OpenVPN:Windows 7 x64 客戶端看不到遠端 LAN,但 XP 客戶端可以
我正在使用帶有 Windows XP x86 SP3 和 Windows 7 x64 客戶端的 OpenVPN 2.1.1 到一個包含 OpenVPN 2.1-rc15 的 Endian Community 2.4.0 盒子。
從兩者連接都可以正常工作,但在 Windows 7 上無法訪問綠色 LAN 上的資源,並且適用於 XP。
所以:我可以通過 VPN ping 推送網路上的主機,但是使用 windows7 我只能 ping 防火牆的綠色 IP 地址。
編輯:我嘗試了
route-method exe
/route-delay 2
技巧,但這並不能解決問題。關於 Endian 配置的更多細節(嘗試了 2.2 和 2.4,都失敗了):
紅色=192.168.100.25;192.168.71.25
綠色=176.16.41.1
橙色=176.16.141.1
它基本上作為 OpenVPN 伺服器執行,以紅色服務,提供對綠色的訪問。
在 Windows XP 上,我有預設的OpenVPN 2.1.1 安裝,使用 OpenVPN GUI(包含在安裝中),一切都很好。
在 Windows 7 x64 上,我執行相同,但現在使用 OpenVPN GUI 作為管理員。
只能ping綠色網關,其他機器都ping不通。
Windows 7 日誌:
Tue Aug 10 18:50:15 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009 Tue Aug 10 18:50:23 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Aug 10 18:50:23 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Aug 10 18:50:24 2010 LZO compression initialized Tue Aug 10 18:50:24 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Aug 10 18:50:24 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] Tue Aug 10 18:50:24 2010 Local Options hash (VER=V4): '31fdf004' Tue Aug 10 18:50:24 2010 Expected Remote Options hash (VER=V4): '3e6d1056' Tue Aug 10 18:50:24 2010 Attempting to establish TCP connection with 192.168.71.25:1194 Tue Aug 10 18:50:24 2010 TCP connection established with 192.168.71.25:1194 Tue Aug 10 18:50:24 2010 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link local: [undef] Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194 Tue Aug 10 18:50:24 2010 TLS: Initial packet from 192.168.71.25:1194, sid=165d50de 52c0ecba Tue Aug 10 18:50:24 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Aug 10 18:50:24 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA Tue Aug 10 18:50:24 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1 Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 18:50:24 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Aug 10 18:50:24 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194 Tue Aug 10 18:50:26 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Tue Aug 10 18:50:27 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1' Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: timers and/or timeouts modified Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ifconfig/up options modified Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: route-related options modified Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Aug 10 18:50:27 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap Tue Aug 10 18:50:27 2010 TAP-Win32 Driver Version 9.6 Tue Aug 10 18:50:27 2010 TAP-Win32 MTU=1500 Tue Aug 10 18:50:27 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000] Tue Aug 10 18:50:27 2010 Successful ARP Flush on interface [34] {F3F5E8A1-1797-4FA8-902E-3895A2163148} Tue Aug 10 18:50:32 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up Tue Aug 10 18:50:32 2010 Initialization Sequence Completed[/code]
Windows 7 路由表:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.71.1 192.168.71.160 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 169.254.100.145 276 169.254.100.145 255.255.255.255 On-link 169.254.100.145 276 169.254.255.255 255.255.255.255 On-link 169.254.100.145 276 172.16.41.0 255.255.255.0 On-link 172.16.41.209 286 172.16.41.209 255.255.255.255 On-link 172.16.41.209 286 172.16.41.255 255.255.255.255 On-link 172.16.41.209 286 192.168.71.0 255.255.255.0 On-link 192.168.71.160 276 192.168.71.160 255.255.255.255 On-link 192.168.71.160 276 192.168.71.255 255.255.255.255 On-link 192.168.71.160 276 192.168.237.0 255.255.255.0 On-link 192.168.237.1 276 192.168.237.1 255.255.255.255 On-link 192.168.237.1 276 192.168.237.255 255.255.255.255 On-link 192.168.237.1 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.71.160 276 224.0.0.0 240.0.0.0 On-link 169.254.100.145 276 224.0.0.0 240.0.0.0 On-link 192.168.237.1 276 224.0.0.0 240.0.0.0 On-link 172.16.41.209 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.71.160 276 255.255.255.255 255.255.255.255 On-link 169.254.100.145 276 255.255.255.255 255.255.255.255 On-link 192.168.237.1 276 255.255.255.255 255.255.255.255 On-link 172.16.41.209 286 ===========================================================================
(您可以忽略這些路由,因為它們來自在同一台機器上執行的 VMware 工作站:- 192.168.237.0/24 - 169.254.0.0/16)
Windows XP 日誌:
Tue Aug 10 19:01:04 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009 Tue Aug 10 19:01:06 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Aug 10 19:01:06 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Aug 10 19:01:07 2010 LZO compression initialized Tue Aug 10 19:01:07 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Aug 10 19:01:07 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] Tue Aug 10 19:01:07 2010 Local Options hash (VER=V4): '31fdf004' Tue Aug 10 19:01:07 2010 Expected Remote Options hash (VER=V4): '3e6d1056' Tue Aug 10 19:01:07 2010 Attempting to establish TCP connection with 192.168.71.25:1194 Tue Aug 10 19:01:07 2010 TCP connection established with 192.168.71.25:1194 Tue Aug 10 19:01:07 2010 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link local: [undef] Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194 Tue Aug 10 19:01:07 2010 TLS: Initial packet from 192.168.71.25:1194, sid=983b94eb 87732d38 Tue Aug 10 19:01:07 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Aug 10 19:01:07 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA Tue Aug 10 19:01:07 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1 Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 19:01:07 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Aug 10 19:01:07 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194 Tue Aug 10 19:01:09 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Tue Aug 10 19:01:10 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.201 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1' Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: timers and/or timeouts modified Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ifconfig/up options modified Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: route-related options modified Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Aug 10 19:01:10 2010 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{C4752F65-93BA-4DED-A1FE-2633F1481ABF}.tap Tue Aug 10 19:01:10 2010 TAP-Win32 Driver Version 9.6 Tue Aug 10 19:01:10 2010 TAP-Win32 MTU=1500 Tue Aug 10 19:01:10 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.201/255.255.255.0 on interface {C4752F65-93BA-4DED-A1FE-2633F1481ABF} [DHCP-serv: 172.16.41.0, lease-time: 31536000] Tue Aug 10 19:01:10 2010 Successful ARP Flush on interface [2] {C4752F65-93BA-4DED-A1FE-2633F1481ABF} Tue Aug 10 19:01:15 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down Tue Aug 10 19:01:15 2010 Route: Waiting for TUN/TAP interface to come up... Tue Aug 10 19:01:18 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up Tue Aug 10 19:01:18 2010 Initialization Sequence Completed
XP路由表:
=========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.237.2 192.168.237.128 10 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.16.41.0 255.255.255.0 172.16.41.201 172.16.41.201 30 172.16.41.201 255.255.255.255 127.0.0.1 127.0.0.1 30 172.16.255.255 255.255.255.255 172.16.41.201 172.16.41.201 30 192.168.237.0 255.255.255.0 192.168.237.128 192.168.237.128 10 192.168.237.128 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.237.255 255.255.255.255 192.168.237.128 192.168.237.128 10 224.0.0.0 240.0.0.0 172.16.41.201 172.16.41.201 30 224.0.0.0 240.0.0.0 192.168.237.128 192.168.237.128 10 255.255.255.255 255.255.255.255 172.16.41.201 172.16.41.201 1 255.255.255.255 255.255.255.255 192.168.237.128 192.168.237.128 1 Default Gateway: 192.168.237.2 ===========================================================================
有人知道出了什麼問題嗎?
——杰倫
我解決了我的問題:這是一個測試案例錯誤。
Windows XP 正在連接到物理字節序盒。
Windows 7 x64 正在連接到虛擬 Endian 框。
虛擬機使用虛擬網路交換機在 VMware ESX/ESXi 上執行。
我忘了為那個開關啟用混雜模式。
啟用它可以解決問題。
——杰倫
那麼我面臨同樣的問題。嘗試了所有的東西,比如啟用文件共享、設置相同的工作組等。除了這個沒有任何幫助:
我注意到設備管理器中有多個網路適配器。所有都是隱藏的,所以必須點擊查看並啟用隱藏的設備。
它們都被命名為 …4to6 適配器。當我刪除所有這些適配器時,我的文件/列印機共享和與 XP 客戶端的網路在重新啟動後開始工作。如果這些適配器數量眾多,則必須將其全部刪除。可以使用適當的(32 或 64 位版本)工具 DEVCON.EXE(它是 Windows 驅動程序工具包的一部分 - 下載詳細資訊:Windows 驅動程序工具包版本 7.1.0)來完成。更多資訊可在此處找到 DevCon 命令行實用程序可替代設備管理器。
我在這裡找到了這個解決方案:http ://ryanvictory.com/posts/automating-6to4-adapter-removal-in-windows/