OpenVPN:Windows 7 x64 客户端无法看到远程 LAN,但 XP 客户端可以

tag-icon tag-icon windows-xp routing openvpn windows-7
OpenVPN:Windows 7 x64 客户端无法看到远程 LAN,但 XP 客户端可以

我正在将 OpenVPN 2.1.1 与 Windows XP x86 SP3 和 Windows 7 x64 客户端连接到包含 OpenVPN 2.1-rc15 的 Endian Community 2.4.0 盒。

两者连接都很好,但无法从 Windows 7 访问绿色 LAN 上的资源,但适用于 XP。
因此:我可以通过 VPN ping 推送网络上的主机,但使用 Windows7 我只能 ping 防火墙绿色 IP 地址。

编辑:我已尝试route-method exe/route-delay 2技巧,但并未解决问题。

关于 Endian 配置的更多细节(尝试了 2.2 和 2.4,均失败):

红色=192.168.100.25;192.168.71.25
绿色=176.16.41.1
橙色=176.16.141.1

它基本上作为 OpenVPN 服务器运行,在红色提供服务,在绿色提供访问。

在 Windows XP 上,我使用默认OpenVPN 2.1.1 安装,使用 OpenVPN GUI(包含在安装中),一切都很顺利。

在 Windows 7 x64 上,我运行相同的程序,但现在以管理员身份使用 OpenVPN GUI。
它只能 ping 绿色网关,但不能 ping 其他机器。

Windows 7 日志:

Tue Aug 10 18:50:15 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Tue Aug 10 18:50:23 2010 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 10 18:50:23 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 10 18:50:24 2010 LZO compression initialized
Tue Aug 10 18:50:24 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 10 18:50:24 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Aug 10 18:50:24 2010 Local Options hash (VER=V4): '31fdf004'
Tue Aug 10 18:50:24 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Aug 10 18:50:24 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 TCP connection established with 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link local: [undef]
Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 TLS: Initial packet from 192.168.71.25:1194, sid=165d50de 52c0ecba
Tue Aug 10 18:50:24 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 10 18:50:24 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Tue Aug 10 18:50:24 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 18:50:24 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 10 18:50:24 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Tue Aug 10 18:50:26 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Tue Aug 10 18:50:27 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: route-related options modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 10 18:50:27 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap
Tue Aug 10 18:50:27 2010 TAP-Win32 Driver Version 9.6
Tue Aug 10 18:50:27 2010 TAP-Win32 MTU=1500
Tue Aug 10 18:50:27 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Tue Aug 10 18:50:27 2010 Successful ARP Flush on interface [34] {F3F5E8A1-1797-4FA8-902E-3895A2163148}
Tue Aug 10 18:50:32 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue Aug 10 18:50:32 2010 Initialization Sequence Completed[/code]

Windows 7 路由表:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.71.1   192.168.71.160     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link   169.254.100.145    276
  169.254.100.145  255.255.255.255         On-link   169.254.100.145    276
  169.254.255.255  255.255.255.255         On-link   169.254.100.145    276
      172.16.41.0    255.255.255.0         On-link     172.16.41.209    286
    172.16.41.209  255.255.255.255         On-link     172.16.41.209    286
    172.16.41.255  255.255.255.255         On-link     172.16.41.209    286
     192.168.71.0    255.255.255.0         On-link    192.168.71.160    276
   192.168.71.160  255.255.255.255         On-link    192.168.71.160    276
   192.168.71.255  255.255.255.255         On-link    192.168.71.160    276
    192.168.237.0    255.255.255.0         On-link     192.168.237.1    276
    192.168.237.1  255.255.255.255         On-link     192.168.237.1    276
  192.168.237.255  255.255.255.255         On-link     192.168.237.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.71.160    276
        224.0.0.0        240.0.0.0         On-link   169.254.100.145    276
        224.0.0.0        240.0.0.0         On-link     192.168.237.1    276
        224.0.0.0        240.0.0.0         On-link     172.16.41.209    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.71.160    276
  255.255.255.255  255.255.255.255         On-link   169.254.100.145    276
  255.255.255.255  255.255.255.255         On-link     192.168.237.1    276
  255.255.255.255  255.255.255.255         On-link     172.16.41.209    286
===========================================================================

(您可以忽略这些路由,因为它们来自在同一台机器上运行的 VMware 工作站: - 192.168.237.0/24 - 169.254.0.0/16 )

Windows XP 日志:

Tue Aug 10 19:01:04 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Tue Aug 10 19:01:06 2010 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 10 19:01:06 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 10 19:01:07 2010 LZO compression initialized
Tue Aug 10 19:01:07 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 10 19:01:07 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Aug 10 19:01:07 2010 Local Options hash (VER=V4): '31fdf004'
Tue Aug 10 19:01:07 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Aug 10 19:01:07 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 TCP connection established with 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link local: [undef]
Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 TLS: Initial packet from 192.168.71.25:1194, sid=983b94eb 87732d38
Tue Aug 10 19:01:07 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 10 19:01:07 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Tue Aug 10 19:01:07 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 19:01:07 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 10 19:01:07 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Tue Aug 10 19:01:09 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Tue Aug 10 19:01:10 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.201 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: route-related options modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 10 19:01:10 2010 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{C4752F65-93BA-4DED-A1FE-2633F1481ABF}.tap
Tue Aug 10 19:01:10 2010 TAP-Win32 Driver Version 9.6
Tue Aug 10 19:01:10 2010 TAP-Win32 MTU=1500
Tue Aug 10 19:01:10 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.201/255.255.255.0 on interface {C4752F65-93BA-4DED-A1FE-2633F1481ABF} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Tue Aug 10 19:01:10 2010 Successful ARP Flush on interface [2] {C4752F65-93BA-4DED-A1FE-2633F1481ABF}
Tue Aug 10 19:01:15 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Tue Aug 10 19:01:15 2010 Route: Waiting for TUN/TAP interface to come up...
Tue Aug 10 19:01:18 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue Aug 10 19:01:18 2010 Initialization Sequence Completed

XP路由表:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.237.2  192.168.237.128      10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      172.16.41.0    255.255.255.0    172.16.41.201   172.16.41.201       30
    172.16.41.201  255.255.255.255        127.0.0.1       127.0.0.1       30
   172.16.255.255  255.255.255.255    172.16.41.201   172.16.41.201       30
    192.168.237.0    255.255.255.0  192.168.237.128  192.168.237.128      10
  192.168.237.128  255.255.255.255        127.0.0.1       127.0.0.1       10
  192.168.237.255  255.255.255.255  192.168.237.128  192.168.237.128      10
        224.0.0.0        240.0.0.0    172.16.41.201   172.16.41.201       30
        224.0.0.0        240.0.0.0  192.168.237.128  192.168.237.128      10
  255.255.255.255  255.255.255.255    172.16.41.201   172.16.41.201       1
  255.255.255.255  255.255.255.255  192.168.237.128  192.168.237.128      1
Default Gateway:     192.168.237.2
===========================================================================

谁知道出了什么问题?

--杰伦

答案1

好吧,我也遇到了同样的问题。尝试了所有方法,例如启用文件共享、设置相同的工作组等。除了这个之外,没有其他办法:

我注意到设备管理器中有多个网络适配器。所有适配器均已隐藏,因此必须单击“查看”并启用隐藏设备。

它们全都命名为 ...4to6 适配器。当我移除所有这些适配器后,我的文件/打印机共享和与 XP 客户端的网络连接在重启后开始工作。如果这些适配器数量巨大,则必须将它们全部移除。可以使用适当的(32 位或 64 位版本)工具 DEVCON.EXE(它是 Windows 驱动程序工具包的一部分 - 下载详细信息:Windows 驱动程序工具包版本 7.1.0)来完成此操作。更多信息可在此处找到。DevCon 命令行实用程序可作为设备管理器的替代品。

我在这里找到了这个解决方案:http://ryanvictory.com/posts/automating-6to4-adapter-removal-in-windows/

答案2

我解决了我的问题:这是一个测试用例错误。

Windows XP 正在连接到物理 Endian 盒。Windows
7 x64 正在连接到虚拟 Endian 盒。

虚拟盒在 VMware ESX/ESXi 上运行,使用虚拟网络交换机。
我忘了启用混杂模式对于该开关。

启用该功能后问题得到解决。

--杰伦

相关内容