我尝试从两个不同的位置连接OpenVPN
到远程目的地,一个可以工作,而另一个则不可以。
除了失败位置的行之外,每个日志文件都是相同的Key
。我给出了紧接在之前和之后的行。
2021-04-10 16:53:59 us=572618 [netgear] 使用 [AF_INET]172.88.131.44:12974 发起对等连接 2021-04-10 16:54:00 us=395618 密钥 [AF_INET]172.88.131.44:12974 [0] 尚未初始化,丢弃数据包。2021-04-10 16:54:00 us=395618 管理:>STATE:1618098840,GET_CONFIG,,,,,,
接下来的 16 行日志是相同的。最后一行相同的是该open_tun
行。这就是我在失败的位置看到错误行时的情况:
2021-04-10 16:54:00 us=472616 MANAGEMENT: Client disconnected
2021-04-10 16:54:00 us=472616 Adapter 'NETGEAR-VPN' not found
2021-04-10 16:54:00 us=472616 Exiting due to fatal error
OpenVPN 连接使用两个端口:12973 和 12974。故障端均处于打开状态。我使用了端口转发网络实用程序在客户端验证端口。
故障端的日志文件显示它确实与服务器通信,只是没有继续。我知道这有几个原因。最明显的是子网10.0.0
。该子网位于服务器端。还有其他迹象。
我的猜测是我没有做某事。
- 我在客户端上打开了两个 OpenVPN 端口
- 我安装了OpenVPN GUI v11.23.0.0软件
- 我将配置文件复制到两个系统的配置文件夹中
- 连接(甚至尝试重新启动),只是在同一个地方失败。
(我甚至尝试在客户端导入两个 CRT,尽管我在工作位置上不需要这样做。
工作日志
2021-04-10 16:56:28 us=94634 OpenVPN 2.5.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 24 2021
2021-04-10 16:56:28 us=94634 Windows version 10.0 (Windows 10 or greater) 64bit
2021-04-10 16:56:28 us=94634 library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
Enter Management Password:
2021-04-10 16:56:28 us=97626 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-04-10 16:56:28 us=97626 Need hold release from management interface, waiting...
2021-04-10 16:56:28 us=594298 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-04-10 16:56:28 us=697024 MANAGEMENT: CMD 'state on'
2021-04-10 16:56:28 us=698021 MANAGEMENT: CMD 'log all on'
2021-04-10 16:56:28 us=725947 MANAGEMENT: CMD 'echo all on'
2021-04-10 16:56:28 us=725947 MANAGEMENT: CMD 'bytecount 5'
2021-04-10 16:56:28 us=726944 MANAGEMENT: CMD 'hold off'
2021-04-10 16:56:28 us=726944 MANAGEMENT: CMD 'hold release'
2021-04-10 16:56:28 us=728938 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-04-10 16:56:28 us=742901 LZO compression initializing
2021-04-10 16:56:28 us=742901 Control Channel MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-04-10 16:56:28 us=742901 MANAGEMENT: >STATE:1618098988,RESOLVE,,,,,,
2021-04-10 16:56:28 us=783792 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
2021-04-10 16:56:28 us=783792 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2021-04-10 16:56:28 us=783792 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2021-04-10 16:56:28 us=783792 TCP/UDP: Preserving recently used remote address: [AF_INET]172.88.131.44:12974
2021-04-10 16:56:28 us=783792 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-04-10 16:56:28 us=783792 UDP link local: (not bound)
2021-04-10 16:56:28 us=783792 UDP link remote: [AF_INET]172.88.131.44:12974
2021-04-10 16:56:28 us=783792 MANAGEMENT: >STATE:1618098988,WAIT,,,,,,
2021-04-10 16:56:28 us=840640 MANAGEMENT: >STATE:1618098988,AUTH,,,,,,
2021-04-10 16:56:28 us=840640 TLS: Initial packet from [AF_INET]172.88.131.44:12974, sid=4166d822 29a81d79
2021-04-10 16:56:28 us=953339 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, [email protected]
2021-04-10 16:56:28 us=954336 VERIFY OK: depth=0, CN=netgear
2021-04-10 16:56:29 us=90971 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
2021-04-10 16:56:29 us=90971 [netgear] Peer Connection Initiated with [AF_INET]172.88.131.44:12974
2021-04-10 16:56:30 us=343623 MANAGEMENT: >STATE:1618098990,GET_CONFIG,,,,,,
2021-04-10 16:56:30 us=344620 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
2021-04-10 16:56:30 us=372546 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.0.0.0 255.255.255.0,route-delay 5,route-gateway dhcp,ping 10,ping-restart 120'
2021-04-10 16:56:30 us=372546 OPTIONS IMPORT: timers and/or timeouts modified
2021-04-10 16:56:30 us=372546 OPTIONS IMPORT: route options modified
2021-04-10 16:56:30 us=372546 OPTIONS IMPORT: route-related options modified
2021-04-10 16:56:30 us=372546 Using peer cipher 'AES-128-CBC'
2021-04-10 16:56:30 us=372546 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-04-10 16:56:30 us=372546 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-04-10 16:56:30 us=372546 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-04-10 16:56:30 us=372546 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-04-10 16:56:30 us=373543 interactive service msg_channel=592
2021-04-10 16:56:30 us=374540 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=24 HWADDR=18:c0:4d:2b:bd:2d
2021-04-10 16:56:30 us=381522 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2021-04-10 16:56:30 us=381522 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.0
2021-04-10 16:56:30 us=381522 open_tun
2021-04-10 16:56:30 us=384513 tap-windows6 device [NETGEAR-VPN] opened
2021-04-10 16:56:30 us=384513 TAP-Windows Driver Version 9.24
2021-04-10 16:56:30 us=384513 TAP-Windows MTU=1500
2021-04-10 16:56:30 us=384513 Successful ARP Flush on interface [27] {FBAA17FE-1668-40B7-9A9A-C4DBF374D6AA}
2021-04-10 16:56:30 us=384513 do_ifconfig, ipv4=0, ipv6=0
2021-04-10 16:56:30 us=384513 MANAGEMENT: >STATE:1618098990,ASSIGN_IP,,,,,,
2021-04-10 16:56:31 us=5852 Extracted DHCP router address: 10.0.0.1
2021-04-10 16:56:35 us=4165 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
2021-04-10 16:56:35 us=4165 C:\WINDOWS\system32\route.exe ADD 172.88.131.44 MASK 255.255.255.255 192.168.1.1
2021-04-10 16:56:35 us=5162 Route addition via service succeeded
2021-04-10 16:56:35 us=5162 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.1
2021-04-10 16:56:35 us=7156 Route addition via service succeeded
2021-04-10 16:56:35 us=7156 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.1
2021-04-10 16:56:35 us=8154 Route addition via service succeeded
2021-04-10 16:56:35 us=8154 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-04-10 16:56:35 us=8154 Initialization Sequence Completed
2021-04-10 16:56:35 us=8154 MANAGEMENT: >STATE:1618098995,CONNECTED,SUCCESS,,172.88.131.44,12974,,
失败日志
2021-04-10 16:53:58 us=55586 disable_nbt = DISABLED
2021-04-10 16:53:58 us=55586 OpenVPN 2.5.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 24 2021
2021-04-10 16:53:58 us=55586 Windows version 10.0 (Windows 10 or greater) 64bit
2021-04-10 16:53:58 us=55586 library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10
Enter Management Password:
2021-04-10 16:53:58 us=57586 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-04-10 16:53:58 us=57586 Need hold release from management interface, waiting...
2021-04-10 16:53:58 us=68589 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-04-10 16:53:58 us=198586 MANAGEMENT: CMD 'state on'
2021-04-10 16:53:58 us=204587 MANAGEMENT: CMD 'log all on'
2021-04-10 16:53:58 us=834588 MANAGEMENT: CMD 'echo all on'
2021-04-10 16:53:58 us=848587 MANAGEMENT: CMD 'bytecount 5'
2021-04-10 16:53:58 us=861588 MANAGEMENT: CMD 'hold off'
2021-04-10 16:53:58 us=868586 MANAGEMENT: CMD 'hold release'
2021-04-10 16:53:58 us=870586 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-04-10 16:53:58 us=886587 LZO compression initializing
2021-04-10 16:53:58 us=887588 Control Channel MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-04-10 16:53:58 us=887588 MANAGEMENT: >STATE:1618098838,RESOLVE,,,,,,
2021-04-10 16:53:58 us=942585 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
2021-04-10 16:53:58 us=942585 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2021-04-10 16:53:58 us=942585 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2021-04-10 16:53:58 us=942585 TCP/UDP: Preserving recently used remote address: [AF_INET]172.88.131.44:12974
2021-04-10 16:53:58 us=942585 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-04-10 16:53:58 us=942585 UDP link local: (not bound)
2021-04-10 16:53:58 us=942585 UDP link remote: [AF_INET]172.88.131.44:12974
2021-04-10 16:53:58 us=942585 MANAGEMENT: >STATE:1618098838,WAIT,,,,,,
2021-04-10 16:53:59 us=271616 MANAGEMENT: >STATE:1618098839,AUTH,,,,,,
2021-04-10 16:53:59 us=271616 TLS: Initial packet from [AF_INET]172.88.131.44:12974, sid=625f3ee8 ea11b3a0
2021-04-10 16:53:59 us=419615 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, [email protected]
2021-04-10 16:53:59 us=420615 VERIFY OK: depth=0, CN=netgear
2021-04-10 16:53:59 us=572618 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
2021-04-10 16:53:59 us=572618 [netgear] Peer Connection Initiated with [AF_INET]172.88.131.44:12974
2021-04-10 16:54:00 us=395618 Key [AF_INET]172.88.131.44:12974 [0] not initialized (yet), dropping packet.
2021-04-10 16:54:00 us=395618 MANAGEMENT: >STATE:1618098840,GET_CONFIG,,,,,,
2021-04-10 16:54:00 us=395618 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
2021-04-10 16:54:00 us=431616 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.0.0.0 255.255.255.0,route-delay 5,route-gateway dhcp,ping 10,ping-restart 120'
2021-04-10 16:54:00 us=432619 OPTIONS IMPORT: timers and/or timeouts modified
2021-04-10 16:54:00 us=432619 OPTIONS IMPORT: route options modified
2021-04-10 16:54:00 us=432619 OPTIONS IMPORT: route-related options modified
2021-04-10 16:54:00 us=432619 Using peer cipher 'AES-128-CBC'
2021-04-10 16:54:00 us=432619 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-04-10 16:54:00 us=432619 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-04-10 16:54:00 us=432619 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2021-04-10 16:54:00 us=432619 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-04-10 16:54:00 us=432619 interactive service msg_channel=600
2021-04-10 16:54:00 us=437614 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=14 HWADDR=70:54:d2:7e:23:fb
2021-04-10 16:54:00 us=460617 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2021-04-10 16:54:00 us=460617 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.0.0.0
2021-04-10 16:54:00 us=460617 open_tun
2021-04-10 16:54:00 us=472616 MANAGEMENT: Client disconnected
2021-04-10 16:54:00 us=472616 Adapter 'NETGEAR-VPN' not found
2021-04-10 16:54:00 us=472616 Exiting due to fatal error
有什么想法吗?