openvpn client不能撥入看下是怎麼回事呢？

←手機掃碼閱讀火星人 @ 2014-03-04 , reply:0

openvpn client不能撥入看下是怎麼回事呢？

我用openvpn做client時，點擊connect后，之後彈出輸入用戶名和密碼后，可是又馬上后又斷開了，日誌如下所示
Fri Jan 01 17:37:13 2010 NOTE: --user option is not implemented on Windows
Fri Jan 01 17:37:13 2010 NOTE: --group option is not implemented on Windows
Fri Jan 01 17:37:13 2010 OpenVPN 2.1.1 i686-pc-mingw32 built on Dec 11 2009
Fri Jan 01 17:37:17 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jan 01 17:37:17 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 01 17:37:18 2010 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jan 01 17:37:18 2010 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Fri Jan 01 17:37:18 2010 Local Options hash (VER=V4): '5cb3f8dc'
Fri Jan 01 17:37:18 2010 Expected Remote Options hash (VER=V4): '898ae6c6'
Fri Jan 01 17:37:18 2010 Attempting to establish TCP connection with 189.64.0.2:1194
Fri Jan 01 17:37:18 2010 TCP connection established with 189.64.0.2:1194
Fri Jan 01 17:37:18 2010 Socket Buffers: R= S=
Fri Jan 01 17:37:18 2010 TCPv4_CLIENT link local:
Fri Jan 01 17:37:18 2010 TCPv4_CLIENT link remote: 189.64.0.2:1194
Fri Jan 01 17:37:18 2010 TLS: Initial packet from 189.64.0.2:1194, sid=610069ee 2c3c525e
Fri Jan 01 17:37:18 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 01 17:37:18 2010 VERIFY OK: depth=1, /C=CN/ST=GF/L=QY/O=GFBS/OU=syt/CN=syt/emailAddress=411843113@qq.com
Fri Jan 01 17:37:18 2010 VERIFY OK: depth=0, /C=CN/ST=GF/O=GFBS/OU=GFBS/CN=SYT/emailAddress=411843113@qq.com
Fri Jan 01 17:37:18 2010 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 01 17:37:18 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 01 17:37:18 2010 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 01 17:37:18 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 01 17:37:18 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 01 17:37:18 2010 Peer Connection Initiated with 189.64.0.2:1194
Fri Jan 01 17:37:21 2010 SENT CONTROL : 'PUSH_REQUEST' (status=1)
Fri Jan 01 17:37:21 2010 PUSH: Received control message: 'PUSH_REPLY,route 10.15.32.32 255.255.255.248,ifconfig 10.15.32.38 10.15.32.33'
Fri Jan 01 17:37:21 2010 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 01 17:37:21 2010 OPTIONS IMPORT: route options modified
Fri Jan 01 17:37:21 2010 ROUTE: default_gateway=UNDEF
Fri Jan 01 17:37:21 2010 There is a problem in your selection of --ifconfig endpoints . The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.
Fri Jan 01 17:37:21 2010 Exiting

client配置文件如下所示
client
dev tun
proto tcp-client
remote 189.64.0.2 1194
ca ca.crt
cert s1.crt
key s1.key
tls-client
port 1194
user nobody
group nogroup
ping 15
ping-restart 45
ping-timer-rem
persist-key
persist-tun

verb 3
cipher AES-256-CBC
auth SHA1
pull

auth-user-pass

大家看下問題出在哪裡了呢，

《解決方案》

There is a problem in your selection of --ifconfig endpoints . The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info.
Fri Jan 01 17:37:21 2010 Exiting

這個是關鍵，貼出你Server的配置來看看

《解決方案》

原帖由 wenzk 於 2010-1-1 19:33 發表 http://bbs.chinaunix.net/images/common/back.gif
There is a problem in your selection of --ifconfig endpoints . The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This ...
是的這個是典型的配置錯誤

《解決方案》

我的openvpn伺服器是用routeros建的呢，用routeros做client可以撥入呢，但就是用xp做client做客戶端不能撥入呢，這個服務端的配置不好貼呢，怎麼辦呢，

[ 本帖最後由 sytbwg001 於 2010-1-2 09:57 編輯 ]

《解決方案》

回復 #4 sytbwg001 的帖子

routeros的兼容性比較好的

pptp l2tp openvpn建立的客戶端都是可以撥入的將配置信息截圖貼上來

《解決方案》

routeros配置信息如下所示：
是按著官方的教程來做的呢？
/ip address add address=10.15.30.31/24 interface=ether1 comment=Lan
/ip address add address=189.64.0.2/24 interface=ether2 comment=Internet
/ip route add dst-address=10.0.0.0/8 gateway=10.15.30.5 comment=Wan
/ip route add gateway=189.64.0.1 comment=Internet

/ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade

/ip pool add name=ovpn-pool ranges=10.15.32.34-10.15.32.38

/ppp profile
add change-tcp-mss=default comment="" local-address=10.15.32.33 \
name="your_profile" only-one=default remote-address=ovpn-pool \
use-compression=default use-encryption=required use-vj-compression=default

/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 \
limit-bytes-out=0 name="username" password="password" \
routes="" service=any

/interface ovpn-server server
set auth=sha1,md5 certificate=router_cert \
cipher=blowfish128,aes128,aes192,aes256 default-profile=your_profile \
enabled=yes keepalive-timeout=disabled max-mtu=1500 mode=ip netmask=29 \
port=1194 require-client-certificate=no

防火牆是關閉的

《解決方案》

回復 #6 sytbwg001 的帖子

有一個腳步配置嚮導可以去看看啊

《解決方案》

問下你呢

你所說的腳步配置嚮導在哪裡呢，我看不到呢，你說仔細下呢，

Tags:

[火星人 ] openvpn client不能撥入看下是怎麼回事呢？已經有1369次圍觀

本文地址：http://coctec.com/docs/service/show-post-19304.html

openvpn client不能撥入看下是怎麼回事呢？