7684\u51ed\u636e\uff1b\u82e5\u672a\u5305\u542b\uff0c\u5219\u53ef\u80fd\u4ec5\u9700\u8bc1\u4e66\u8ba4\u8bc1\u3002<\/p>\n

\u79fb\u52a8\u7aef\u5bfc\u5165\u65b9\u6cd5<\/h3>\n

iOS \u548c Android \u5e73\u53f0\u5bf9\u914d\u7f6e\u6587\u4ef6\u7684\u5bfc\u5165\u66f4\u4e3a\u4e25\u683c\uff0c\u901a\u5e38\u8981\u6c42\u901a\u8fc7\u5b98\u65b9\u5e94\u7528\u5546\u5e97\u4e0b\u8f7d\u7684\u5ba2\u6237\u7aef\u8fdb\u884c\u64cd\u4f5c\u3002
\u2022 \u6587\u4ef6\u4f20\u8f93<\/strong>\uff1a\u5c06 `.ovpn` \u6587\u4ef6\u901a\u8fc7\u90ae\u4ef6\u3001\u4e91\u76d8\u6216 AirDrop \u53d1\u9001\u81f3\u624b\u673a\u3002
\u2022 \u5e94\u7528\u5185\u5bfc\u5165<\/strong>\uff1a\u6253\u5f00 OpenVPN Connect \u5e94\u7528\uff0c\u9009\u62e9\u201cAdd Profile\u201d\u6216\u201c\u5bfc\u5165\u914d\u7f6e\u6587\u4ef6\u201d\u3002
\u2022 \u7cfb\u7edf\u6743\u9650<\/strong>\uff1aAndroid \u53ef\u80fd\u9700\u8981\u6388\u4e88\u201c\u865a\u62df\u7f51\u5361\u201d\u6743\u9650\uff0ciOS \u53ef\u80fd\u4f1a\u8bf7\u6c42\u201c\u6dfb\u52a0 VPN \u914d\u7f6e\u201d\u7684\u7cfb\u7edf\u5f39\u7a97\uff0c\u9700\u70b9\u51fb\u201c\u5141\u8bb8\u201d\u4ee5\u5b8c\u6210\u5e95\u5c42\u7f51\u7edc\u63a5\u53e3\u7684\u521b\u5efa\u3002<\/p>\n\n

\u5e38\u89c1\u914d\u7f6e\u53c2\u6570\u8c03\u6574<\/h2>\n

\u9ed8\u8ba4\u914d\u7f6e\u5f80\u5f80\u65e0\u6cd5\u9002\u5e94\u6240\u6709\u7f51\u7edc\u73af\u5883\uff0c\u7279\u522b\u662f\u5728\u7f51\u7edc\u6ce2\u52a8\u8f83\u5927\u6216\u5b58\u5728\u9632\u706b\u5899\u9650\u5236\u7684\u573a\u666f\u4e0b\uff0c\u8c03\u6574\u5173\u952e\u53c2\u6570\u662f\u63d0\u5347\u8fde\u63a5\u6210\u529f\u7387\u7684\u5173\u952e\u3002<\/p>\n

\u534f\u8bae\u9009\u62e9\uff1aTCP \u4e0e UDP<\/h3>\n

\u534f\u8bae\u7684\u9009\u62e9\u76f4\u63a5\u51b3\u5b9a\u8fde\u63a5\u7684\u7a33\u5b9a\u6027\u548c\u5ef6\u8fdf\u8868\u73b0\u3002<\/p>\n

* UDP<\/strong>\uff1a\u901a\u5e38\u4f5c\u4e3a\u9996\u9009\u3002\u7531\u4e8e\u65e0\u8fde\u63a5\u5efa\u7acb\u5f00\u9500\uff0c\u5ef6\u8fdf\u66f4\u4f4e\uff0c\u9002\u5408\u89c6\u9891\u6d41\u5a92\u4f53\u548c\u5b9e\u65f6\u901a\u4fe1\u3002\u4f46\u5728\u9ad8\u4e22\u5305\u7387\u7684\u7f51\u7edc\u4e2d\uff0cUDP \u6570\u636e\u5305\u5bb9\u6613\u4e22\u5931\u5bfc\u81f4\u8fde\u63a5\u4e2d\u65ad\u3002
* TCP<\/strong>\uff1a\u5177\u6709\u91cd\u4f20\u673a\u5236\uff0c\u8fde\u63a5\u66f4\u7a33\u5b9a\u3002\u5728 UDP \u88ab\u5c01\u9501\u6216\u7f51\u7edc\u8d28\u91cf\u6781\u5dee\u65f6\uff0c\u53ef\u5c1d\u8bd5\u5207\u6362\u4e3a TCP\u3002\u4f46\u9700\u6ce8\u610f\uff0c\u82e5\u670d\u52a1\u5668\u7aef\u672a\u5f00\u542f TCP \u76d1\u542c\u7aef\u53e3\uff0c\u5207\u6362\u540e\u5c06\u65e0\u6cd5\u8fde\u63a5\u3002<\/p>\n

\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\uff0c\u5c06 `proto udp` \u4fee\u6539\u4e3a `proto tcp` \u5373\u53ef\u751f\u6548\u3002\u82e5\u4e0d\u786e\u5b9a\u670d\u52a1\u5668\u652f\u6301\u60c5\u51b5\uff0c\u53ef\u89c2\u5bdf\u8fde\u63a5\u65e5\u5fd7\uff0c\u82e5\u51fa\u73b0 `Protocol mismatch` \u9519\u8bef\uff0c\u5219\u8bf4\u660e\u9700\u5207\u6362\u534f\u8bae\u3002<\/p>\n

\u7aef\u53e3\u4e0e\u52a0\u5bc6\u5957\u4ef6<\/h3>\n

\u67d0\u4e9b\u7f51\u7edc\u73af\u5883\u4f1a\u5c01\u9501\u5e38\u89c1\u7aef\u53e3\uff08\u5982 1194\u3001443\u300180\uff09\u3002\u82e5\u9ed8\u8ba4\u7aef\u53e3\u65e0\u6cd5\u8fde\u63a5\uff0c\u9700\u8054\u7cfb\u670d\u52a1\u63d0\u4f9b\u65b9\u83b7\u53d6\u5907\u7528\u7aef\u53e3\u5217\u8868\uff0c\u5e76\u4fee\u6539\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 `remote` \u884c\u3002<\/p>\n

\u6b64\u5916\uff0c\u52a0\u5bc6\u5957\u4ef6\uff08cipher\uff09\u5fc5\u987b\u4e0e\u670d\u52a1\u5668\u7aef\u5b8c\u5168\u4e00\u81f4\u3002\u82e5\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 cipher \u88ab\u670d\u52a1\u5668\u62d2\u7edd\uff0c\u65e5\u5fd7\u4e2d\u901a\u5e38\u4f1a\u51fa\u73b0 `TLS Error: TLS key negotiation failed`\u3002\u6b64\u65f6\u9700\u68c0\u67e5\u914d\u7f6e\u6587\u4ef6\u662f\u5426\u8fc7\u65f6\uff0c\u6216\u8054\u7cfb\u63d0\u4f9b\u65b9\u786e\u8ba4\u5f53\u524d\u7684\u52a0\u5bc6\u7b97\u6cd5\u652f\u6301\u5217\u8868\uff08\u5982 AES-256-GCM, ChaCha20-Poly1305 \u7b49\uff09\u3002<\/p>\n

\u8bc1\u4e66\u9a8c\u8bc1\u4e0e\u62a5\u9519\u5904\u7406<\/h2>\n

OpenVPN \u8fde\u63a5\u5931\u8d25\u7684\u6700\u5927\u539f\u56e0\u4e4b\u4e00\u662f\u8bc1\u4e66\u9a8c\u8bc1\u9519\u8bef\u3002OpenVPN \u4f7f\u7528\u975e\u5bf9\u79f0\u52a0\u5bc6\u4f53\u7cfb\uff0c\u5ba2\u6237\u7aef\u5fc5\u987b\u4fe1\u4efb\u670d\u52a1\u5668\u63d0\u4f9b\u7684 CA \u8bc1\u4e66\uff0c\u4e14\u670d\u52a1\u5668\u9700\u9a8c\u8bc1\u5ba2\u6237\u7aef\u8bc1\u4e66\u7684\u6709\u6548\u6027\u3002<\/p>\n

\u5e38\u89c1\u8bc1\u4e66\u9519\u8bef\u53ca\u89e3\u51b3<\/h3>\n

<\/p>\n\n\n\n\n\n\n\n\n
\u9519\u8bef\u8868\u73b0<\/th>\n\u53ef\u80fd\u539f\u56e0<\/th>\n\u5904\u7406\u5efa\u8bae<\/th>\n<\/tr>\n<\/thead>\n
`TLS Error: TLS key negotiation failed`<\/td>\n\u534f\u8bae\u3001\u7aef\u53e3\u6216\u52a0\u5bc6\u5957\u4ef6\u4e0d\u5339\u914d<\/td>\n\u68c0\u67e5 `proto`\u3001`remote` \u7aef\u53e3\u53ca `cipher` \u914d\u7f6e\u3002<\/td>\n<\/tr>\n
`SSL_connect: error:14090086`<\/td>\n\u8bc1\u4e66\u94fe\u4e0d\u5b8c\u6574\u6216 CA \u8bc1\u4e66\u8fc7\u671f<\/td>\n\u786e\u8ba4\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 `ca` \u5757\u5185\u5bb9\u5b8c\u6574\uff0c\u672a\u622a\u65ad\u3002<\/td>\n<\/tr>\n
`Auth: Certificate rejected`<\/td>\n\u5ba2\u6237\u7aef\u8bc1\u4e66\u88ab\u540a\u9500\u6216\u672a\u6388\u6743<\/td>\n\u68c0\u67e5\u5ba2\u6237\u7aef\u8bc1\u4e66\uff08`cert`\uff09\u548c\u79c1\u94a5\uff08`key`\uff09\u662f\u5426\u5bf9\u5e94\uff0c\u6216\u8054\u7cfb\u63d0\u4f9b\u65b9\u91cd\u65b0\u7b7e\u53d1\u3002<\/td>\n<\/tr>\n
`Initialization Sequence Completed`<\/td>\n\u8fde\u63a5\u770b\u4f3c\u6210\u529f\u4f46\u65e0\u6cd5\u4e0a\u7f51<\/td>\n\u8def\u7531\u914d\u7f6e\u9519\u8bef\uff08TAP\/TUN \u6a21\u5f0f\u6df7\u6dc6\uff09\u6216 DNS \u672a\u8f6c\u53d1\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n

\u8bc1\u4e66\u5757\u5b8c\u6574\u6027\u68c0\u67e5<\/h3>\n

\u5728\u6587\u672c\u7f16\u8f91\u5668\u4e2d\u6253\u5f00\u914d\u7f6e\u6587\u4ef6\uff0c\u68c0\u67e5 `—–BEGIN CERTIFICATE—–` \u5230 `—–END CERTIFICATE—–` \u4e4b\u95f4\u7684\u5185\u5bb9\u662f\u5426\u5b8c\u6574\u3002\u82e5\u6587\u4ef6\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u88ab\u622a\u65ad\uff0c\u8bc1\u4e66\u5c06\u65e0\u6cd5\u89e3\u6790\u3002<\/p>\n

\u7279\u522b\u6ce8\u610f `ca`\uff08\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff09\u3001`cert`\uff08\u5ba2\u6237\u7aef\u8bc1\u4e66\uff09\u548c `key`\uff08\u5ba2\u6237\u7aef\u79c1\u94a5\uff09\u4e09\u4e2a\u5757\u3002\u82e5\u914d\u7f6e\u6587\u4ef6\u4e2d\u4f7f\u7528\u4e86\u5916\u90e8\u5f15\u7528\uff08\u5982 `ca ca.crt`\uff09\uff0c\u9700\u786e\u4fdd\u8fd9\u4e9b\u5916\u90e8\u6587\u4ef6\u4e0e `.ovpn` \u6587\u4ef6\u5728\u540c\u4e00\u76ee\u5f55\u4e0b\uff0c\u6216\u4fee\u6539\u4e3a\u7edd\u5bf9\u8def\u5f84\u3002<\/p>\n

\u8fde\u63a5\u9a8c\u8bc1\u4e0e\u7f51\u7edc\u6392\u67e5<\/h2>\n

\u8fde\u63a5\u5efa\u7acb\u540e\uff0c\u9700\u901a\u8fc7\u591a\u79cd\u624b\u6bb5\u9a8c\u8bc1\u96a7\u9053\u662f\u5426\u771f\u6b63\u751f\u6548\uff0c\u4ee5\u53ca\u7f51\u7edc\u6d41\u91cf\u662f\u5426\u88ab\u6b63\u786e\u8def\u7531\u3002<\/p>\n

\u672c\u5730\u63a5\u53e3\u72b6\u6001\u68c0\u67e5<\/h3>\n

\u5728 Windows \u4e0a\uff0c\u6253\u5f00\u201c\u7f51\u7edc\u548c\u5171\u4eab\u4e2d\u5fc3\u201d -> \u201c\u66f4\u6539\u9002\u914d\u5668\u8bbe\u7f6e\u201d\uff0c\u67e5\u770b\u662f\u5426\u51fa\u73b0\u540d\u4e3a\u201cOpenVPN\u201d\u6216\u201cTAP-Windows\u201d\u7684\u865a\u62df\u7f51\u5361\uff0c\u4e14\u72b6\u6001\u4e3a\u201c\u5df2\u542f\u7528\u201d\u3002<\/p>\n

\u5728 macOS \u4e0a\uff0c\u53ef\u901a\u8fc7\u7ec8\u7aef\u8f93\u5165 `ifconfig`\uff0c\u67e5\u627e\u4ee5 `tun` \u5f00\u5934\u7684\u63a5\u53e3\uff0c\u786e\u8ba4\u5176\u5df2\u5206\u914d IP \u5730\u5740\u3002<\/p>\n

\u82e5\u865a\u62df\u7f51\u5361\u672a\u51fa\u73b0\uff0c\u901a\u5e38\u610f\u5473\u7740\u914d\u7f6e\u5bfc\u5165\u5931\u8d25\u6216\u5ba2\u6237\u7aef\u670d\u52a1\u672a\u542f\u52a8\u3002\u91cd\u542f\u5ba2\u6237\u7aef\u6216\u68c0\u67e5\u7cfb\u7edf\u65e5\u5fd7\uff08Windows \u4e8b\u4ef6\u67e5\u770b\u5668 \/ macOS Console\uff09\u4ee5\u83b7\u53d6\u8be6\u7ec6\u9519\u8bef\u4fe1\u606f\u3002<\/p>\n

\u8def\u7531\u4e0e DNS \u6d4b\u8bd5<\/h3>\n

\u8fde\u63a5\u6210\u529f\u540e\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u8def\u7531\u8868\uff1a<\/p>\n

* Windows<\/strong>: `route print`
* macOS\/Linux<\/strong>: `netstat -rn` \u6216 `ip route`<\/p>\n

\u68c0\u67e5\u662f\u5426\u51fa\u73b0\u4e86\u6307\u5411\u865a\u62df\u7f51\u5361\uff08\u5982 `10.8.0.x` \u6216 `172.16.0.x`\uff09\u7684\u8def\u7531\u6761\u76ee\u3002\u82e5\u672a\u51fa\u73b0\uff0c\u53ef\u80fd\u662f\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 `redirect-gateway` \u6307\u4ee4\u7f3a\u5931\u6216\u5931\u6548\uff0c\u5bfc\u81f4\u6d41\u91cf\u672a\u5b8c\u5168\u8d70\u96a7\u9053\u3002<\/p>\n

DNS \u6d4b\u8bd5\u540c\u6837\u91cd\u8981\u3002\u5728\u7ec8\u7aef\u6267\u884c `nslookup google.com`\uff0c\u82e5\u8fd4\u56de\u7684 IP \u5730\u5740\u4e3a\u5883\u5916 IP\uff0c\u5219\u8bf4\u660e DNS \u6cc4\u9732\u98ce\u9669\u8f83\u4f4e\uff1b\u82e5\u8fd4\u56de\u672c\u5730 DNS \u89e3\u6790\u7ed3\u679c\uff0c\u5219\u53ef\u80fd\u5b58\u5728 DNS \u6cc4\u9732\uff0c\u9700\u5728\u5ba2\u6237\u7aef\u8bbe\u7f6e\u4e2d\u542f\u7528\u201cUse custom DNS\u201d\u6216\u68c0\u67e5\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684 `dhcp-option DNS` \u6307\u4ee4\u3002<\/p>\n

\u5e38\u89c1\u95ee\u9898\u5feb\u901f\u6392\u67e5<\/h2>\n

\u5728\u5b9e\u9645\u4f7f\u7528\u4e2d\uff0c\u7528\u6237\u5e38\u9047\u5230\u8fde\u63a5\u4e0d\u7a33\u5b9a\u6216\u95f4\u6b47\u6027\u65ad\u8fde\u7684\u60c5\u51b5\u3002\u4ee5\u4e0b\u662f\u57fa\u4e8e\u7f51\u7edc\u73af\u5883\u7684\u901a\u7528\u6392\u67e5\u601d\u8def\u3002<\/p>\n

\u7f51\u7edc\u73af\u5883\u5e72\u6270<\/h3>\n

\u82e5\u8fde\u63a5\u5728\u7279\u5b9a Wi-Fi \u6216\u516c\u53f8\u5185\u7f51\u4e0b\u9891\u7e41\u65ad\u5f00\uff0c\u53ef\u80fd\u662f\u9632\u706b\u5899\u6df1\u5ea6\u5305\u68c0\u6d4b\uff08DPI\uff09\u5e72\u6270\u4e86 OpenVPN \u7684 TLS \u63e1\u624b\u8fc7\u7a0b\u3002<\/p>\n

* \u5c1d\u8bd5\u4fee\u6539 MTU<\/strong>\uff1a\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6dfb\u52a0 `fragment 1300` \u6216 `mssfix 1300`\uff0c\u51cf\u5c0f\u6570\u636e\u5305\u5927\u5c0f\uff0c\u907f\u514d\u5206\u7247\u5bfc\u81f4\u7684\u4e22\u5305\u3002
* \u5207\u6362\u534f\u8bae<\/strong>\uff1a\u5982\u524d\u6240\u8ff0\uff0c\u4ece UDP \u5207\u6362\u81f3 TCP\uff0c\u6216\u53cd\u4e4b\uff0c\u4ee5\u7ed5\u8fc7\u7279\u5b9a\u7aef\u53e3\u7684\u5c01\u9501\u3002<\/p>\n

\u5ba2\u6237\u7aef\u7248\u672c\u517c\u5bb9\u6027<\/h3>\n

\u65e7\u7248\u672c\u7684 OpenVPN<\/a> \u5ba2\u6237\u7aef\u53ef\u80fd\u4e0d\u652f\u6301\u8f83\u65b0\u7684\u52a0\u5bc6\u7b97\u6cd5\uff08\u5982 AES-GCM\uff09\u6216 TLS \u7248\u672c\uff08\u5982 TLS 1.3\uff09\u3002\u82e5\u8fde\u63a5\u65e5\u5fd7\u63d0\u793a `Unsupported protocol` \u6216 `Cipher mismatch`\uff0c\u8bf7\u66f4\u65b0\u5ba2\u6237\u7aef\u81f3\u6700\u65b0\u7248\u672c\u3002<\/p>\n

\u540c\u65f6\uff0c\u786e\u4fdd\u64cd\u4f5c\u7cfb\u7edf\u672c\u8eab\u7684\u5b89\u5168\u7b56\u7565\u672a\u963b\u6b62 OpenVPN \u670d\u52a1\u3002Windows Defender \u9632\u706b\u5899\u6216 macOS \u7684\u201c\u9632\u706b\u5899\u201d\u8bbe\u7f6e\u53ef\u80fd\u9700\u8981\u624b\u52a8\u5141\u8bb8 OpenVPN Connect \u8fdb\u884c\u7f51\u7edc\u901a\u4fe1\u3002<\/p>\n

\u591a\u7f51\u5361\u51b2\u7a81<\/h3>\n

\u5f53\u8bbe\u5907\u540c\u65f6\u8fde\u63a5 Wi-Fi \u548c\u6709\u7ebf\u7f51\u7edc\uff0c\u6216\u542f\u7528\u865a\u62df\u7f51\u5361\uff08\u5982 VMware\u3001Docker\uff09\u65f6\uff0c\u8def\u7531\u8868\u53ef\u80fd\u51b2\u7a81\uff0c\u5bfc\u81f4\u8fde\u63a5\u4e0d\u7a33\u5b9a\u3002<\/p>\n

\u89e3\u51b3\u65b9\u6cd5\u662f\u5728 OpenVPN \u5ba2\u6237\u7aef\u7684\u9ad8\u7ea7\u8bbe\u7f6e\u4e2d\uff0c\u542f\u7528\u201cRoute Metric\u201d\uff08\u8def\u7531\u5ea6\u91cf\u503c\uff09\uff0c\u5c06 OpenVPN \u63a5\u53e3\u7684\u4f18\u5148\u7ea7\u8bbe\u7f6e\u4e3a\u6700\u9ad8\uff08\u6570\u503c\u6700\u5c0f\uff09\uff0c\u786e\u4fdd\u6d41\u91cf\u4f18\u5148\u901a\u8fc7\u96a7\u9053\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

OpenVPN \u5ba2\u6237\u7aef\u914d\u7f6e\u7684\u6838\u5fc3\u5728\u4e8e\u6b63\u786e\u5bfc\u5165\u914d\u7f6e\u6587\u4ef6\uff08.ovpn \u6216 .conf\uff09\u5e76\u5904\u7406\u8bc1\u4e66\u9a8c\u8bc1\u3002\u672c\u6587\u9488\u5bf9\u901a\u7528 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-922","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/posts\/922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/comments?post=922"}],"version-history":[{"count":0,"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/posts\/922\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/media?parent=922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/categories?post=922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.suannai.link\/blog\/wp-json\/wp\/v2\/tags?post=922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}