Windows Server 中的 OpenVPN 服务器未更改 IP 地址

tag-icon tag-icon windows vpn openvpn nat windows-server-2019
Windows Server 中的 OpenVPN 服务器未更改 IP 地址

我是 OpenVPN 新手。我已经为我的 Windows Server 2019 数据中心配置 OpenVPN 服务器超过一周了。我还在路由和远程访问以及防火墙中配置了 NAT。客户端设备也是 Windows。我不知道缺少什么,因为客户端的 IP 地址没有变化。我附上了一些有关服务器和客户端的信息。我能得到一些帮助吗?谢谢。

服务器.ovpn

port 1194  
proto udp4  
dev tun  
ca ca.crt  
cert server.crt  
dh dh2048.pem  
server 10.8.0.0 255.255.255.0  
ifconfig-pool-persist ipp.txt  
push "redirect-gateway def1 bypass-dhcp"  
push "dhcp-option DNS 10.8.0.1"  
keepalive 10 120  
cipher AES-256-CBC  
persist-key  
persist-tun  
status openvpn-status.log  
verb 3  
explicit-exit-notify 1

客户端.opvn

client  
dev tun  
proto udp4  
remote <my_windows_server_ip_address> 1194  
resolv-retry infinite  
nobind  
persist-key  
persist-tun  
ca ca.crt  
cert bgp_vpn.crt  
key bgp_vpn.key  
remote-cert-tls server  
cipher AES-256-CBC  
verb 3

我的客户端和服务器日志在这里。客户端日志

2023-01-21 10:11:17 TCP/UDP: Preserving recently used remote address: [AF_INET]<my_server_ip_address>:1194
2023-01-21 10:11:17 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-01-21 10:11:17 UDPv4 link local: (not bound)
2023-01-21 10:11:17 UDPv4 link remote: [AF_INET]<my_server_ip_address>:1194
2023-01-21 10:11:17 MANAGEMENT: >STATE:1674272477,WAIT,,,,,,
2023-01-21 10:11:17 MANAGEMENT: >STATE:1674272477,AUTH,,,,,,
2023-01-21 10:11:17 TLS: Initial packet from [AF_INET]<my_server_ip_address>:1194, sid=a2d611d2 e4c72ba2
2023-01-21 10:11:17 VERIFY OK: depth=1, CN=bagyiphyo.online
2023-01-21 10:11:17 VERIFY KU OK
2023-01-21 10:11:17 Validating certificate extended key usage
2023-01-21 10:11:17 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-01-21 10:11:17 VERIFY EKU OK
2023-01-21 10:11:17 VERIFY OK: depth=0, CN=server
2023-01-21 10:11:17 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-01-21 10:11:17 [server] Peer Connection Initiated with [AF_INET]<my_server_ip_address>:1194
2023-01-21 10:11:17 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
2023-01-21 10:11:17 OPTIONS IMPORT: timers and/or timeouts modified
2023-01-21 10:11:17 OPTIONS IMPORT: --ifconfig/up options modified
2023-01-21 10:11:17 OPTIONS IMPORT: route options modified
2023-01-21 10:11:17 OPTIONS IMPORT: peer-id set
2023-01-21 10:11:17 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-01-21 10:11:17 OPTIONS IMPORT: data channel crypto options modified
2023-01-21 10:11:17 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-01-21 10:11:17 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:11:17 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:11:17 interactive service msg_channel=644
2023-01-21 10:11:17 open_tun
2023-01-21 10:11:17 tap-windows6 device [OpenVPN TAP-Windows6] opened
2023-01-21 10:11:17 TAP-Windows Driver Version 9.24 
2023-01-21 10:11:17 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {60A13B47-B75C-4508-9173-9A33FCEB4040} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
2023-01-21 10:11:17 Successful ARP Flush on interface [39] {60A13B47-B75C-4508-9173-9A33FCEB4040}
2023-01-21 10:11:17 MANAGEMENT: >STATE:1674272477,ASSIGN_IP,,10.8.0.6,,,,
2023-01-21 10:11:17 IPv4 MTU set to 1500 on interface 39 using service
2023-01-21 10:11:22 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
2023-01-21 10:11:22 MANAGEMENT: >STATE:1674272482,ADD_ROUTES,,,,,,
2023-01-21 10:11:22 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
2023-01-21 10:11:22 Route addition via service succeeded
2023-01-21 10:11:22 Initialization Sequence Completed
2023-01-21 10:11:22 MANAGEMENT: >STATE:1674272482,CONNECTED,SUCCESS,10.8.0.6,<my_server_ip_address>,1194,,

服务器日志

2023-01-21 10:41:16 103.94.68.42:17589 TLS: Initial packet from [AF_INET]103.94.68.42:17589, sid=2a442a2b 77d1aabf
2023-01-21 10:41:16 103.94.68.42:17589 VERIFY OK: depth=1, CN=bagyiphyo.online
2023-01-21 10:41:16 103.94.68.42:17589 VERIFY OK: depth=0, CN=client_vpn
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_VER=2.5.8
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_PLAT=win
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_PROTO=6
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_NCP=2
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_LZ4=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_LZ4v2=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_LZO=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_COMP_STUB=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_COMP_STUBv2=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_TCPNL=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_GUI_VER=OpenVPN_GUI_11
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_SSO=openurl,crtext
2023-01-21 10:41:16 103.94.68.42:17589 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-01-21 10:41:16 103.94.68.42:17589 [client_vpn] Peer Connection Initiated with [AF_INET]103.94.68.42:17589
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 MULTI: Learn: 10.8.0.6 -> client_vpn/103.94.68.42:17589
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 MULTI: primary virtual IP for client_vpn/103.94.68.42:17589: 10.8.0.6
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 SENT CONTROL [client_vpn]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)

对于所有日志,https://drive.google.com/file/d/1wxvWMbmChDAJYHgcw4fZRAsplptJfZgg/view?usp=sharing

以下是客户端连接到服务器时的 tracert

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

  1     2 ms     2 ms     1 ms  gpon.net [192.168.1.1]
  2     *        5 ms     *     10.69.32.1 [10.69.32.1]
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     3 ms     3 ms     3 ms  203.215.63.237
  6    59 ms    60 ms    59 ms  15169.sgw.equinix.com [27.111.228.150]
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9    60 ms    61 ms    60 ms  dns.google [8.8.8.8]

Trace complete.

客户端的路由表

===========================================================================
Interface List
 38...........................Wintun Userspace Tunnel
 39...00 ff 60 a1 3b 47 ......TAP-Windows Adapter V9
  6...e0 d0 45 47 5b b8 ......Microsoft Wi-Fi Direct Virtual Adapter
 16...e2 d0 45 47 5b b7 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  9...e0 d0 45 47 5b b7 ......Intel(R) Wi-Fi 6 AX201 160MHz
 10...e0 d0 45 47 5b bb ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.225     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.225    291
    192.168.1.225  255.255.255.255         On-link     192.168.1.225    291
    192.168.1.255  255.255.255.255         On-link     192.168.1.225    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.225    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.225    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  9    291 fe80::/64                On-link
  9    291 fe80::f770:dd5d:92f3:c17a/128
                                    On-link
  1    331 ff00::/8                 On-link
  9    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

答案1

好吧,这很奇怪,但我认为问题与 Windows 处理网络配置的方式有关。首先,退出 OpenVPN GUI 或相关进程。然后禁用“路由和远程访问”中的 NAT 配置(如果之前已启用)。重新启用 NAT。然后以管理员身份启动 OpenVPN GUI。现在客户端连接成功使用服务器的公共 IP。以前,我在启动 OpenVPN GUI 后进行 NAT 配置。

相关内容