Windows-Xp

OpenVPN:Windows 7 x64 客戶端看不到遠端 LAN,但 XP 客戶端可以

  • October 1, 2015

我正在使用帶有 Windows XP x86 SP3 和 Windows 7 x64 客戶端的 OpenVPN 2.1.1 到一個包含 OpenVPN 2.1-rc15 的 Endian Community 2.4.0 盒子。

從兩者連接都可以正常工作,但在 Windows 7 上無法訪問綠色 LAN 上的資源,並且適用於 XP。

所以:我可以通過 VPN ping 推送網路上的主機,但是使用 windows7 我只能 ping 防火牆的綠色 IP 地址。

編輯:我嘗試了route-method exe/route-delay 2技巧,但這並不能解決問題。

關於 Endian 配置的更多細節(嘗試了 2.2 和 2.4,都失敗了):

紅色=192.168.100.25;192.168.71.25

綠色=176.16.41.1

橙色=176.16.141.1

它基本上作為 OpenVPN 伺服器執行,以紅色服務,提供對綠色的訪問。

在 Windows XP 上,我有預設的OpenVPN 2.1.1 安裝,使用 OpenVPN GUI(包含在安裝中),一切都很好。

在 Windows 7 x64 上,我執行相同,但現在使用 OpenVPN GUI 作為管理員。

只能ping綠色網關,其他機器都ping不通。

Windows 7 日誌:

Tue Aug 10 18:50:15 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Tue Aug 10 18:50:23 2010 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 10 18:50:23 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 10 18:50:24 2010 LZO compression initialized
Tue Aug 10 18:50:24 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 10 18:50:24 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Aug 10 18:50:24 2010 Local Options hash (VER=V4): '31fdf004'
Tue Aug 10 18:50:24 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Aug 10 18:50:24 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 TCP connection established with 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link local: [undef]
Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Tue Aug 10 18:50:24 2010 TLS: Initial packet from 192.168.71.25:1194, sid=165d50de 52c0ecba
Tue Aug 10 18:50:24 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 10 18:50:24 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Tue Aug 10 18:50:24 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 18:50:24 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 10 18:50:24 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Tue Aug 10 18:50:26 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Tue Aug 10 18:50:27 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: route-related options modified
Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 10 18:50:27 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap
Tue Aug 10 18:50:27 2010 TAP-Win32 Driver Version 9.6
Tue Aug 10 18:50:27 2010 TAP-Win32 MTU=1500
Tue Aug 10 18:50:27 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Tue Aug 10 18:50:27 2010 Successful ARP Flush on interface [34] {F3F5E8A1-1797-4FA8-902E-3895A2163148}
Tue Aug 10 18:50:32 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue Aug 10 18:50:32 2010 Initialization Sequence Completed[/code]

Windows 7 路由表:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         0.0.0.0          0.0.0.0     192.168.71.1   192.168.71.160     20
       127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
       127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
 127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     169.254.0.0      255.255.0.0         On-link   169.254.100.145    276
 169.254.100.145  255.255.255.255         On-link   169.254.100.145    276
 169.254.255.255  255.255.255.255         On-link   169.254.100.145    276
     172.16.41.0    255.255.255.0         On-link     172.16.41.209    286
   172.16.41.209  255.255.255.255         On-link     172.16.41.209    286
   172.16.41.255  255.255.255.255         On-link     172.16.41.209    286
    192.168.71.0    255.255.255.0         On-link    192.168.71.160    276
  192.168.71.160  255.255.255.255         On-link    192.168.71.160    276
  192.168.71.255  255.255.255.255         On-link    192.168.71.160    276
   192.168.237.0    255.255.255.0         On-link     192.168.237.1    276
   192.168.237.1  255.255.255.255         On-link     192.168.237.1    276
 192.168.237.255  255.255.255.255         On-link     192.168.237.1    276
       224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
       224.0.0.0        240.0.0.0         On-link    192.168.71.160    276
       224.0.0.0        240.0.0.0         On-link   169.254.100.145    276
       224.0.0.0        240.0.0.0         On-link     192.168.237.1    276
       224.0.0.0        240.0.0.0         On-link     172.16.41.209    286
 255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
 255.255.255.255  255.255.255.255         On-link    192.168.71.160    276
 255.255.255.255  255.255.255.255         On-link   169.254.100.145    276
 255.255.255.255  255.255.255.255         On-link     192.168.237.1    276
 255.255.255.255  255.255.255.255         On-link     172.16.41.209    286
===========================================================================

(您可以忽略這些路由,因為它們來自在同一台機器上執行的 VMware 工作站:- 192.168.237.0/24 - 169.254.0.0/16)

Windows XP 日誌:

Tue Aug 10 19:01:04 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Tue Aug 10 19:01:06 2010 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 10 19:01:06 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 10 19:01:07 2010 LZO compression initialized
Tue Aug 10 19:01:07 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 10 19:01:07 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Aug 10 19:01:07 2010 Local Options hash (VER=V4): '31fdf004'
Tue Aug 10 19:01:07 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Aug 10 19:01:07 2010 Attempting to establish TCP connection with 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 TCP connection established with 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link local: [undef]
Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194
Tue Aug 10 19:01:07 2010 TLS: Initial packet from 192.168.71.25:1194, sid=983b94eb 87732d38
Tue Aug 10 19:01:07 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 10 19:01:07 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Tue Aug 10 19:01:07 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 10 19:01:07 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 10 19:01:07 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194
Tue Aug 10 19:01:09 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Tue Aug 10 19:01:10 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.201 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1'
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: route-related options modified
Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 10 19:01:10 2010 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{C4752F65-93BA-4DED-A1FE-2633F1481ABF}.tap
Tue Aug 10 19:01:10 2010 TAP-Win32 Driver Version 9.6
Tue Aug 10 19:01:10 2010 TAP-Win32 MTU=1500
Tue Aug 10 19:01:10 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.201/255.255.255.0 on interface {C4752F65-93BA-4DED-A1FE-2633F1481ABF} [DHCP-serv: 172.16.41.0, lease-time: 31536000]
Tue Aug 10 19:01:10 2010 Successful ARP Flush on interface [2] {C4752F65-93BA-4DED-A1FE-2633F1481ABF}
Tue Aug 10 19:01:15 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Tue Aug 10 19:01:15 2010 Route: Waiting for TUN/TAP interface to come up...
Tue Aug 10 19:01:18 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue Aug 10 19:01:18 2010 Initialization Sequence Completed

XP路由表:

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         0.0.0.0          0.0.0.0    192.168.237.2  192.168.237.128      10
       127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
     172.16.41.0    255.255.255.0    172.16.41.201   172.16.41.201       30
   172.16.41.201  255.255.255.255        127.0.0.1       127.0.0.1       30
  172.16.255.255  255.255.255.255    172.16.41.201   172.16.41.201       30
   192.168.237.0    255.255.255.0  192.168.237.128  192.168.237.128      10
 192.168.237.128  255.255.255.255        127.0.0.1       127.0.0.1       10
 192.168.237.255  255.255.255.255  192.168.237.128  192.168.237.128      10
       224.0.0.0        240.0.0.0    172.16.41.201   172.16.41.201       30
       224.0.0.0        240.0.0.0  192.168.237.128  192.168.237.128      10
 255.255.255.255  255.255.255.255    172.16.41.201   172.16.41.201       1
 255.255.255.255  255.255.255.255  192.168.237.128  192.168.237.128      1
Default Gateway:     192.168.237.2
===========================================================================

有人知道出了什麼問題嗎?

——杰倫

我解決了我的問題:這是一個測試案例錯誤。

Windows XP 正在連接到物理字節序盒。

Windows 7 x64 正在連接到虛擬 Endian 框。

虛擬機使用虛擬網路交換機在 VMware ESX/ESXi 上執行。

我忘了為那個開關啟用混雜模式

啟用它可以解決問題。

——杰倫

那麼我面臨同樣的問題。嘗試了所有的東西,比如啟用文件共享、設置相同的工作組等。除了這個沒有任何幫助:

我注意到設備管理器中有多個網路適配器。所有都是隱藏的,所以必須點擊查看並啟用隱藏的設備。

它們都被命名為 …4to6 適配器。當我刪除所有這些適配器時,我的文件/列印機共享和與 XP 客戶端的網路在重新啟動後開始工作。如果這些適配器數量眾多,則必須將其全部刪除。可以使用適當的(32 或 64 位版本)工具 DEVCON.EXE(它是 Windows 驅動程序工具包的一部分 - 下載詳細資訊:Windows 驅動程序工具包版本 7.1.0)來完成。更多資訊可在此處找到 DevCon 命令行實用程序可替代設備管理器。

我在這裡找到了這個解決方案:http ://ryanvictory.com/posts/automating-6to4-adapter-removal-in-windows/

引用自:https://serverfault.com/questions/168971

相關問答

Windows

Openvpn Server Windows 需要防止客戶端在伺服器上使用預設網關

  • October 10, 2022
檢視問答
Routing

為什麼我的 OpenVPN 不路由後面的網路?

  • June 12, 2022
檢視問答
Ubuntu

OpenVPN - 如何停止通過 VPN 伺服器的公共流量路由?

  • April 6, 2022
檢視問答
Routing

基於 OpenVPN 的 IPv6 路由

  • March 23, 2022
檢視問答
Routing

將部分 OpenVPN 流量路由到伺服器上的 IPSec 隧道

  • May 28, 2021
檢視問答
Windows-7

根據目的地路由到 vpn

  • May 15, 2021
檢視問答