Windows-Server-2012-R2
Windows Server 2012 上的 OpenVPN 客戶端無法更改路由
我有一個執行一些 Internet 通信軟體的虛擬 Windows 2012 伺服器,這需要我更改一次 IP 範圍。這是否安全並不重要,這只是測試軟體,在伺服器上沒有做任何嚴重的事情。
我的問題是我無法讓 OpenVPN 在伺服器上執行。出於測試目的,我只是選擇了任何公共免費 VPN,例如來自 freevpn.me
我的 freevpn.me 連接的 openvpn.log 如下所示:
Fri Feb 17 07:13:23 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017 Fri Feb 17 07:13:23 2017 Windows version 6.2 (Windows 8 or greater) 64bit Fri Feb 17 07:13:23 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Enter Management Password: Fri Feb 17 07:13:23 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Fri Feb 17 07:13:23 2017 Need hold release from management interface, waiting... Fri Feb 17 07:13:23 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'state on' Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'log all on' Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'hold off' Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'hold release' Fri Feb 17 07:13:40 2017 MANAGEMENT: CMD 'username "Auth" "freevpnme"' Fri Feb 17 07:13:40 2017 MANAGEMENT: CMD 'password [...]' Fri Feb 17 07:13:40 2017 MANAGEMENT: CMD 'proxy HTTP 172.22.1.3 3128' Fri Feb 17 07:13:41 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Fri Feb 17 07:13:41 2017 NOTE: --fast-io is disabled since we are running on Windows Fri Feb 17 07:13:41 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:41 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Fri Feb 17 07:13:41 2017 Attempting to establish TCP connection with [AF_INET]172.22.1.3:3128 [nonblock] Fri Feb 17 07:13:41 2017 MANAGEMENT: >STATE:1487312021,TCP_CONNECT,,,,,, Fri Feb 17 07:13:42 2017 TCP connection established with [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:42 2017 Send to HTTP proxy: 'CONNECT 212.129.33.61:443 HTTP/1.0' Fri Feb 17 07:13:42 2017 Send to HTTP proxy: 'Host: 212.129.33.61' Fri Feb 17 07:13:42 2017 HTTP proxy returned: 'HTTP/1.0 200 Connection established' Fri Feb 17 07:13:44 2017 TCP_CLIENT link local: (not bound) Fri Feb 17 07:13:44 2017 TCP_CLIENT link remote: [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:44 2017 MANAGEMENT: >STATE:1487312024,WAIT,,,,,, Fri Feb 17 07:13:44 2017 MANAGEMENT: >STATE:1487312024,AUTH,,,,,, Fri Feb 17 07:13:44 2017 TLS: Initial packet from [AF_INET]172.22.1.3:3128, sid=ad1adcd1 b2b7cd7a Fri Feb 17 07:13:44 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Feb 17 07:13:44 2017 VERIFY OK: depth=1, C=MT, ST=MLT, L=Valletta, O=FreeVPN.me, OU=FreeVPN.me, CN=FreeVPN.me CA, name=FreeVPN.me, emailAddress=contact@freevpn.me Fri Feb 17 07:13:44 2017 VERIFY OK: depth=0, C=MT, ST=MLT, L=Valletta, O=FreeVPN.me, OU=FreeVPN.me, CN=FreeVPN.me, name=FreeVPN.me, emailAddress=contact@freevpn.me Fri Feb 17 07:13:45 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Fri Feb 17 07:13:45 2017 [FreeVPN.me] Peer Connection Initiated with [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:46 2017 MANAGEMENT: >STATE:1487312026,GET_CONFIG,,,,,, Fri Feb 17 07:13:46 2017 SENT CONTROL [FreeVPN.me]: 'PUSH_REQUEST' (status=1) Fri Feb 17 07:13:46 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.13.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.13.1.110 10.13.1.109' Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: timers and/or timeouts modified Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: --ifconfig/up options modified Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: route options modified Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Fri Feb 17 07:13:46 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri Feb 17 07:13:46 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 17 07:13:46 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri Feb 17 07:13:46 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 17 07:13:46 2017 interactive service msg_channel=0 Fri Feb 17 07:13:46 2017 ROUTE_GATEWAY 172.22.1.1/255.255.255.0 I=12 HWADDR=00:50:56:98:74:d6 Fri Feb 17 07:13:46 2017 open_tun Fri Feb 17 07:13:46 2017 TAP-WIN32 device [Ethernet] opened: \\.\Global\{3EFF9323-DB9B-45CF-A89F-E8E2637975E4}.tap Fri Feb 17 07:13:46 2017 TAP-Windows Driver Version 9.21 Fri Feb 17 07:13:46 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.13.1.110/255.255.255.252 on interface {3EFF9323-DB9B-45CF-A89F-E8E2637975E4} [DHCP-serv: 10.13.1.109, lease-time: 31536000] Fri Feb 17 07:13:46 2017 Successful ARP Flush on interface [15] {3EFF9323-DB9B-45CF-A89F-E8E2637975E4} Fri Feb 17 07:13:46 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Fri Feb 17 07:13:46 2017 MANAGEMENT: >STATE:1487312026,ASSIGN_IP,,10.13.1.110,,,, Fri Feb 17 07:13:48 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 172.22.1.3 MASK 255.255.255.255 172.22.1.1 IF 12 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=5 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.13.1.109 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.13.1.109 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 MANAGEMENT: >STATE:1487312028,ADD_ROUTES,,,,,, Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 10.13.0.1 MASK 255.255.255.255 10.13.1.109 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 Initialization Sequence Completed Fri Feb 17 07:13:48 2017 MANAGEMENT: >STATE:1487312028,CONNECTED,SUCCESS,10.13.1.110,172.22.1.3,3128,172.22.1.193,52553這是我連接 VPN 後的路由表:
C:\>route print =========================================================================== Schnittstellenliste 15...00 ff 3e ff 93 23 ......TAP-Windows Adapter V9 12...00 50 56 98 74 d6 ......vmxnet3 Ethernet Adapter #3 1...........................Software Loopback Interface 1 13...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 28...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2 =========================================================================== IPv4-Routentabelle =========================================================================== Aktive Routen: Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik 0.0.0.0 0.0.0.0 172.22.1.1 172.22.1.193 261 0.0.0.0 128.0.0.0 10.9.0.33 10.13.1.110 20 0.0.0.0 128.0.0.0 10.13.1.109 10.13.1.110 20 10.9.0.1 255.255.255.255 10.9.0.33 10.13.1.110 20 10.13.0.1 255.255.255.255 10.13.1.109 10.13.1.110 20 10.13.1.108 255.255.255.252 Auf Verbindung 10.13.1.110 276 10.13.1.110 255.255.255.255 Auf Verbindung 10.13.1.110 276 10.13.1.111 255.255.255.255 Auf Verbindung 10.13.1.110 276 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 128.0.0.0 128.0.0.0 10.9.0.33 10.13.1.110 20 128.0.0.0 128.0.0.0 10.13.1.109 10.13.1.110 20 172.22.1.0 255.255.255.0 Auf Verbindung 172.22.1.193 261 172.22.1.3 255.255.255.255 172.22.1.1 172.22.1.193 5 172.22.1.193 255.255.255.255 Auf Verbindung 172.22.1.193 261 172.22.1.255 255.255.255.255 Auf Verbindung 172.22.1.193 261 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306 224.0.0.0 240.0.0.0 Auf Verbindung 10.13.1.110 276 224.0.0.0 240.0.0.0 Auf Verbindung 172.22.1.193 261 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 255.255.255.255 255.255.255.255 Auf Verbindung 10.13.1.110 276 255.255.255.255 255.255.255.255 Auf Verbindung 172.22.1.193 261 =========================================================================== Ständige Routen: Netzwerkadresse Netzmaske Gatewayadresse Metrik 0.0.0.0 0.0.0.0 172.22.1.1 Standard =========================================================================== IPv6-Routentabelle =========================================================================== Aktive Routen: If Metrik Netzwerkziel Gateway 1 306 ::1/128 Auf Verbindung 15 276 fe80::/64 Auf Verbindung 12 261 fe80::/64 Auf Verbindung 12 261 fe80::1dca:d314:3e09:82ae/128 Auf Verbindung 15 276 fe80::20c6:40f9:7577:57df/128 Auf Verbindung 1 306 ff00::/8 Auf Verbindung 15 276 ff00::/8 Auf Verbindung 12 261 ff00::/8 Auf Verbindung =========================================================================== Ständige Routen: Keine C:\>如果我去 ifconfig.me,它說我的 IP 地址仍然是 141.76.15.132
到目前為止我嘗試了什麼:
- 以管理員身份執行 OpenVPN
- 將 DNS 伺服器更改為 8.8.8.8/8.8.4.4 (google)
- 禁用/啟用防火牆
我不知道為什麼這不起作用。
但我不確定如何將這些解決方案與我的 OpenVPN 設置集成。
任何幫助是極大的讚賞。
編輯於 2017-02-20
我有點遠。所以連接似乎已經建立,但 Windows 2012 仍在使用原來的乙太網適配器,我無法更改兩者的順序:
經過2天的搜尋,我找到了解決方案:
建立 VPN 後,我必須禁用系統代理,否則流量似乎通過 VPN 路由回代理。
讓我懷疑的是,在建立 VPN 之後,tracert 命令會顯示一條通過 VPN 的路由返回到最終地址的代理。在建立 VPN 時禁用代理後,tracert 將直接路由到 VPN 到目的地。
只需將代理添加到 OpenVPN 設置並在系統內禁用它。這樣,只有在 OpenVPN 會話正在執行時,虛擬機才能連接到 Internet。