我在我的 Windows 11 机器的目录中安装了一个 OpenVPN 配置文件config-auto
,以便它在启动时连接到我的 OpenVPN 服务器。
问题是有时在系统启动时,它开始无法连接:
2022-03-11 09:27:38 [server] Inactivity timeout (--ping-restart), restarting
2022-03-11 09:27:38 SIGUSR1[soft,ping-restart] received, process restarting
2022-03-11 09:27:38 Restart pause, 5 second(s)
2022-03-11 09:27:43 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 09:27:43 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 09:27:43 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194
2022-03-11 09:27:43 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-11 09:27:43 UDP link local: (not bound)
2022-03-11 09:27:43 UDP link remote: [AF_INET]<REDACTED>:1194
2022-03-11 09:28:43 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-03-11 09:28:43 TLS Error: TLS handshake failed
2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting
好像没有互联网连接,但是您可以看到我的以太网接口已启动并连接到互联网:
一切都开始正常工作:
2022-03-11 09:28:43 TLS Error: TLS handshake failed
2022-03-11 09:28:43 SIGUSR1[soft,tls-error] received, process restarting
2022-03-11 10:16:36 NOTE: --user option is not implemented on Windows
2022-03-11 10:16:36 NOTE: --group option is not implemented on Windows
2022-03-11 10:16:36 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-03-11 10:16:36 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-03-11 10:16:36 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2022-03-11 10:16:36 Windows version 10.0 (Windows 10 or greater) 64bit
2022-03-11 10:16:36 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-03-11 10:16:36 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 10:16:36 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-03-11 10:16:36 TCP/UDP: Preserving recently used remote address: [AF_INET]<REDACTED>:1194
2022-03-11 10:16:36 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-03-11 10:16:36 UDP link local: (not bound)
2022-03-11 10:16:36 UDP link remote: [AF_INET]<REDACTED>:1194
2022-03-11 10:16:36 TLS: Initial packet from [AF_INET]<REDACTED>:1194, sid=7818afbf 7c74fa3b
2022-03-11 10:16:36 VERIFY OK: depth=1, <REDACTED>
2022-03-11 10:16:36 VERIFY KU OK
2022-03-11 10:16:36 Validating certificate extended key usage
2022-03-11 10:16:36 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
我想,这是我的 OpenVPN 和以太网接口之间的某种竞争条件。我尝试InterfaceMetric
为我的以太网接口减少并为 OpenVPN 接口增加它无济于事:
Get-NetIPInterface
ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp ConnectionState PolicyStore
------- -------------- ------------- ------------ --------------- ---- --------------- -----------
29 vEthernet (WSL) IPv6 1500 15 Enabled Connected ActiveStore
12 Ethernet 3 IPv6 1500 5 Disabled Disconnected ActiveStore
10 Local Area Connection* 2 IPv6 1500 25 Disabled Disconnected ActiveStore
24 Ethernet IPv6 1500 6 Enabled Connected ActiveStore
22 Local Area Connection* 1 IPv6 1500 25 Disabled Disconnected ActiveStore
23 OpenVPN IPv6 1500 25 Enabled Connected ActiveStore
8 Ethernet 2 IPv6 1500 5 Disabled Disconnected ActiveStore
13 OpenVPN Wintun IPv6 65535 5 Disabled Disconnected ActiveStore
1 Loopback Pseudo-Interface 1 IPv6 4294967295 75 Disabled Connected ActiveStore
29 vEthernet (WSL) IPv4 1500 15 Disabled Connected ActiveStore
12 Ethernet 3 IPv4 1500 5 Enabled Disconnected ActiveStore
10 Local Area Connection* 2 IPv4 1500 25 Enabled Disconnected ActiveStore
24 Ethernet IPv4 1500 1 Enabled Connected ActiveStore
22 Local Area Connection* 1 IPv4 1500 25 Enabled Disconnected ActiveStore
23 OpenVPN IPv4 1500 100 Enabled Connected ActiveStore
8 Ethernet 2 IPv4 1500 5 Enabled Disconnected ActiveStore
13 OpenVPN Wintun IPv4 65535 5 Disabled Disconnected ActiveStore
1 Loopback Pseudo-Interface 1 IPv4 4294967295 75 Disabled Connected ActiveStore
我还尝试在 OpenVPN 服务上设置恢复策略,但似乎 Windows 不会将无法连接的 OpenVPN 服务视为损坏,因此不会重新启动它:
同样,它只发生五分之一的靴子,大部分时间它工作正常。
搜索了整个互联网,但找不到其他人有这个问题。