Windows 11：OpenVPN 服务在启动时无法启动

2024-6-1 • tag-icon

我在 Windows 11 机器的目录中安装了 OpenVPN 配置文件config-auto，以便它在启动时连接到我的 OpenVPN 服务器。

问题是有时在系统启动时，它开始无法连接：

2022-03-11 09:27:38 [server] Inactivity timeout (--ping-restart), restarting
2022-03-11 09:27:38 SIGUSR1[soft,ping-restart] received, process restarting
2022-03-11 09:27:38 Restart pause, 5 second(s)
2022-03-11 09:27:43 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 09:27:43 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 09:27:43 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194
2022-03-11 09:27:43 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-11 09:27:43 UDP link local: (not bound)
2022-03-11 09:27:43 UDP link remote: [AF_INET]<REDACTED>:1194
2022-03-11 09:28:43 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-11 09:28:43 TLS Error: TLS handshake failed
2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting

好像没有互联网连接，但是您可以看到我的以太网接口已启动并连接到互联网：

一旦我重新启动 OpenVPN 服务：

一切开始正常运转：

2022-03-11 09:28:43 TLS Error: TLS handshake failed
2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting

2022-03-11 10:16:36 NOTE: --user option is not implemented on Windows
2022-03-11 10:16:36 NOTE: --group option is not implemented on Windows
2022-03-11 10:16:36 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-03-11 10:16:36 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-03-11 10:16:36 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2022-03-11 10:16:36 Windows version 10.0 (Windows 10 or greater) 64bit
2022-03-11 10:16:36 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2022-03-11 10:16:36 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 10:16:36 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 10:16:36 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194
2022-03-11 10:16:36 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-11 10:16:36 UDP link local: (not bound)
2022-03-11 10:16:36 UDP link remote: [AF_INET]<REDACTED>:1194
2022-03-11 10:16:36 TLS: Initial packet from [AF_INET]<REDACTED>:1194, sid=7818afbf 7c74fa3b
2022-03-11 10:16:36 VERIFY OK: depth=1, <REDACTED>
2022-03-11 10:16:36 VERIFY KU OK
2022-03-11 10:16:36 Validating certificate extended key usage
2022-03-11 10:16:36 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

我推测这是我的 OpenVPN 和以太网接口之间的某种竞争条件。我尝试减少InterfaceMetric以太网接口并增加 OpenVPN 接口，但无济于事：

Get-NetIPInterface

ifIndex InterfaceAlias                  AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
------- --------------                  ------------- ------------ --------------- ----     --------------- -----------
29      vEthernet (WSL)                 IPv6                  1500              15 Enabled  Connected       ActiveStore
12      Ethernet 3                      IPv6                  1500               5 Disabled Disconnected    ActiveStore
10      Local Area Connection* 2        IPv6                  1500              25 Disabled Disconnected    ActiveStore
24      Ethernet                        IPv6                  1500               6 Enabled  Connected       ActiveStore
22      Local Area Connection* 1        IPv6                  1500              25 Disabled Disconnected    ActiveStore
23      OpenVPN                         IPv6                  1500              25 Enabled  Connected       ActiveStore
8       Ethernet 2                      IPv6                  1500               5 Disabled Disconnected    ActiveStore
13      OpenVPN Wintun                  IPv6                 65535               5 Disabled Disconnected    ActiveStore
1       Loopback Pseudo-Interface 1     IPv6            4294967295              75 Disabled Connected       ActiveStore
29      vEthernet (WSL)                 IPv4                  1500              15 Disabled Connected       ActiveStore
12      Ethernet 3                      IPv4                  1500               5 Enabled  Disconnected    ActiveStore
10      Local Area Connection* 2        IPv4                  1500              25 Enabled  Disconnected    ActiveStore
24      Ethernet                        IPv4                  1500               1 Enabled  Connected       ActiveStore
22      Local Area Connection* 1        IPv4                  1500              25 Enabled  Disconnected    ActiveStore
23      OpenVPN                         IPv4                  1500             100 Enabled  Connected       ActiveStore
8       Ethernet 2                      IPv4                  1500               5 Enabled  Disconnected    ActiveStore
13      OpenVPN Wintun                  IPv4                 65535               5 Disabled Disconnected    ActiveStore
1       Loopback Pseudo-Interface 1     IPv4            4294967295              75 Disabled Connected       ActiveStore

我也尝试在 OpenVPN 服务上设置恢复策略，但 Windows 似乎不会将 OpenVPN 服务连接失败视为中断，因此不会重新启动它：

再次强调，这种情况只有五次启动中才会发生一次，大多数情况下都能正常工作。

在整个互联网上搜索，但没有发现其他人遇到此问题。

答案1

尝试将服务启动设置为“延迟”。可能会延迟，但至少可以正常工作。如果仍然不起作用，请尝试使用其他 VPN 客户端。

答案2

我注意到Inactivity timeout了这一点，所以也许这会有所帮助。

打开启动文件夹（按下 Windows+R 然后输入shell:startup），创建一个快捷方式运行ping到互联网上的某个地方，比如说ping 1.1.1.1（ping是运行的应用程序和1.1.1.1是参数）只是为了确保 VPN 不会在启动时被切断。

答案3

所有解决方案都无助于解决问题。

最终卸载了 OpenVPN 社区版，并安装了 OpenVPN Connect 应用程序。

要在启动时启动 OpenVPN Connect：

答案1

答案2

答案3

相关内容