Debian中ocserv的配置不成功寻找connection attempt has timed out. please verify internet connectivity.
/connection attempt has timed out. please verify internet connectivity.
原文章 http://li5jun.com/article/460.html 介绍了debian下安装ocserv的vpn的方式,由于本人租用的服务器,经常选择或者debian8 ,debian9的系统,有时候不同的系统经常不知道为什么会出现一些原因,所以一直在探索。
比如原文章Debian中ocserv(OpenConnect server)搭建配置教程 有一些太简略的描述 sysctl -w net.ipv4.ip_forward=1 在debian8里用sysctl -p发现并没有写入变量表里,这需要用 /etc/sysctl.conf 查看,主动把
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
这一行给打开。
在用sysctl -p查看可以看到
net.ipv4.ip_forward = 1
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
下面
telnet 47.252.19.141 443
Trying 47.252.19.141...
还是不通,说明443端口对外还是通不了,而在本服务器上
telnet 127.0.0.1 443
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
^CConnection closed by foreign host.
却可以,这说明,防火墙对外并没有打开。查看防火墙
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW udp dpt:https
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
一直没找到原因,决定销毁实例,重新来搭建
阿里云的服务器增加源后,会有些hit失败,所以新添加服务器时先apt-get update &&apt-get upgrade一下
The following packages have unmet dependencies:
libgnutls28-dev : Depends: libgnutls-deb0-28 (= 3.3.8-6~bpo70+1) but 3.3.8-6+deb8u7 is to be installed
Depends: libgnutlsxx28 (= 3.3.8-6~bpo70+1) but it is not going to be installed
Depends: nettle-dev (>= 2.5) but it is not going to be installed
Depends: libtasn1-6-dev (>= 3.9) but it is not going to be installed
Depends: libp11-kit-dev (>= 0.20.7) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
这种错误就挨个安装就是了
这是本来的
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-------------------------------------------------------------------------------
NOTE
There have been some changes starting with 3.2 regarding where and how libnl
is being installed on the system in order to allow multiple libnl versions
to be installed in parallel:
- Headers will be installed in ${prefix}/include/libnl3, therefore
you will need to add "-I/usr/include/libnl3" to CFLAGS
- The library basename was renamed to libnl-3, i.e. the SO names become
libnl-3.so., libnl-route-3.so, etc.
- libtool versioning was assumed, to ease detection of compatible library
versions.
If you are using pkg-config for detecting and linking against the library
things will continue magically as if nothing every happened. If you are
linking manually you need to adapt your Makefiles or switch to using
pkg-config files.
***
*** autogen not found. Will not link against libopts.
***
configure: error: in `/root/ocserv-0.10.9':
configure: error: The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
Alternatively, you may set the environment variables LIBGNUTLS_CFLAGS
and LIBGNUTLS_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
To get pkg-config, see <http://pkg-config.freedesktop.org/>.
See `config.log' for more details
---------------------------------------------------------
configure: error: Package requirements (gnutls >= 3.1.10) were not met:
No package 'gnutls' found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables LIBGNUTLS_CFLAGS
and LIBGNUTLS_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
gnutls-3.4.9
nettle-3.2
p11-kit-0.23.10
libtasn1-4.4
办法就是升级版本,升级版本的新问题就需要安装新的软件来解决。