文章/答案/技术大牛

发布

社区首页 >问答首页 >Windows中的OpenVPN服务器不更改IP地址

问Windows中的OpenVPN服务器不更改IP地址
EN

Server Fault用户

提问于 2023-01-23 04:11:52

回答 1查看 324关注 0票数 0

我是OpenVPN的新手。我为WindowsServer2019数据中心配置OpenVPN服务器已经超过一周了。我还在路由、远程访问和防火墙方面配置了NAT。客户端设备也是Windows。我不知道缺少了什么，因为客户的IP地址没有改变。我附上了一些关于服务器和客户端的信息。我能得到帮助吗？谢谢。

server.ovpn

port 1194  
proto udp4  
dev tun  
ca ca.crt  
cert server.crt  
dh dh2048.pem  
server 10.8.0.0 255.255.255.0  
ifconfig-pool-persist ipp.txt  
push "redirect-gateway def1 bypass-dhcp"  
push "dhcp-option DNS 10.8.0.1"  
keepalive 10 120  
cipher AES-256-CBC  
persist-key  
persist-tun  
status openvpn-status.log  
verb 3  
explicit-exit-notify 1

client.opvn

client  
dev tun  
proto udp4  
remote <my_windows_server_ip_address> 1194  
resolv-retry infinite  
nobind  
persist-key  
persist-tun  
ca ca.crt  
cert bgp_vpn.crt  
key bgp_vpn.key  
remote-cert-tls server  
cipher AES-256-CBC  
verb 3

我的客户和服务器日志在这里。客户日志

2023-01-21 10:11:17 TCP/UDP: Preserving recently used remote address: [AF_INET]<my_server_ip_address>:1194
2023-01-21 10:11:17 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-01-21 10:11:17 UDPv4 link local: (not bound)
2023-01-21 10:11:17 UDPv4 link remote: [AF_INET]<my_server_ip_address>:1194
2023-01-21 10:11:17 MANAGEMENT: >STATE:1674272477,WAIT,,,,,,
2023-01-21 10:11:17 MANAGEMENT: >STATE:1674272477,AUTH,,,,,,
2023-01-21 10:11:17 TLS: Initial packet from [AF_INET]<my_server_ip_address>:1194, sid=a2d611d2 e4c72ba2
2023-01-21 10:11:17 VERIFY OK: depth=1, CN=bagyiphyo.online
2023-01-21 10:11:17 VERIFY KU OK
2023-01-21 10:11:17 Validating certificate extended key usage
2023-01-21 10:11:17 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-01-21 10:11:17 VERIFY EKU OK
2023-01-21 10:11:17 VERIFY OK: depth=0, CN=server
2023-01-21 10:11:17 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-01-21 10:11:17 [server] Peer Connection Initiated with [AF_INET]<my_server_ip_address>:1194
2023-01-21 10:11:17 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
2023-01-21 10:11:17 OPTIONS IMPORT: timers and/or timeouts modified
2023-01-21 10:11:17 OPTIONS IMPORT: --ifconfig/up options modified
2023-01-21 10:11:17 OPTIONS IMPORT: route options modified
2023-01-21 10:11:17 OPTIONS IMPORT: peer-id set
2023-01-21 10:11:17 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-01-21 10:11:17 OPTIONS IMPORT: data channel crypto options modified
2023-01-21 10:11:17 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-01-21 10:11:17 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:11:17 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:11:17 interactive service msg_channel=644
2023-01-21 10:11:17 open_tun
2023-01-21 10:11:17 tap-windows6 device [OpenVPN TAP-Windows6] opened
2023-01-21 10:11:17 TAP-Windows Driver Version 9.24 
2023-01-21 10:11:17 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {60A13B47-B75C-4508-9173-9A33FCEB4040} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
2023-01-21 10:11:17 Successful ARP Flush on interface [39] {60A13B47-B75C-4508-9173-9A33FCEB4040}
2023-01-21 10:11:17 MANAGEMENT: >STATE:1674272477,ASSIGN_IP,,10.8.0.6,,,,
2023-01-21 10:11:17 IPv4 MTU set to 1500 on interface 39 using service
2023-01-21 10:11:22 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
2023-01-21 10:11:22 MANAGEMENT: >STATE:1674272482,ADD_ROUTES,,,,,,
2023-01-21 10:11:22 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
2023-01-21 10:11:22 Route addition via service succeeded
2023-01-21 10:11:22 Initialization Sequence Completed
2023-01-21 10:11:22 MANAGEMENT: >STATE:1674272482,CONNECTED,SUCCESS,10.8.0.6,<my_server_ip_address>,1194,,

服务器日志

2023-01-21 10:41:16 103.94.68.42:17589 TLS: Initial packet from [AF_INET]103.94.68.42:17589, sid=2a442a2b 77d1aabf
2023-01-21 10:41:16 103.94.68.42:17589 VERIFY OK: depth=1, CN=bagyiphyo.online
2023-01-21 10:41:16 103.94.68.42:17589 VERIFY OK: depth=0, CN=client_vpn
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_VER=2.5.8
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_PLAT=win
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_PROTO=6
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_NCP=2
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_LZ4=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_LZ4v2=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_LZO=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_COMP_STUB=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_COMP_STUBv2=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_TCPNL=1
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_GUI_VER=OpenVPN_GUI_11
2023-01-21 10:41:16 103.94.68.42:17589 peer info: IV_SSO=openurl,crtext
2023-01-21 10:41:16 103.94.68.42:17589 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-01-21 10:41:16 103.94.68.42:17589 [client_vpn] Peer Connection Initiated with [AF_INET]103.94.68.42:17589
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 MULTI: Learn: 10.8.0.6 -> client_vpn/103.94.68.42:17589
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 MULTI: primary virtual IP for client_vpn/103.94.68.42:17589: 10.8.0.6
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-21 10:41:16 client_vpn/103.94.68.42:17589 SENT CONTROL [client_vpn]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)

对于所有日志，https://drive.google.com/file/d/1wxvWMbmChDAJYHgcw4fZRAsplptJfZgg/view?usp=sharing

以下是连接到服务器时客户端的跟踪

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

  1     2 ms     2 ms     1 ms  gpon.net [192.168.1.1]
  2     *        5 ms     *     10.69.32.1 [10.69.32.1]
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     3 ms     3 ms     3 ms  203.215.63.237
  6    59 ms    60 ms    59 ms  15169.sgw.equinix.com [27.111.228.150]
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9    60 ms    61 ms    60 ms  dns.google [8.8.8.8]

Trace complete.

客户端路由表

===========================================================================
Interface List
 38...........................Wintun Userspace Tunnel
 39...00 ff 60 a1 3b 47 ......TAP-Windows Adapter V9
  6...e0 d0 45 47 5b b8 ......Microsoft Wi-Fi Direct Virtual Adapter
 16...e2 d0 45 47 5b b7 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  9...e0 d0 45 47 5b b7 ......Intel(R) Wi-Fi 6 AX201 160MHz
 10...e0 d0 45 47 5b bb ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.225     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.225    291
    192.168.1.225  255.255.255.255         On-link     192.168.1.225    291
    192.168.1.255  255.255.255.255         On-link     192.168.1.225    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.225    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.225    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  9    291 fe80::/64                On-link
  9    291 fe80::f770:dd5d:92f3:c17a/128
                                    On-link
  1    331 ff00::/8                 On-link
  9    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

windows

vpn

openvpn

nat

windows-server-2019

回答 1

Server Fault用户

回答已采纳

发布于 2023-01-23 07:01:17

好吧，这很奇怪，但我认为问题与Windows如何处理网络配置有关。首先，退出OpenVPN图形用户界面或相关流程。然后在“路由和远程访问”中禁用NAT配置，如果之前启用的话。重新启用NAT。然后以管理员身份启动OpenVPN GUI。现在客户端连接成功地使用了服务器的公共ip。以前，我在启动OpenVPN GUI之后进行NAT配置。

票数 0

页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://serverfault.com/questions/1120875

复制

相似问题

问Windows中的OpenVPN服务器不更改IP地址
EN

回答 1

Server Fault用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Windows中的OpenVPN服务器不更改IP地址EN

回答 1

Server Fault用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问Windows中的OpenVPN服务器不更改IP地址
EN