Debian中ocserv的配置不成功寻找connection attempt has timed out. please verify internet connectivity.

connection attempt has timed out. please verify internet connectivity.

原文章 http://li5jun.com/article/460.html 介绍了debian下安装ocserv的vpn的方式，由于本人租用的服务器，经常选择或者debian8 ，debian9的系统，有时候不同的系统经常不知道为什么会出现一些原因，所以一直在探索。

比如原文章Debian中ocserv(OpenConnect server)搭建配置教程 有一些太简略的描述 sysctl -w net.ipv4.ip_forward=1        在debian8里用sysctl -p发现并没有写入变量表里，这需要用 /etc/sysctl.conf 查看，主动把

# Uncomment the next line to enable packet forwarding for IPv4

net.ipv4.ip_forward=1

这一行给打开。

在用sysctl -p查看可以看到

net.ipv4.ip_forward = 1

vm.swappiness = 0

net.ipv4.neigh.default.gc_stale_time = 120

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

net.ipv4.conf.default.arp_announce = 2

net.ipv4.conf.lo.arp_announce = 2

net.ipv4.conf.all.arp_announce = 2

net.ipv4.tcp_max_tw_buckets = 5000

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 1024

net.ipv4.tcp_synack_retries = 2

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

下面 

telnet 47.252.19.141 443

Trying 47.252.19.141...

还是不通，说明443端口对外还是通不了，而在本服务器上

telnet 127.0.0.1 443

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

^CConnection closed by foreign host.

却可以，这说明，防火墙对外并没有打开。查看防火墙

iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:https

ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:https

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

TCPMSS     tcp  --  anywhere             anywhere             tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination   

一直没找到原因，决定销毁实例，重新来搭建

阿里云的服务器增加源后，会有些hit失败，所以新添加服务器时先apt-get update &&apt-get upgrade一下

The following packages have unmet dependencies:

 libgnutls28-dev : Depends: libgnutls-deb0-28 (= 3.3.8-6~bpo70+1) but 3.3.8-6+deb8u7 is to be installed

                   Depends: libgnutlsxx28 (= 3.3.8-6~bpo70+1) but it is not going to be installed

                   Depends: nettle-dev (>= 2.5) but it is not going to be installed

                   Depends: libtasn1-6-dev (>= 3.9) but it is not going to be installed

                   Depends: libp11-kit-dev (>= 0.20.7) but it is not going to be installed

E: Unable to correct problems, you have held broken packages.

这种错误就挨个安装就是了

这是本来的

 iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination  

-------------------------------------------------------------------------------

                                  NOTE

 There have been some changes starting with 3.2 regarding where and how libnl

 is being installed on the system in order to allow multiple libnl versions

 to be installed in parallel:

    - Headers will be installed in ${prefix}/include/libnl3, therefore

      you will need to add "-I/usr/include/libnl3" to CFLAGS

    - The library basename was renamed to libnl-3, i.e. the SO names become

      libnl-3.so., libnl-route-3.so, etc.

    - libtool versioning was assumed, to ease detection of compatible library

      versions.

 If you are using pkg-config for detecting and linking against the library 

 things will continue magically as if nothing every happened. If you are 

 linking manually you need to adapt your Makefiles or switch to using 

 pkg-config files.

***

*** autogen not found. Will not link against libopts.

*** 

configure: error: in `/root/ocserv-0.10.9':

configure: error: The pkg-config script could not be found or is too old.  Make sure it

is in your PATH or set the PKG_CONFIG environment variable to the full

path to pkg-config.

Alternatively, you may set the environment variables LIBGNUTLS_CFLAGS

and LIBGNUTLS_LIBS to avoid the need to call pkg-config.

See the pkg-config man page for more details.

To get pkg-config, see <http://pkg-config.freedesktop.org/>.

See `config.log' for more details

---------------------------------------------------------

configure: error: Package requirements (gnutls >= 3.1.10) were not met:

No package 'gnutls' found

Consider adjusting the PKG_CONFIG_PATH environment variable if you

installed software in a non-standard prefix.

Alternatively, you may set the environment variables LIBGNUTLS_CFLAGS

and LIBGNUTLS_LIBS to avoid the need to call pkg-config.

See the pkg-config man page for more details.

gnutls-3.4.9

nettle-3.2

p11-kit-0.23.10

libtasn1-4.4

办法就是升级版本，升级版本的新问题就需要安装新的软件来解决。