我使用OpenVPN和OpenVPN连接到Azure VPN网关(虚拟网络网关(。这是一个基于证书的Point 2站点设置。这种连接是有效的,除了它每一分钟都会断开连接和重新连接(我一点也不夸张(!
这是来自OpenVPN Connect客户端的日志(出于隐私原因,我删除了公共IP地址和URL(。
29.4.2021, 10:54:40 Session invalidated: KEEPALIVE_TIMEOUT
⏎29.4.2021, 10:54:40 Client terminated, restarting in 2000 ms...
⏎29.4.2021, 10:54:40 SetupClient: signaling tun destroy event
⏎29.4.2021, 10:54:42 EVENT: RECONNECTING ⏎29.4.2021, 10:54:42 EVENT: RESOLVE ⏎29.4.2021, 10:54:42 EVENT: WAIT ⏎29.4.2021, 10:54:42 WinCommandAgent: transmitting bypass route to ---
{
"host" : "---",
"ipv6" : false
}
⏎29.4.2021, 10:54:42 Connecting to [---]:443 (---) via TCPv4
⏎29.4.2021, 10:54:42 EVENT: CONNECTING ⏎29.4.2021, 10:54:42 Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client
⏎29.4.2021, 10:54:42 Creds: UsernameEmpty/PasswordEmpty
⏎29.4.2021, 10:54:42 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.2.3-1851
IV_SSO=openurl
⏎29.4.2021, 10:54:42 SSL Handshake: CN=---, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
⏎29.4.2021, 10:54:42 Session is ACTIVE
⏎29.4.2021, 10:54:42 EVENT: GET_CONFIG ⏎29.4.2021, 10:54:42 Sending PUSH_REQUEST to server...
⏎29.4.2021, 10:54:42 EVENT: ASSIGN_IP ⏎29.4.2021, 10:54:42 OPTIONS:
0 [route] [10.0.1.0] [255.255.255.0]
1 [route] [10.0.0.0] [255.255.255.0]
2 [route-gateway] [10.0.3.1]
3 [topology] [subnet]
4 [ifconfig] [10.0.3.3] [255.255.255.0]
5 [cipher] [AES-256-GCM]
⏎29.4.2021, 10:54:42 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
compress: NONE
peer ID: -1
⏎29.4.2021, 10:54:42 CAPTURED OPTIONS:
Session Name: ---
Layer: OSI_LAYER_3
Remote Address: ---
Tunnel Addresses:
10.0.3.3/24 -> 10.0.3.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
10.0.1.0/24
10.0.0.0/24
Exclude Routes:
DNS Servers:
Search Domains:
⏎29.4.2021, 10:54:43 SetupClient: transmitting tun setup list to \.pipeagent_ovpnconnect
{
"confirm_event" : "080c000000000000",
"destroy_event" : "fc0b000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.0.1.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "10.0.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "---",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "---",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.0.3.3",
"gateway" : "10.0.3.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"wintun" : false
}
POST np://[\.pipeagent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{B8EEBC7D-DB5C-4060-9588-97ECEE24AE24}' index=22 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\.Global{B8EEBC7D-DB5C-4060-9588-97ECEE24AE24}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=22
netsh interface ip set interface 22 metric=1
Ok.
netsh interface ip set address 22 static 10.0.3.3 255.255.255.0 gateway=10.0.3.1 store=active
IPHelper: add route 10.0.1.0/24 22 10.0.3.1 metric=-1
IPHelper: add route 10.0.0.0/24 22 10.0.3.1 metric=-1
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 340d000000000000
⏎29.4.2021, 10:54:43 Connected via TUN_WIN
⏎29.4.2021, 10:54:43 EVENT: CONNECTED ---:443 (---) via /TCPv4 on TUN_WIN/10.0.3.3/ gw=[10.0.3.1/]⏎
有人知道这里可能发生了什么吗?
不完全确定,但我在Azure证书配置的VPN上也有同样的行为。然而,如果你重新使用OpenVPN程序的v2,那似乎要简单得多。它可以毫无问题地连接并保持连接。我知道Azure不会故意把你从他们身边断开。
我会检查你的OpenVPN版本。
有3个版本(2个至今仍在使用并正在发布(可能与它有关。^_^
-
v3-被称为";OpenVPN连接";此处的URL:https://openvpn.net/downloads/openvpn-connect-v3-windows.msi
-
v2-被称为";OpenVPN连接客户端";此处的URL:https://openvpn.net/downloads/openvpn-connect-v2-windows.msi
版本说明图片
显示v3和v2 的下载
下载可以在他们的下载页面上找到";不要与社区版下载页面混淆">或如上所示。单击下载下载最新的v3版本,或单击备用版本
我注意到3.2.1版本非常适合一些人。当我更新到3.3.X时,我们的Azure甚至无法连接,因为它无法验证证书。快乐的足迹!
我也有类似的问题,在看到"会话无效:KEEPALIVE_TIMEOUT";日志消息是发送一个恒定的不停止ping"-t〃;到OpenVPN服务器以保持流量活跃。工作起来很有魅力,但我给了它"魅力";ping of death";让它活着!
我的设置有同样的问题(azure中的虚拟网络网关,OpenVPN Connect 3.3.6.2752作为客户端(。服务器验证的问题可以通过从opvn配置中删除以verify-x509-name开头的行来解决。(请注意,这将禁用服务器端的验证,可能不是生产环境的最佳解决方案!(每分钟断开/重新连接的问题通过添加";保活0 0";到我的.ovpn客户端配置。