OpenVPN: Il client di Windows 7 x64 non può vedere la LAN remota, ma il client XP può

Sto utilizzando OpenVPN 2.1.1 con i client Windows XP x86 SP3 e Windows 7 x64 in una casella 2.4.0 di Endian Community che include OpenVPN 2.1-rc15.

La connessione da entrambi funziona bene, ma l'accesso alle risorse sulla LAN verde non funziona da Windows 7 e funziona per XP.
Quindi: posso pingare gli host sulle reti spinte attraverso la VPN, ma con windows7 ho solo ping l'indirizzo IP verde del firewall.

Modifica: Ho provato il route-method exe / route-delay 2 , ma questo non risolve il problema.

Più specifiche sulla configuration Endian (provato entrambi 2.2 e 2.4, entrambi falliti):

rosso = 192.168.100.25; 192.168.71.25
verde = 176.16.41.1
arancione = 176.16.141.1

Funziona fondamentalmente come server OpenVPN, che serve a rosso, fornendo accesso a verde.

Su Windows XP, ho l' installazione predefinita di OpenVPN 2.1.1 , utilizzando l'opzione OpenVPN GUI (inclusa nell'installazione) e tutto è dandy.

Su Windows 7 x64, ho eseguito lo stesso, ma ora con OpenVPN GUI come amministratore.
Può solo pingare il gate verde, ma non altre macchine.

Registro di Windows 7:

 Tue Aug 10 18:50:15 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009 Tue Aug 10 18:50:23 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Aug 10 18:50:23 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Aug 10 18:50:24 2010 LZO compression initialized Tue Aug 10 18:50:24 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Aug 10 18:50:24 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] Tue Aug 10 18:50:24 2010 Local Options hash (VER=V4): '31fdf004' Tue Aug 10 18:50:24 2010 Expected Remote Options hash (VER=V4): '3e6d1056' Tue Aug 10 18:50:24 2010 Attempting to establish TCP connection with 192.168.71.25:1194 Tue Aug 10 18:50:24 2010 TCP connection established with 192.168.71.25:1194 Tue Aug 10 18:50:24 2010 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link local: [undef] Tue Aug 10 18:50:24 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194 Tue Aug 10 18:50:24 2010 TLS: Initial packet from 192.168.71.25:1194, sid=165d50de 52c0ecba Tue Aug 10 18:50:24 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Aug 10 18:50:24 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA Tue Aug 10 18:50:24 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1 Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 18:50:24 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 18:50:24 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 18:50:24 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Aug 10 18:50:24 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194 Tue Aug 10 18:50:26 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Tue Aug 10 18:50:27 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.209 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1' Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: timers and/or timeouts modified Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ifconfig/up options modified Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: route-related options modified Tue Aug 10 18:50:27 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Aug 10 18:50:27 2010 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{F3F5E8A1-1797-4FA8-902E-3895A2163148}.tap Tue Aug 10 18:50:27 2010 TAP-Win32 Driver Version 9.6 Tue Aug 10 18:50:27 2010 TAP-Win32 MTU=1500 Tue Aug 10 18:50:27 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.209/255.255.255.0 on interface {F3F5E8A1-1797-4FA8-902E-3895A2163148} [DHCP-serv: 172.16.41.0, lease-time: 31536000] Tue Aug 10 18:50:27 2010 Successful ARP Flush on interface [34] {F3F5E8A1-1797-4FA8-902E-3895A2163148} Tue Aug 10 18:50:32 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up Tue Aug 10 18:50:32 2010 Initialization Sequence Completed[/code] 

Tabella di routing di Windows 7:

 IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.71.1 192.168.71.160 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 169.254.0.0 255.255.0.0 On-link 169.254.100.145 276 169.254.100.145 255.255.255.255 On-link 169.254.100.145 276 169.254.255.255 255.255.255.255 On-link 169.254.100.145 276 172.16.41.0 255.255.255.0 On-link 172.16.41.209 286 172.16.41.209 255.255.255.255 On-link 172.16.41.209 286 172.16.41.255 255.255.255.255 On-link 172.16.41.209 286 192.168.71.0 255.255.255.0 On-link 192.168.71.160 276 192.168.71.160 255.255.255.255 On-link 192.168.71.160 276 192.168.71.255 255.255.255.255 On-link 192.168.71.160 276 192.168.237.0 255.255.255.0 On-link 192.168.237.1 276 192.168.237.1 255.255.255.255 On-link 192.168.237.1 276 192.168.237.255 255.255.255.255 On-link 192.168.237.1 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.71.160 276 224.0.0.0 240.0.0.0 On-link 169.254.100.145 276 224.0.0.0 240.0.0.0 On-link 192.168.237.1 276 224.0.0.0 240.0.0.0 On-link 172.16.41.209 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.71.160 276 255.255.255.255 255.255.255.255 On-link 169.254.100.145 276 255.255.255.255 255.255.255.255 On-link 192.168.237.1 276 255.255.255.255 255.255.255.255 On-link 172.16.41.209 286 =========================================================================== 

(è ansible ignorare questi routes, in quanto sono provenienti dalla workstation VMware in esecuzione sulla stessa macchina: – 192.168.237.0/24 – 169.254.0.0/16)

Registro di Windows XP:

 Tue Aug 10 19:01:04 2010 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009 Tue Aug 10 19:01:06 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Aug 10 19:01:06 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Aug 10 19:01:07 2010 LZO compression initialized Tue Aug 10 19:01:07 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Aug 10 19:01:07 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] Tue Aug 10 19:01:07 2010 Local Options hash (VER=V4): '31fdf004' Tue Aug 10 19:01:07 2010 Expected Remote Options hash (VER=V4): '3e6d1056' Tue Aug 10 19:01:07 2010 Attempting to establish TCP connection with 192.168.71.25:1194 Tue Aug 10 19:01:07 2010 TCP connection established with 192.168.71.25:1194 Tue Aug 10 19:01:07 2010 Socket Buffers: R=[8192->8192] S=[8192->8192] Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link local: [undef] Tue Aug 10 19:01:07 2010 TCPv4_CLIENT link remote: 192.168.71.25:1194 Tue Aug 10 19:01:07 2010 TLS: Initial packet from 192.168.71.25:1194, sid=983b94eb 87732d38 Tue Aug 10 19:01:07 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Aug 10 19:01:07 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA Tue Aug 10 19:01:07 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1 Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 19:01:07 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Tue Aug 10 19:01:07 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Aug 10 19:01:07 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Tue Aug 10 19:01:07 2010 [127.0.0.1] Peer Connection Initiated with 192.168.71.25:1194 Tue Aug 10 19:01:09 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1) Tue Aug 10 19:01:10 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 172.16.41.201 255.255.255.0,dhcp-option DOMAIN pluimers.com,ping-restart 30,ping 8,route-gateway 172.16.41.1,route-gateway 172.16.41.1' Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: timers and/or timeouts modified Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ifconfig/up options modified Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: route-related options modified Tue Aug 10 19:01:10 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Aug 10 19:01:10 2010 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{C4752F65-93BA-4DED-A1FE-2633F1481ABF}.tap Tue Aug 10 19:01:10 2010 TAP-Win32 Driver Version 9.6 Tue Aug 10 19:01:10 2010 TAP-Win32 MTU=1500 Tue Aug 10 19:01:10 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.41.201/255.255.255.0 on interface {C4752F65-93BA-4DED-A1FE-2633F1481ABF} [DHCP-serv: 172.16.41.0, lease-time: 31536000] Tue Aug 10 19:01:10 2010 Successful ARP Flush on interface [2] {C4752F65-93BA-4DED-A1FE-2633F1481ABF} Tue Aug 10 19:01:15 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down Tue Aug 10 19:01:15 2010 Route: Waiting for TUN/TAP interface to come up... Tue Aug 10 19:01:18 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up Tue Aug 10 19:01:18 2010 Initialization Sequence Completed 

La tabella di routing XP:

 =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.237.2 192.168.237.128 10 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.16.41.0 255.255.255.0 172.16.41.201 172.16.41.201 30 172.16.41.201 255.255.255.255 127.0.0.1 127.0.0.1 30 172.16.255.255 255.255.255.255 172.16.41.201 172.16.41.201 30 192.168.237.0 255.255.255.0 192.168.237.128 192.168.237.128 10 192.168.237.128 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.237.255 255.255.255.255 192.168.237.128 192.168.237.128 10 224.0.0.0 240.0.0.0 172.16.41.201 172.16.41.201 30 224.0.0.0 240.0.0.0 192.168.237.128 192.168.237.128 10 255.255.255.255 255.255.255.255 172.16.41.201 172.16.41.201 1 255.255.255.255 255.255.255.255 192.168.237.128 192.168.237.128 1 Default Gateway: 192.168.237.2 =========================================================================== 

Chiunque abbia un'idea di cosa non va?

–jeroen

2 Solutions collect form web for “OpenVPN: Il client di Windows 7 x64 non può vedere la LAN remota, ma il client XP può”

Ebbene, ho affrontato lo stesso problema. Ha provato tutte le cose come la condivisione di file di abilitazione, l'impostazione del gruppo di lavoro stesso, ecc. Niente ha contribuito, ma questo:

Ho notato che è presente un numero multiplo di adattatori di networking in Gestione periferiche. Tutti erano nascosti, quindi bisogna fare clic su Visualizza e triggersre i dispositivi nascosti.

Tutti erano chiamati qualcosa come … 4to6 adattatore. Quando ho rimosso tutti questi adattatori, la condivisione di file / printingnti e la creazione di reti con i client XP iniziano a funzionare dopo il riavvio. Se c'è un numero enorme di questi adattatori bisogna rimuoverlo tutto. Può essere eseguito utilizzando strumenti appropriati (versione 32 o 64 bit) DEVCON.EXE (che fa parte di Windows Driver Kit – Dettagli download: Windows Driver Kit versione 7.1.0). Ulteriori informazioni sono disponibili qui L'utilità di row di command DevCon funge da alternativa a Device Manager.

Ho trovato questa soluzione qui: http://ryanvictory.com/posts/automating-6to4-adapter-removal-in-windows/

Ho risolto il mio problema: era un errore di testcase.

Windows XP stava collegando a una casella fisica Endian.
Windows 7 x64 si stava collegando a una casella virtuale Endian.

La casella virtuale è in esecuzione su VMware ESX / ESXi, utilizzando un interruttore di networking virtuale.
Ho dimenticato di abilitare la modalità promiscua per quel interruttore.

Abilitazione che ha risolto il problema.

–jeroen

Suggerimenti per Linux e Windows Server, quali Ubuntu, Centos, Apache, Nginx, Debian e argomenti di rete.