Windows
Windows 11:OpenVPN 服務在啟動時無法統計
我在我的 Windows 11 機器的目錄中安裝了一個 OpenVPN 配置文件
config-auto
,以便它在啟動時連接到我的 OpenVPN 伺服器。問題是有時在系統啟動時,它開始無法連接:
2022-03-11 09:27:38 [server] Inactivity timeout (--ping-restart), restarting 2022-03-11 09:27:38 SIGUSR1[soft,ping-restart] received, process restarting 2022-03-11 09:27:38 Restart pause, 5 second(s) 2022-03-11 09:27:43 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2022-03-11 09:27:43 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2022-03-11 09:27:43 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194 2022-03-11 09:27:43 Socket Buffers: R=[65536->65536] S=[65536->65536] 2022-03-11 09:27:43 UDP link local: (not bound) 2022-03-11 09:27:43 UDP link remote: [AF_INET]<REDACTED>:1194 2022-03-11 09:28:43 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-03-11 09:28:43 TLS Error: TLS handshake failed 2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting
好像沒有網際網路連接,但是您可以看到我的乙太網介面已啟動並連接到網際網路:
一切都開始正常工作:
2022-03-11 09:28:43 TLS Error: TLS handshake failed 2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting 2022-03-11 10:16:36 NOTE: --user option is not implemented on Windows 2022-03-11 10:16:36 NOTE: --group option is not implemented on Windows 2022-03-11 10:16:36 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2022-03-11 10:16:36 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning. 2022-03-11 10:16:36 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021 2022-03-11 10:16:36 Windows version 10.0 (Windows 10 or greater) 64bit 2022-03-11 10:16:36 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 2022-03-11 10:16:36 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2022-03-11 10:16:36 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2022-03-11 10:16:36 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194 2022-03-11 10:16:36 Socket Buffers: R=[65536->65536] S=[65536->65536] 2022-03-11 10:16:36 UDP link local: (not bound) 2022-03-11 10:16:36 UDP link remote: [AF_INET]<REDACTED>:1194 2022-03-11 10:16:36 TLS: Initial packet from [AF_INET]<REDACTED>:1194, sid=7818afbf 7c74fa3b 2022-03-11 10:16:36 VERIFY OK: depth=1, <REDACTED> 2022-03-11 10:16:36 VERIFY KU OK 2022-03-11 10:16:36 Validating certificate extended key usage 2022-03-11 10:16:36 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
我想,這是我的 OpenVPN 和乙太網介面之間的某種競爭條件。我嘗試
InterfaceMetric
為我的乙太網介面減少並為 OpenVPN 介面增加它無濟於事:Get-NetIPInterface ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp ConnectionState PolicyStore ------- -------------- ------------- ------------ --------------- ---- --------------- ----------- 29 vEthernet (WSL) IPv6 1500 15 Enabled Connected ActiveStore 12 Ethernet 3 IPv6 1500 5 Disabled Disconnected ActiveStore 10 Local Area Connection* 2 IPv6 1500 25 Disabled Disconnected ActiveStore 24 Ethernet IPv6 1500 6 Enabled Connected ActiveStore 22 Local Area Connection* 1 IPv6 1500 25 Disabled Disconnected ActiveStore 23 OpenVPN IPv6 1500 25 Enabled Connected ActiveStore 8 Ethernet 2 IPv6 1500 5 Disabled Disconnected ActiveStore 13 OpenVPN Wintun IPv6 65535 5 Disabled Disconnected ActiveStore 1 Loopback Pseudo-Interface 1 IPv6 4294967295 75 Disabled Connected ActiveStore 29 vEthernet (WSL) IPv4 1500 15 Disabled Connected ActiveStore 12 Ethernet 3 IPv4 1500 5 Enabled Disconnected ActiveStore 10 Local Area Connection* 2 IPv4 1500 25 Enabled Disconnected ActiveStore 24 Ethernet IPv4 1500 1 Enabled Connected ActiveStore 22 Local Area Connection* 1 IPv4 1500 25 Enabled Disconnected ActiveStore 23 OpenVPN IPv4 1500 100 Enabled Connected ActiveStore 8 Ethernet 2 IPv4 1500 5 Enabled Disconnected ActiveStore 13 OpenVPN Wintun IPv4 65535 5 Disabled Disconnected ActiveStore 1 Loopback Pseudo-Interface 1 IPv4 4294967295 75 Disabled Connected ActiveStore
我還嘗試在 OpenVPN 服務上設置恢復策略,但似乎 Windows 不會將無法連接的 OpenVPN 服務視為損壞,因此不會重新啟動它:
同樣,它只發生五分之一的靴子,大部分時間它工作正常。
搜尋了整個網際網路,但找不到其他人有這個問題。
嘗試將服務啟動設置為“延遲”。它可能會延遲,但至少它有效。如果這仍然不起作用,請嘗試使用另一個 VPN 客戶端。
我注意到
Inactivity timeout
那裡,所以也許這會有所幫助。打開啟動文件夾(點擊 Windows+R 然後輸入
shell:startup
),創建一個快捷方式執行ping
到網際網路上的某個地方,比如說ping 1.1.1.1
(ping
是要執行的應用程序,1.1.1.1
是參數)只是為了確保 VPN 在啟動時不會被切斷。