无法让 VPN 与我的路由器配合使用,可能是 WPAD 问题

tag-icon tag-icon vpn wireless-router tcpip
无法让 VPN 与我的路由器配合使用,可能是 WPAD 问题

我在 Windows 7 上使用 Cisco Anyconnect VPN 与无线路由器(Belkin F5D8635-4 v1 Wireless N)时遇到了问题。有时可以连接,但通常要等到路由器重置后才能连接。无线网卡是 Realtek RTL8192SE 802.11B/G/N。打开网络监视器,似乎这就是无法连接时发生的情况。

125 5   7:48:44 AM 6/2/2013 2.7738830       PS-THINKPAD     192.168.2.1 DNS DNS:QueryId = 0x1D29, QUERY (Standard query), Query  for vpn.caltech.edu of type Host Addr on class Internet    {DNS:2, UDP:1, IPv4:3}
121 6   7:48:44 AM 6/2/2013 2.7750846       PS-THINKPAD     192.168.2.1 DNS DNS:QueryId = 0xB1DF, QUERY (Standard query), Query  for wpad.Belkin of type Host Addr on class Internet    {DNS:4, UDP:3, IPv4:3}
141 7   7:48:44 AM 6/2/2013 2.7751546       192.168.2.1 PS-THINKPAD     DNS DNS:QueryId = 0x1D29, QUERY (Standard query), Response - Success, 192.41.208.57     {DNS:2, UDP:1, IPv4:3}
196 8   7:48:44 AM 6/2/2013 2.7761219       192.168.2.1 PS-THINKPAD     DNS DNS:QueryId = 0xB1DF, QUERY (Standard query), Response - Name Error     {DNS:4, UDP:3, IPv4:3}

在响应 wpad.Belkin DNS 查询时,在名称错误处停止。恐怕我对 TCP/IP 了解不够,无法理解这意味着什么。不确定这是否是我的 ISP(Virgin Broadband)的问题。我尝试切换到路由器中的 OpenDNS 服务器。另一个路由器也遇到过类似的问题,但我没有查看那个路由器的数据包。发现其他人在其他地方遇到过类似的问题,但没有解决方案。有什么想法吗?谢谢!

顺便说一下,路由器日志看起来像这样 - 意识到大多数端口扫描警报都是假的,但想知道它们是否与分辨率问题有关。

Jun 2 05:58:33 localhost user.crit syslog: User from 192.168.2.2 time out 
Jun 2 06:02:28 localhost local0.info udhcpd[1864]: udhcpd (v0.9.9-pre) started 
Jun 2 06:02:28 localhost local0.info udhcpd[1864]: received REQUEST 
Jun 2 06:02:28 localhost local0.info udhcpd[1864]: sending ACK to 192.168.2.2 
Jun 2 06:02:47 localhost local0.info udhcpd[1864]: received REQUEST 
Jun 2 06:02:47 localhost local0.info udhcpd[1864]: sending ACK to 192.168.2.2 
Jun 2 06:07:28 localhost local0.info udhcpd[1864]: Timed out. Exiting 
Jun 2 06:08:17 localhost local0.info udhcpd[8647]: udhcpd (v0.9.9-pre) started 
Jun 2 06:13:17 localhost local0.info udhcpd[8647]: Timed out. Exiting 
Jun 2 06:13:37 localhost local0.info udhcpd[14800]: udhcpd (v0.9.9-pre) started 
Jun 2 06:18:37 localhost local0.info udhcpd[14800]: Timed out. Exiting 
Jun 2 06:18:53 localhost local0.info udhcpd[20975]: udhcpd (v0.9.9-pre) started 
Jun 2 06:23:53 localhost local0.info udhcpd[20975]: Timed out. Exiting 
Jun 2 06:24:12 localhost local0.info udhcpd[27065]: udhcpd (v0.9.9-pre) started 
Jun 2 06:29:12 localhost local0.info udhcpd[27065]: Timed out. Exiting 
Jun 2 06:29:38 localhost local0.info udhcpd[933]: udhcpd (v0.9.9-pre) started 
Jun 2 06:33:00 localhost user.crit syslog: User from 192.168.2.2 login success ! 
Jun 2 06:34:38 localhost local0.info udhcpd[933]: Timed out. Exiting 
Jun 2 06:34:56 localhost local0.info udhcpd[7117]: udhcpd (v0.9.9-pre) started 
Jun 2 06:39:56 localhost local0.info udhcpd[7117]: Timed out. Exiting 
Jun 2 06:41:07 localhost local0.info udhcpd[14308]: udhcpd (v0.9.9-pre) started 
Jun 2 06:43:14 localhost local0.info udhcpd[14308]: received REQUEST 
Jun 2 06:43:14 localhost local0.info udhcpd[14308]: sending ACK to 192.168.2.2 
Jun 2 06:46:07 localhost local0.info udhcpd[14308]: Timed out. Exiting 
Jun 2 06:46:32 localhost local0.info udhcpd[20535]: udhcpd (v0.9.9-pre) started 
Jun 2 06:46:45 localhost user.crit syslog: User from 192.168.2.2 time out 
Jun 2 06:51:32 localhost local0.info udhcpd[20535]: Timed out. Exiting 
Jun 2 06:52:36 localhost local0.info udhcpd[27617]: udhcpd (v0.9.9-pre) started 
Jun 2 06:57:36 localhost local0.info udhcpd[27617]: Timed out. Exiting 
Jun 2 06:58:19 localhost local0.info udhcpd[1757]: udhcpd (v0.9.9-pre) started 
Jun 2 07:03:19 localhost local0.info udhcpd[1757]: Timed out. Exiting 
Jun 2 07:03:35 localhost local0.info udhcpd[7847]: udhcpd (v0.9.9-pre) started 
Jun 2 07:08:35 localhost local0.info udhcpd[7847]: Timed out. Exiting 
Jun 2 07:09:06 localhost local0.info udhcpd[14284]: udhcpd (v0.9.9-pre) started 
Jun 2 07:14:06 localhost local0.info udhcpd[14284]: Timed out. Exiting 
Jun 2 07:14:26 localhost local0.info udhcpd[20479]: udhcpd (v0.9.9-pre) started 
Jun 2 07:19:26 localhost local0.info udhcpd[20479]: Timed out. Exiting 
Jun 2 07:20:25 localhost local0.info udhcpd[27465]: udhcpd (v0.9.9-pre) started 
Jun 2 07:25:25 localhost local0.info udhcpd[27465]: Timed out. Exiting 
Jun 2 07:25:41 localhost local0.info udhcpd[1148]: udhcpd (v0.9.9-pre) started 
Jun 2 07:30:41 localhost local0.info udhcpd[1148]: Timed out. Exiting 
Jun 2 07:31:04 localhost local0.info udhcpd[7465]: udhcpd (v0.9.9-pre) started 
Jun 2 07:36:04 localhost local0.info udhcpd[7465]: Timed out. Exiting 
Jun 2 07:37:38 localhost local0.info udhcpd[15008]: udhcpd (v0.9.9-pre) started 
Jun 2 07:42:38 localhost local0.info udhcpd[15008]: Timed out. Exiting 
Jun 2 07:44:53 localhost local0.info udhcpd[23354]: udhcpd (v0.9.9-pre) started 
Jun 2 07:46:40 localhost user.crit syslog: User from 192.168.2.2 login success ! 
Jun 2 07:49:53 localhost local0.info udhcpd[23354]: Timed out. Exiting 
Jun 2 07:54:55 localhost local0.info udhcpd[2936]: udhcpd (v0.9.9-pre) started 
Jun 2 07:59:55 localhost local0.info udhcpd[2936]: Timed out. Exiting 
Jun 2 08:04:57 localhost local0.info udhcpd[14605]: udhcpd (v0.9.9-pre) started 
Jun 2 08:09:08 localhost user.crit syslog: User from 192.168.2.2 time out 
Jun 2 08:09:57 localhost local0.info udhcpd[14605]: Timed out. Exiting 
Jun 2 08:12:49 localhost local0.info udhcpd[23749]: udhcpd (v0.9.9-pre) started 
Jun 2 08:17:49 localhost local0.info udhcpd[23749]: Timed out. Exiting 
Jun 2 08:19:49 localhost local0.info udhcpd[31891]: udhcpd (v0.9.9-pre) started 
Jun 2 08:24:49 localhost local0.info udhcpd[31891]: Timed out. Exiting 
Jun 2 08:25:01 localhost local0.info udhcpd[5533]: udhcpd (v0.9.9-pre) started 
Jun 2 08:30:01 localhost local0.info udhcpd[5533]: Timed out. Exiting 
Jun 2 08:35:03 localhost local0.info udhcpd[17262]: udhcpd (v0.9.9-pre) started 
Jun 2 08:37:40 localhost user.crit syslog: User from 192.168.2.2 login success ! 

Firewall log:
Jun 2 03:05:40 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 03:05:41 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 03:05:42 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 03:06:45 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Source port is 33087, and destination port is 61440 which use the UDP protocol. 
Jun 2 03:06:46 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 108.160.162.37. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 03:15:19 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 66.235.142.57. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 03:15:25 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 66.235.142.57. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 03:17:47 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 03:17:48 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 66.235.142.57. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 03:17:50 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 03:17:51 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 03:47:53 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 32.58.65.146. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 04:47:50 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 208.85.209.17. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 05:17:50 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 198.252.206.25. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 05:47:53 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 06:17:51 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol 
Jun 2 06:47:50 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 50.18.252.211. Source port is 33087, and destination port is 61440 which use the TCP protocol. 
Jun 2 07:17:51 localhost user.alert kernel: PORT_SCANNER-ATTACK detected from 194.168.4.100. Use ICMP protocol

编辑:作为参考,这是一个成功的连接。名称错误也发生在那里,但似乎无关紧要。

121 3   9:39:59 AM 6/2/2013 2.4943862       PS-THINKPAD     192.168.2.1 DNS DNS:QueryId = 0x3506, QUERY (Standard query), Query  for wpad.Belkin of type Host Addr on class Internet    {DNS:3, UDP:2, IPv4:1}
392 4   9:39:59 AM 6/2/2013 2.4986302       PS-THINKPAD     255.255.255.255 DHCP    DHCP:Request, MsgType = INFORM, TransactionID = 0x0EF1238D  {DHCP:6, UDP:11, IPv4:1}
196 5   9:39:59 AM 6/2/2013 2.4989521       192.168.2.1 PS-THINKPAD     DNS DNS:QueryId = 0x3506, QUERY (Standard query), Response - Name Error     {DNS:3, UDP:2, IPv4:1}
134 6   9:39:59 AM 6/2/2013 2.4995933       FE80:0:0:0:318A:6E05:B12F:106   FF02:0:0:0:0:0:1:3  LLMNR   LLMNR:QueryId = 0xADB2, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:8, IPv6:7}
114 7   9:39:59 AM 6/2/2013 2.5008695       PS-THINKPAD     224.0.0.252 LLMNR   LLMNR:QueryId = 0xADB2, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:10, IPv4:9}
640 8   9:39:59 AM 6/2/2013 2.5035848       192.168.2.1 PS-THINKPAD     DHCP    DHCP:Reply, MsgType = ACK, TransactionID = 0x0EF1238D   {DHCP:6, UDP:11, IPv4:1}
125 9   9:39:59 AM 6/2/2013 2.5363506       PS-THINKPAD     192.168.2.1 DNS DNS:QueryId = 0xEDCE, QUERY (Standard query), Query  for vpn.caltech.edu of type Host Addr on class Internet    {DNS:13, UDP:12, IPv4:1}
141 10  9:39:59 AM 6/2/2013 2.5377057       192.168.2.1 PS-THINKPAD     DNS DNS:QueryId = 0xEDCE, QUERY (Standard query), Response - Success, 192.41.208.57     {DNS:13, UDP:12, IPv4:1}
134 11  9:39:59 AM 6/2/2013 2.5592248       FE80:0:0:0:318A:6E05:B12F:106   FF02:0:0:0:0:0:1:3  LLMNR   LLMNR:QueryId = 0x9634, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:14, IPv6:7}
114 12  9:39:59 AM 6/2/2013 2.5619238       PS-THINKPAD     224.0.0.252 LLMNR   LLMNR:QueryId = 0x9634, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:15, IPv4:9}
134 13  9:39:59 AM 6/2/2013 2.6067949       FE80:0:0:0:318A:6E05:B12F:106   FF02:0:0:0:0:0:1:3  LLMNR   LLMNR:QueryId = 0xADB2, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:8, IPv6:7}
114 14  9:39:59 AM 6/2/2013 2.6068906       PS-THINKPAD     224.0.0.252 LLMNR   LLMNR:QueryId = 0xADB2, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:10, IPv4:9}
134 15  9:39:59 AM 6/2/2013 2.6692384       FE80:0:0:0:318A:6E05:B12F:106   FF02:0:0:0:0:0:1:3  LLMNR   LLMNR:QueryId = 0x9634, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:14, IPv6:7}
114 16  9:39:59 AM 6/2/2013 2.6693280       PS-THINKPAD     224.0.0.252 LLMNR   LLMNR:QueryId = 0x9634, Standard, Query  for wpad of type Host Addr on class Internet   {UDP:15, IPv4:9}
142 17  9:39:59 AM 6/2/2013 2.8099953   System  PS-THINKPAD     192.168.2.255   NbtNs   NbtNs:Query Request for WPAD   <0x00> Workstation Service   {UDP:17, IPv4:16}
142 18  9:39:59 AM 6/2/2013 2.8722391   System  PS-THINKPAD     192.168.2.255   NbtNs   NbtNs:Query Request for WPAD   <0x00> Workstation Service   {UDP:17, IPv4:16}
142 19  9:40:00 AM 6/2/2013 3.5738980   System  PS-THINKPAD     192.168.2.255   NbtNs   NbtNs:Query Request for WPAD   <0x00> Workstation Service   {UDP:17, IPv4:16}
142 20  9:40:00 AM 6/2/2013 3.6362705   System  PS-THINKPAD     192.168.2.255   NbtNs   NbtNs:Query Request for WPAD   <0x00> Workstation Service   {UDP:17, IPv4:16}
142 21  9:40:01 AM 6/2/2013 4.3382645   System  PS-THINKPAD     192.168.2.255   NbtNs   NbtNs:Query Request for WPAD   <0x00> Workstation Service   {UDP:17, IPv4:16}
142 22  9:40:01 AM 6/2/2013 4.4006818   System  PS-THINKPAD     192.168.2.255   NbtNs   NbtNs:Query Request for WPAD   <0x00> Workstation Service   {UDP:17, IPv4:16}
125 23  9:40:02 AM 6/2/2013 5.2251198       PS-THINKPAD     192.168.2.1 DNS DNS:QueryId = 0x717, QUERY (Standard query), Query  for vpn.caltech.edu of type AAAA on class Internet  {DNS:19, UDP:18, IPv4:1}
181 24  9:40:02 AM 6/2/2013 5.2447957       192.168.2.1 PS-THINKPAD     DNS DNS:QueryId = 0x717, QUERY (Standard query), Response - Success     {DNS:19, UDP:18, IPv4:1}
125 25  9:40:02 AM 6/2/2013 5.2469250       PS-THINKPAD     192.168.2.1 DNS DNS:QueryId = 0x831C, QUERY (Standard query), Query  for vpn.caltech.edu of type AAAA on class Internet {DNS:21, UDP:20, IPv4:1}
181 26  9:40:02 AM 6/2/2013 5.2485386       192.168.2.1 PS-THINKPAD     DNS DNS:QueryId = 0x831C, QUERY (Standard query), Response - Success    {DNS:21, UDP:20, IPv4:1}
116 27  9:40:02 AM 6/2/2013 5.3215829   vpnui.exe   PS-THINKPAD     vpn.caltech.edu TCP TCP:Flags=......S., SrcPort=49200, DstPort=HTTPS(443), PayloadLen=0, Seq=3900950642, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192    {TCP:23, IPv4:22}

答案1

这个问题已经解决了。我做了一些调整,但没有机会单独测试它们(我与另一个使用 BIG-IP Edge Client VPN 工作的人共享连接,它也无法正常工作),所以我将放弃一切 - 希望它能帮助其他遇到同样问题的人。首先,我在路由器上禁用了 UPnP。我在回答别人的问题时发现了这个建议,并怀疑这是罪魁祸首。此外,运行该工具这里显示路由器上 UPnP 的实现不安全,这进一步激发了我的兴趣。我还禁用了 WPS(另一个建议)。我将路由器和 Windows 上的 MTU 大小设置为 1500。我还将路由器设置为仅无线 n(无 b 或 g)。最后,我尝试了几种不同版本的网卡驱动程序,因为它们一直不稳定,并导致间歇性 DRIVER_POWER_STATE_FAILURE BSOD。然而,共享连接的另一个人没有更改他们的驱动程序,所以唯一可能有帮助的方法是,如果我的卡以某种方式绑定了路由器,这似乎不太可能。不幸的是,它并没有帮助提高稳定性,但后来似乎也通过禁用无线网络连接属性中的一些不需要的选项(如 Vlan、链路层发现和 TCP-IP 6)得到了缓解。这不是最令人满意的解决方案,但到目前为止似乎有效(祈祷)。我打算在有时间的时候重新安装一次。

相关内容