我对此不是很有经验,但我已经研究了几天,这让我很抓狂。客户端可以毫无问题地连接,但一旦我输入重定向网关命令,客户端的互联网就会断开。我已经禁用了客户端和服务器上的 Windows 防火墙(只是为了测试)以及防病毒软件。我还在网络设置中启用了互联网共享,在注册表中更改了 Tcpip 参数,在路由器设置中转发了端口,还有一些我可能忘记的事情。我可以从客户端 ping 服务器,但当我尝试 ping google.com 时,我只收到“请求超时”的提示。任何帮助都将不胜感激。
我的服务器配置如下:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.1 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway autolocal def1"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3
explicit-exit-notify 1
客户端配置:
client
dev tun
proto udp
remote REDACTED.ddns.net port 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
comp-lzo
verb 3
服务器日志:
Thu Dec 24 13:01:00 2020 --pull-filter ignored for --mode server
Thu Dec 24 13:01:00 2020 OpenVPN 2.4.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 9 2020
Thu Dec 24 13:01:00 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Dec 24 13:01:00 2020 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
Enter Management Password:
Thu Dec 24 13:01:00 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Dec 24 13:01:00 2020 Need hold release from management interface, waiting...
Thu Dec 24 13:01:00 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Dec 24 13:01:00 2020 MANAGEMENT: CMD 'state on'
Thu Dec 24 13:01:00 2020 MANAGEMENT: CMD 'log all on'
Thu Dec 24 13:01:00 2020 MANAGEMENT: CMD 'echo all on'
Thu Dec 24 13:01:00 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Dec 24 13:01:00 2020 MANAGEMENT: CMD 'hold off'
Thu Dec 24 13:01:00 2020 MANAGEMENT: CMD 'hold release'
Thu Dec 24 13:01:00 2020 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Dec 24 13:01:00 2020 Diffie-Hellman initialized with 2048 bit key
Thu Dec 24 13:01:00 2020 interactive service msg_channel=740
Thu Dec 24 13:01:00 2020 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=11 HWADDR=c4:54:44:38:8b:cf
Thu Dec 24 13:01:00 2020 open_tun
Thu Dec 24 13:01:00 2020 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{31003D98-F013-4AD4-9AE3-57C2DBD62697}.tap
Thu Dec 24 13:01:00 2020 TAP-Windows Driver Version 9.24
Thu Dec 24 13:01:00 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {31003D98-F013-4AD4-9AE3-57C2DBD62697} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Thu Dec 24 13:01:00 2020 Sleeping for 10 seconds...
Thu Dec 24 13:01:10 2020 Successful ARP Flush on interface [7] {31003D98-F013-4AD4-9AE3-57C2DBD62697}
Thu Dec 24 13:01:10 2020 MANAGEMENT: >STATE:1608832870,ASSIGN_IP,,10.8.0.1,,,,
Thu Dec 24 13:01:10 2020 MANAGEMENT: >STATE:1608832870,ADD_ROUTES,,,,,,
Thu Dec 24 13:01:10 2020 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Thu Dec 24 13:01:10 2020 Route addition via service succeeded
Thu Dec 24 13:01:10 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Thu Dec 24 13:01:10 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Dec 24 13:01:10 2020 setsockopt(IPV6_V6ONLY=0)
Thu Dec 24 13:01:10 2020 UDPv6 link local (bound): [AF_INET6][undef]:1194
Thu Dec 24 13:01:10 2020 UDPv6 link remote: [AF_UNSPEC]
Thu Dec 24 13:01:10 2020 MULTI: multi_init called, r=256 v=256
Thu Dec 24 13:01:10 2020 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Thu Dec 24 13:01:10 2020 ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
Thu Dec 24 13:01:10 2020 succeeded -> ifconfig_pool_set()
Thu Dec 24 13:01:10 2020 IFCONFIG POOL LIST
Thu Dec 24 13:01:10 2020 client1,10.8.0.4
Thu Dec 24 13:01:10 2020 Initialization Sequence Completed
Thu Dec 24 13:01:10 2020 MANAGEMENT: >STATE:1608832870,CONNECTED,SUCCESS,10.8.0.1,,,,
Thu Dec 24 13:01:18 2020 X.X.X.X:45479 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:45479, sid=0341f34c f989e42e
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=ChrisVPN, name=changeme, [email protected]
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=client1, name=changeme, [email protected]
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_VER=2.4.9
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_PLAT=win
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_PROTO=2
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_NCP=2
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_LZ4=1
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_LZ4v2=1
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_LZO=1
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_COMP_STUB=1
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_COMP_STUBv2=1
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_TCPNL=1
Thu Dec 24 13:01:20 2020 X.X.X.X:45479 peer info: IV_GUI_VER=OpenVPN_GUI_11
Thu Dec 24 13:01:21 2020 X.X.X.X:45479 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Thu Dec 24 13:01:21 2020 X.X.X.X:45479 [client1] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:45479
Thu Dec 24 13:01:21 2020 client1/X.X.X.X:45479 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Dec 24 13:01:21 2020 client1/X.X.X.X:45479 MULTI: Learn: 10.8.0.6 -> client1/X.X.X.X:45479
Thu Dec 24 13:01:21 2020 client1/X.X.X.X:45479 MULTI: primary virtual IP for client1/X.X.X.X:45479: 10.8.0.6
Thu Dec 24 13:01:22 2020 client1/X.X.X.X:45479 PUSH: Received control message: 'PUSH_REQUEST'
Thu Dec 24 13:01:22 2020 client1/X.X.X.X:45479 SENT CONTROL [client1]: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0,redirect-gateway autolocal def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Dec 24 13:01:22 2020 client1/X.X.X.X:45479 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Dec 24 13:01:22 2020 client1/X.X.X.X:45479 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 24 13:01:22 2020 client1/X.X.X.X:45479 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 24 13:05:01 2020 SENT CONTROL [client1]: 'RESTART' (status=1)
Thu Dec 24 13:05:01 2020 C:\Windows\system32\route.exe DELETE 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Thu Dec 24 13:05:01 2020 Route deletion via service succeeded
Thu Dec 24 13:05:01 2020 Closing TUN/TAP interface
Thu Dec 24 13:05:01 2020 TAP: DHCP address released
Thu Dec 24 13:05:01 2020 SIGTERM[hard,] received, process exiting
Thu Dec 24 13:05:01 2020 MANAGEMENT: >STATE:1608833101,EXITING,SIGTERM,,,,,
客户端日志:
Thu Dec 24 13:29:25 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Thu Dec 24 13:29:25 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Dec 24 13:29:25 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Enter Management Password:
Thu Dec 24 13:29:25 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Dec 24 13:29:25 2020 Need hold release from management interface, waiting...
Thu Dec 24 13:29:26 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Dec 24 13:29:26 2020 MANAGEMENT: CMD 'state on'
Thu Dec 24 13:29:26 2020 MANAGEMENT: CMD 'log all on'
Thu Dec 24 13:29:26 2020 MANAGEMENT: CMD 'echo all on'
Thu Dec 24 13:29:26 2020 MANAGEMENT: CMD 'bytecount 5'
Thu Dec 24 13:29:26 2020 MANAGEMENT: CMD 'hold off'
Thu Dec 24 13:29:26 2020 MANAGEMENT: CMD 'hold release'
Thu Dec 24 13:29:26 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Dec 24 13:29:26 2020 MANAGEMENT: >STATE:1608834566,RESOLVE,,,,,,
Thu Dec 24 13:29:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194
Thu Dec 24 13:29:26 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Dec 24 13:29:26 2020 UDP link local: (not bound)
Thu Dec 24 13:29:26 2020 UDP link remote: [AF_INET]X.X.X.X:1194
Thu Dec 24 13:29:26 2020 MANAGEMENT: >STATE:1608834566,WAIT,,,,,,
Thu Dec 24 13:29:56 2020 MANAGEMENT: >STATE:1608834596,AUTH,,,,,,
Thu Dec 24 13:29:56 2020 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=a9e31f1a 38da3bb3
Thu Dec 24 13:29:56 2020 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=ChrisVPN, name=changeme, [email protected]
Thu Dec 24 13:29:56 2020 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, [email protected]
Thu Dec 24 13:29:56 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Thu Dec 24 13:29:56 2020 [server] Peer Connection Initiated with [AF_INET]X.X.X.X:1194
Thu Dec 24 13:29:57 2020 MANAGEMENT: >STATE:1608834597,GET_CONFIG,,,,,,
Thu Dec 24 13:29:57 2020 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Dec 24 13:29:57 2020 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0,redirect-gateway autolocal def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Thu Dec 24 13:29:57 2020 OPTIONS IMPORT: timers and/or timeouts modified
Thu Dec 24 13:29:57 2020 OPTIONS IMPORT: --ifconfig/up options modified
Thu Dec 24 13:29:57 2020 OPTIONS IMPORT: route options modified
Thu Dec 24 13:29:57 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Dec 24 13:29:57 2020 OPTIONS IMPORT: peer-id set
Thu Dec 24 13:29:57 2020 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu Dec 24 13:29:57 2020 OPTIONS IMPORT: data channel crypto options modified
Thu Dec 24 13:29:57 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Dec 24 13:29:57 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 24 13:29:57 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 24 13:29:57 2020 interactive service msg_channel=0
Thu Dec 24 13:29:57 2020 ROUTE_GATEWAY 172.20.10.1/255.255.255.240 I=22 HWADDR=60:f2:62:12:a9:12
Thu Dec 24 13:29:57 2020 open_tun
Thu Dec 24 13:29:57 2020 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{6ED3C3BB-8204-4F09-814B-308080AC949F}.tap
Thu Dec 24 13:29:57 2020 TAP-Windows Driver Version 9.24
Thu Dec 24 13:29:57 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {6ED3C3BB-8204-4F09-814B-308080AC949F} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Thu Dec 24 13:29:57 2020 Successful ARP Flush on interface [12] {6ED3C3BB-8204-4F09-814B-308080AC949F}
Thu Dec 24 13:29:57 2020 MANAGEMENT: >STATE:1608834597,ASSIGN_IP,,10.8.0.6,,,,
Thu Dec 24 13:30:02 2020 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Dec 24 13:30:02 2020 ROUTE remote_host is NOT LOCAL
Thu Dec 24 13:30:02 2020 C:\WINDOWS\system32\route.exe ADD X.X.X.X MASK 255.255.255.255 172.20.10.1
Thu Dec 24 13:30:02 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=50 and dwForwardType=4
Thu Dec 24 13:30:02 2020 Route addition via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:02 2020 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Dec 24 13:30:02 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Dec 24 13:30:02 2020 Route addition via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:02 2020 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Dec 24 13:30:02 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Dec 24 13:30:02 2020 Route addition via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:02 2020 MANAGEMENT: >STATE:1608834602,ADD_ROUTES,,,,,,
Thu Dec 24 13:30:02 2020 C:\WINDOWS\system32\route.exe ADD 192.168.1.1 MASK 255.255.255.0 10.8.0.5
Thu Dec 24 13:30:02 2020 Warning: address 192.168.1.1 is not a network address in relation to netmask 255.255.255.0
Thu Dec 24 13:30:02 2020 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=12]
Thu Dec 24 13:30:02 2020 Route addition via IPAPI failed [adaptive]
Thu Dec 24 13:30:02 2020 Route addition fallback to route.exe
Thu Dec 24 13:30:02 2020 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Thu Dec 24 13:30:02 2020 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Dec 24 13:30:02 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Dec 24 13:30:02 2020 Route addition via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:02 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Dec 24 13:30:02 2020 Initialization Sequence Completed
Thu Dec 24 13:30:02 2020 MANAGEMENT: >STATE:1608834602,CONNECTED,SUCCESS,10.8.0.6,X.X.X.X,1194,,
Thu Dec 24 13:30:51 2020 C:\WINDOWS\system32\route.exe DELETE 192.168.1.1 MASK 255.255.255.0 10.8.0.5
Thu Dec 24 13:30:51 2020 ROUTE: route deletion failed using DeleteIpForwardEntry: The parameter is incorrect.
Thu Dec 24 13:30:51 2020 Route deletion via IPAPI failed [adaptive]
Thu Dec 24 13:30:51 2020 Route deletion fallback to route.exe
Thu Dec 24 13:30:51 2020 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Thu Dec 24 13:30:51 2020 C:\WINDOWS\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Dec 24 13:30:51 2020 Route deletion via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:51 2020 C:\WINDOWS\system32\route.exe DELETE X.X.X.X MASK 255.255.255.255 172.20.10.1
Thu Dec 24 13:30:51 2020 Route deletion via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:51 2020 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Dec 24 13:30:51 2020 Route deletion via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:51 2020 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Dec 24 13:30:51 2020 Route deletion via IPAPI succeeded [adaptive]
Thu Dec 24 13:30:51 2020 Closing TUN/TAP interface
Thu Dec 24 13:30:51 2020 TAP: DHCP address released
Thu Dec 24 13:30:51 2020 SIGTERM[hard,] received, process exiting
Thu Dec 24 13:30:51 2020 MANAGEMENT: >STATE:1608834651,EXITING,SIGTERM,,,,,
服务器路由表:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.193 25
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 281
10.8.0.0 255.255.255.252 On-link 10.8.0.1 281
10.8.0.1 255.255.255.255 On-link 10.8.0.1 281
10.8.0.3 255.255.255.255 On-link 10.8.0.1 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.193 281
192.168.1.193 255.255.255.255 On-link 192.168.1.193 281
192.168.1.255 255.255.255.255 On-link 192.168.1.193 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.8.0.1 281
224.0.0.0 240.0.0.0 On-link 192.168.1.193 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.8.0.1 281
255.255.255.255 255.255.255.255 On-link 192.168.1.193 281
===========================================================================
Persistent Routes:
None
答案1
我遇到了和你类似的问题。
为了解决这个问题,请比较与 OpenVPN Mobile 的连接,如果从移动设备可以访问互联网,那么您必须在 Windows 端重新安装最新的 OpenVPN 客户端(https://openvpn.net/community-downloads/)
在网络设备上,您必须确保是否检查了默认网关,如下所示: