报错如下
1
| TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
|
多次排查后确认是TLS证书过期,重新生成pki目录下所有证书即可;
命令如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| # 查看Docker镜像
root@controller:/etc/ovpn-data# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a54609fef4f0 kylemanna/openvpn:latest "ovpn_run" 27 minutes ago Up 27 minutes 0.0.0.0:1194->1194/udp ovpn-
# 进入Docker
root@controller:/etc/ovpn-data# docker exec -it ovpn- /bin/bash
bash-5.0#
# 重新配置证书
# your_cloud_server_ipv4替换为自己云服务器的公网IPV4
bash-5.0# cd /etc/openvpn
bash-5.0# rm -rf pki
bash-5.0# easyrsa init-pki
bash-5.0# easyrsa build-ca
bash-5.0# easyrsa gen-req your_cloud_server_ipv4 nopass
bash-5.0# easyrsa sign server your_cloud_server_ipv4
bash-5.0# easyrsa gen-dh
bash-5.0# easyrsa gen-crl
bash-5.0# openvpn --genkey --secret pki/ta.key
# 参照openvpn.sh修改生成证书的路径
bash-5.0# vi /etc/openvpn/openvpn.sh
*************************
key /etc/openvpn/pki/private/your_cloud_server_ipv4.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/your_cloud_server_ipv4.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
**************************
# 退出容器,重启
bash-5.0# exit
root@controller:/etc/ovpn-data# service docker restart
|