Windows

Windows 11:OpenVPN 服務在啟動時無法統計

  • March 23, 2022

我在我的 Windows 11 機器的目錄中安裝了一個 OpenVPN 配置文件config-auto,以便它在啟動時連接到我的 OpenVPN 伺服器。

問題是有時在系統啟動時,它開始無法連接:

2022-03-11 09:27:38 [server] Inactivity timeout (--ping-restart), restarting
2022-03-11 09:27:38 SIGUSR1[soft,ping-restart] received, process restarting
2022-03-11 09:27:38 Restart pause, 5 second(s)
2022-03-11 09:27:43 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 09:27:43 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 09:27:43 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194
2022-03-11 09:27:43 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-11 09:27:43 UDP link local: (not bound)
2022-03-11 09:27:43 UDP link remote: [AF_INET]<REDACTED>:1194
2022-03-11 09:28:43 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-11 09:28:43 TLS Error: TLS handshake failed
2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting

好像沒有網際網路連接,但是您可以看到我的乙太網介面已啟動並連接到網際網路:

一旦我重新啟動 OpenVPN 服務: 在此處輸入圖像描述

一切都開始正常工作:

2022-03-11 09:28:43 TLS Error: TLS handshake failed
2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting

2022-03-11 10:16:36 NOTE: --user option is not implemented on Windows
2022-03-11 10:16:36 NOTE: --group option is not implemented on Windows
2022-03-11 10:16:36 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-03-11 10:16:36 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-03-11 10:16:36 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2022-03-11 10:16:36 Windows version 10.0 (Windows 10 or greater) 64bit
2022-03-11 10:16:36 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2022-03-11 10:16:36 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 10:16:36 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 10:16:36 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194
2022-03-11 10:16:36 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-11 10:16:36 UDP link local: (not bound)
2022-03-11 10:16:36 UDP link remote: [AF_INET]<REDACTED>:1194
2022-03-11 10:16:36 TLS: Initial packet from [AF_INET]<REDACTED>:1194, sid=7818afbf 7c74fa3b
2022-03-11 10:16:36 VERIFY OK: depth=1, <REDACTED>
2022-03-11 10:16:36 VERIFY KU OK
2022-03-11 10:16:36 Validating certificate extended key usage
2022-03-11 10:16:36 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

我想,這是我的 OpenVPN 和乙太網介面之間的某種競爭條件。我嘗試InterfaceMetric為我的乙太網介面減少並為 OpenVPN 介面增加它無濟於事:

Get-NetIPInterface

ifIndex InterfaceAlias                  AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
------- --------------                  ------------- ------------ --------------- ----     --------------- -----------
29      vEthernet (WSL)                 IPv6                  1500              15 Enabled  Connected       ActiveStore
12      Ethernet 3                      IPv6                  1500               5 Disabled Disconnected    ActiveStore
10      Local Area Connection* 2        IPv6                  1500              25 Disabled Disconnected    ActiveStore
24      Ethernet                        IPv6                  1500               6 Enabled  Connected       ActiveStore
22      Local Area Connection* 1        IPv6                  1500              25 Disabled Disconnected    ActiveStore
23      OpenVPN                         IPv6                  1500              25 Enabled  Connected       ActiveStore
8       Ethernet 2                      IPv6                  1500               5 Disabled Disconnected    ActiveStore
13      OpenVPN Wintun                  IPv6                 65535               5 Disabled Disconnected    ActiveStore
1       Loopback Pseudo-Interface 1     IPv6            4294967295              75 Disabled Connected       ActiveStore
29      vEthernet (WSL)                 IPv4                  1500              15 Disabled Connected       ActiveStore
12      Ethernet 3                      IPv4                  1500               5 Enabled  Disconnected    ActiveStore
10      Local Area Connection* 2        IPv4                  1500              25 Enabled  Disconnected    ActiveStore
24      Ethernet                        IPv4                  1500               1 Enabled  Connected       ActiveStore
22      Local Area Connection* 1        IPv4                  1500              25 Enabled  Disconnected    ActiveStore
23      OpenVPN                         IPv4                  1500             100 Enabled  Connected       ActiveStore
8       Ethernet 2                      IPv4                  1500               5 Enabled  Disconnected    ActiveStore
13      OpenVPN Wintun                  IPv4                 65535               5 Disabled Disconnected    ActiveStore
1       Loopback Pseudo-Interface 1     IPv4            4294967295              75 Disabled Connected       ActiveStore

我還嘗試在 OpenVPN 服務上設置恢復策略,但似乎 Windows 不會將無法連接的 OpenVPN 服務視為損壞,因此不會重新啟動它: 在此處輸入圖像描述

同樣,它只發生五分之一的靴子,大部分時間它工作正常。

搜尋了整個網際網路,但找不到其他人有這個問題。

嘗試將服務啟動設置為“延遲”。它可能會延遲,但至少它有效。如果這仍然不起作用,請嘗試使用另一個 VPN 客戶端。

我注意到Inactivity timeout那裡,所以也許這會有所幫助。

打開啟動文件夾(點擊 Windows+R 然後輸入shell:startup),創建一個快捷方式執行ping到網際網路上的某個地方,比如說ping 1.1.1.1ping是要執行的應用程序,1.1.1.1是參數)只是為了確保 VPN 在啟動時不會被切斷。

引用自:https://serverfault.com/questions/1095948