OpenVPN 重复的消息: TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
windows用户在使用OpenVPN时总会遇到各种各样的麻烦,大多数时候只是客户端配置文件的问题,但有时候却是网络问题。这种情况下,我们只能根据自己所在的网络,逐步分析问题可能的原因。现在举一个我在使用中碰到过的例子。
问题的出现
之前使用客户端连接的时候都是用无线路由器的,路由器自带ADSL拨号功能,所以只要能连接上无线网络就能上网了。再用客户端连接,无论在win7还是ubuntu下都非常顺利,没有任何问题。
直到某一天,换了个地方,使用有线ADSL猫,win7下拨号上网毫无障碍,但是连接专网服务器时却出现了以下让人纠结的消息:
Wed Jun 08 01:55:16 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Wed Jun 08 01:55:16 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 08 01:55:16 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 08 01:55:16 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jun 08 01:55:17 2011 LZO compression initialized
Wed Jun 08 01:55:17 2011 Control Channel MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 08 01:55:17 2011 Socket Buffers: R=[8192->20480] S=[8192->20480]
Wed Jun 08 01:55:17 2011 Data Channel MTU parms [ L:1562 D:1450 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 08 01:55:17 2011 Fragmentation MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
Wed Jun 08 01:55:17 2011 Local Options hash (VER=V4): 'caff5189'
Wed Jun 08 01:55:17 2011 Expected Remote Options hash (VER=V4): '43a81564'
Wed Jun 08 01:55:17 2011 UDPv4 link local (bound): [undef]:1194
Wed Jun 08 01:55:17 2011 UDPv4 link remote: x.x.x.x:1194
Wed Jun 08 01:55:17 2011 TLS: Initial packet from x.x.x.x:1194, sid=01fe45c9 100c0279
Wed Jun 08 01:55:19 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=sisca.info/CN=sisca.info_CA/emailAddress=xxx@xxx.com
Wed Jun 08 01:55:19 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=sisca.info/CN=server/emailAddress=xxx@xxx.com
Wed Jun 08 01:55:22 2011 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Jun 08 01:55:22 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 08 01:55:22 2011 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Jun 08 01:55:22 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 08 01:55:22 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 1024 bit RSA
Wed Jun 08 01:55:22 2011 [server] Peer Connection Initiated with x.x.x.x:1194
Wed Jun 08 01:55:24 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jun 08 01:55:24 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Jun 08 01:55:24 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jun 08 01:55:24 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jun 08 01:55:24 2011 OPTIONS IMPORT: route options modified
Wed Jun 08 01:55:24 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jun 08 01:55:24 2011 ROUTE default_gateway=121.227.163.97
Wed Jun 08 01:55:24 2011 TAP-WIN32 device [本地连接 2] opened: \\.\Global\{BE9F489A-9DEA-469A-8B33-6B56AA69DDB9}.tap
Wed Jun 08 01:55:24 2011 TAP-Win32 Driver Version 9.8
Wed Jun 08 01:55:24 2011 TAP-Win32 MTU=1500
Wed Jun 08 01:55:24 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {BE9F489A-9DEA-469A-8B33-6B56AA69DDB9} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed Jun 08 01:55:24 2011 Successful ARP Flush on interface [31] {BE9F489A-9DEA-469A-8B33-6B56AA69DDB9}
Wed Jun 08 01:55:29 2011 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down Wed Jun 08 01:55:29 2011 Route: Waiting for TUN/TAP interface to come up...
<...Repeats tens of times...>
Wed Jun 08 01:55:58 2011 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 08 01:55:59 2011 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Wed Jun 08 01:55:59 2011 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.255.255 121.227.163.97
Wed Jun 08 01:55:59 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Wed Jun 08 01:55:59 2011 Route addition via IPAPI succeeded [adaptive]
Wed Jun 08 01:55:59 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Jun 08 01:55:59 2011 Warning: route gateway is not reachable on any active network adapters: 10.8.0.5
Wed Jun 08 01:55:59 2011 Route addition via IPAPI failed [adaptive]
Wed Jun 08 01:55:59 2011 Route addition fallback to route.exe
操作完成!
Wed Jun 08 01:55:59 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Jun 08 01:55:59 2011 Warning: route gateway is not reachable on any active network adapters: 10.8.0.5
Wed Jun 08 01:55:59 2011 Route addition via IPAPI failed [adaptive]
Wed Jun 08 01:55:59 2011 Route addition fallback to route.exe
操作完成!
Wed Jun 08 01:55:59 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Wed Jun 08 01:55:59 2011 Warning: route gateway is not reachable on any active network adapters: 10.8.0.5
Wed Jun 08 01:55:59 2011 Route addition via IPAPI failed [adaptive]
Wed Jun 08 01:55:59 2011 Route addition fallback to route.exe
操作完成!
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 121.227.163.97 p=0 i=34 t=3 pr=3 a=593 h=0 m=21/0/0/0/0
0.0.0.0 128.0.0.0 10.8.0.5 p=0 i=34 t=4 pr=3 a=0 h=0 m=21/0/0/0/0
10.8.0.0 255.255.255.0 10.8.0.5 p=0 i=34 t=4 pr=3 a=0 h=0 m=21/0/0/0/0
121.227.163.97 255.255.255.255 121.227.163.97 p=0 i=34 t=3 pr=3 a=593 h=0 m=276/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=756 h=0 m=4531/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=756 h=0 m=4531/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=756 h=0 m=4531/0/0/0/0
128.0.0.0 128.0.0.0 10.8.0.5 p=0 i=34 t=4 pr=3 a=0 h=0 m=21/0/0/0/0
169.254.0.0 255.255.0.0 169.254.170.211 p=0 i=11 t=3 pr=3 a=677 h=0 m=4501/0/0/0/0
169.254.0.0 255.255.0.0 169.254.101.128 p=0 i=31 t=3 pr=3 a=560 h=0 m=4511/0/0/0/0
169.254.101.128 255.255.255.255 169.254.101.128 p=0 i=31 t=3 pr=3 a=560 h=0 m=4511/0/0/0/0
169.254.170.211 255.255.255.255 169.254.170.211 p=0 i=11 t=3 pr=3 a=677 h=0 m=4501/0/0/0/0
169.254.255.255 255.255.255.255 169.254.170.211 p=0 i=11 t=3 pr=3 a=677 h=0 m=4501/0/0/0/0
169.254.255.255 255.255.255.255 169.254.101.128 p=0 i=31 t=3 pr=3 a=560 h=0 m=4511/0/0/0/0
x.x.x.x 255.255.255.255 121.227.163.97 p=0 i=34 t=3 pr=3 a=0 h=0 m=20/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=756 h=0 m=4531/0/0/0/0
224.0.0.0 240.0.0.0 169.254.170.211 p=0 i=11 t=3 pr=3 a=748 h=0 m=4502/0/0/0/0
224.0.0.0 240.0.0.0 169.254.101.128 p=0 i=31 t=3 pr=3 a=623 h=0 m=4511/0/0/0/0
224.0.0.0 240.0.0.0 121.227.163.97 p=0 i=34 t=3 pr=3 a=593 h=0 m=21/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=756 h=0 m=4531/0/0/0/0
255.255.255.255 255.255.255.255 169.254.170.211 p=0 i=11 t=3 pr=3 a=748 h=0 m=4501/0/0/0/0
255.255.255.255 255.255.255.255 169.254.101.128 p=0 i=31 t=3 pr=3 a=623 h=0 m=4511/0/0/0/0
255.255.255.255 255.255.255.255 121.227.163.97 p=0 i=34 t=3 pr=3 a=593 h=0 m=276/0/0/0/0
SYSTEM ADAPTER LIST
szsq
Index = 34
GUID = {B160C660-5C42-4FFD-86B1-2E631C62A9AB}
IP = 121.227.163.97/255.255.255.255
MAC =
GATEWAY = 0.0.0.0/255.255.255.255
DNS SERV = 61.177.7.1/255.255.255.255 221.228.255.1/255.255.255.255
TAP-Win32 Adapter V9
Index = 31
GUID = {BE9F489A-9DEA-469A-8B33-6B56AA69DDB9}
IP = 169.254.101.128/255.255.0.0 <== This IP is strange, it should be 10.8.0.x
MAC = 00:ff:be:9f:48:9a
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Wed Jun 08 01:56:00 2011
DHCP LEASE EXPIRES = Thu Jan 01 08:00:00 1970
DNS SERV =
Broadcom NetLink (TM) Fast Ethernet
Index = 11
GUID = {AC637E48-D141-41A1-AD5E-8CE8E609CA86}
IP = 169.254.170.211/255.255.0.0
MAC = 00:26:22:04:b9:7b
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Wed Jun 08 01:56:00 2011
DHCP LEASE EXPIRES = Thu Jan 01 08:00:00 1970
DNS SERV =
Wed Jun 08 01:56:00 2011 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
也许你看到一半就已经发晕了,所以我用红色表示错误,蓝色表示重要的提示性文字。不难看出,其中主要有这几个问题:
- 重复出现:TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
- TAP-Win32 Adapter V9的IP地址有问题
- Warning: route gateway is not reachable on any active network adapters: 10.8.0.5
问题的分析
以上这些很有可能是导致最后这个错误(Initialization Sequence Completed With Errors)的罪魁祸首。经过一番调查,我发现第1个问题是由于win7的DHCP Client服务终止或者异常所致,但是经过检查DHCP客户端是开启的。反复重启服务后仍然不起作用,发现TAP-Win32 Adapter V9的IP地址不是VPN的网段(10.8.0.x)而是一个B类地址。这时便确信DHCP是出问题了,可是问题出在哪呢?SYSTEM ROUTING TABLE的路由信息给出了提示。是的!问题很有可能在于路由表,这张表看上去太复杂了!于是我决定用人类能理解的方式看看路由表:
===========================================================================
接口列表
19...........................szsq
23...00 ff be 9f 48 9a ......TAP-Win32 Adapter V9
11...00 26 22 04 b9 7b ......Broadcom NetLink (TM) Fast Ethernet
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================
IPv4 路由表
===========================================================================
活动路由:
网络目标 网络掩码 网关 接口 跃点数
0.0.0.0 0.0.0.0 在链路上 121.227.162.206 21
0.0.0.0 128.0.0.0 10.8.0.9 121.227.162.206 21 10.8.0.0 255.255.255.0 10.8.0.9 121.227.162.206 21
121.227.162.206 255.255.255.255 在链路上 121.227.162.206 276
127.0.0.0 255.0.0.0 在链路上 127.0.0.1 4531
127.0.0.1 255.255.255.255 在链路上 127.0.0.1 4531
127.255.255.255 255.255.255.255 在链路上 127.0.0.1 4531
128.0.0.0 128.0.0.0 10.8.0.9 121.227.162.206 21
169.254.0.0 255.255.0.0 在链路上 169.254.101.128 4511
169.254.101.128 255.255.255.255 在链路上 169.254.101.128 4511
169.254.255.255 255.255.255.255 在链路上 169.254.101.128 4511
192.168.1.0 255.255.255.0 在链路上 192.168.1.101 4501
192.168.1.101 255.255.255.255 在链路上 192.168.1.101 4501
192.168.1.255 255.255.255.255 在链路上 192.168.1.101 4501
199.71.215.169 255.255.255.255 在链路上 121.227.162.206 20
224.0.0.0 240.0.0.0 在链路上 127.0.0.1 4531
224.0.0.0 240.0.0.0 在链路上 192.168.1.101 4502
224.0.0.0 240.0.0.0 在链路上 169.254.101.128 4511
224.0.0.0 240.0.0.0 在链路上 121.227.162.206 21
255.255.255.255 255.255.255.255 在链路上 127.0.0.1 4531
255.255.255.255 255.255.255.255 在链路上 192.168.1.101 4501
255.255.255.255 255.255.255.255 在链路上 169.254.101.128 4511
255.255.255.255 255.255.255.255 在链路上 121.227.162.206 276
===========================================================================
永久路由:
无
IPv6 路由表
===========================================================================
活动路由:
如果跃点数网络目标 网关
14 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 在链路上
14 1025 2002::/16 在链路上
14 281 2002:79e3:a2ce::79e3:a2ce/128
在链路上
11 276 fe80::/64 在链路上
23 286 fe80::/64 在链路上
11 276 fe80::10df:704b:def8:aad3/128
在链路上
23 286 fe80::2d82:b4a7:ec7e:6580/128
在链路上
1 306 ff00::/8 在链路上
11 276 ff00::/8 在链路上
23 286 ff00::/8 在链路上
===========================================================================
永久路由:
无
问题出在红色的行上,121.227.162.206和10.8.0.9明明不是同一个网段的,这又怎么进行路由呢?可是我们也没有办法对TAP设 备直接制定IP地址(不信你试试),怎么办呢?看到这么复杂的路由表,是不是想把它简化下?幸亏,这样做之后确实成功了。具体方法在下一节里介绍。
第3个问题则不是很复杂,因此我们先介绍如何解决它。
解决问题
Warning: route gateway is not reachable on any active network adapters: 10.8.0.5
- 到C:\Program Files\OpenVP\bin目录下,将openvpn.exe, openvpn-gui-1.0.3.exe以及openvpnserv.exe设置管理员权限和windows xp 兼容模式(右击-属性-兼容性)
- 修改客户端配置文件(.ovpn),增加一行:
route-method exe
TAP-Win32 Adapter V9的IP地址
- 断开PPP连接(ADSL断线)
- 以管理员身份进入命令行(Windows + R键,输入cmd回车)
- 输入
route delete * - 输入
route add 192.168.1.0 mask 255.255.255.0 192.168.1.1 if 11
这里假设你所在网络为192.168.1.0,你的IP地址为192.168.1.x,网关为192.168.1.1
其中if指定接口号11,就是你的物理网卡的编号(可以通过route print查询) - 打开浏览器,输入192.168.1.1看看能否打开家庭网关的管理页面,可以的话继续下面的步骤
- 使用windows自带的ADSL拨号器拨号上网(和你平时做的一样)
注意:这时你的路由表中又多出来几条信息,这是系统自动加上去的,我们也需要它们。 - 用OpenVPN客户端进行连接
注意:此时路由表中又被加入了几条规则,如果你的TAP-WIN32接口地址是10.8.0.x则很有可能连接成功!
我相信到这里,和我有同样问题的童鞋得到了解放。如果你的问题与我所描述的不同,那么也别着急,根据你的实际情况一步一步分析,最后肯定能找到解决的办法的。
原文:http://lesca.me/blog/2011/06/09/repeted-test-routes-initialization-sequence-completed-with-errors/
还要提示下,你可以试试更新TAP-Win32 Adapter V9虚拟网卡驱动,也许会有用!
请求的操作需要提升。
Tue Sep 20 19:54:59 2011 ERROR: Windows route add command failed: returned error
code 1
请求的操作需要提升。
Tue Sep 20 19:54:59 2011 ERROR: Windows route add command failed: returned error
code 1
重複
Tue Sep 20 19:54:59 2011 Initialization Sequence Completed
Tue Sep 20 19:54:59 2011 TLS Error: unknown opcode received from 0.0.0.0:0 op=28
参考 http://igfw.net/archives/5349
vpnass那个不能用了 应该不是上面的问题
其服务器问题
http://sourceforge.net/projects/openvpn-gui/
“OpenVPN GUI is a graphical frontend for OpenVPN running on Windows 2000/XP/Vista/7. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.”
http://sourceforge.net/projects/openvpn-gui/files/Snapshot%20Binaries/
“openvpn-gui-20110825135803.exe 2011-08-25 1.1 MB i1,311 downloads
openvpn-gui-20110301170456.exe 2011-03-01 1.1 MB i8,148 downloads
openvpn-gui-20100908221506.exe 2010-09-08 1.1 MB i4,785 downloads
openvpn-gui-20100827145918.exe 2010-08-27 1.1 MB i125 downloads
openvpn-gui-20100813180102.exe 2010-08-13 1.0 MB i144 downloads
openvpn-gui-20100423141550.exe 2010-04-23 1.1 MB i494 downloads
openvpn-gui-20100416.exe 2010-04-16 1.1 MB 255 downloads ”
(OpenVPN 重复的消息:….)
谢谢支持
warning:No server certificate verification method has been enabled
我的都是这个。
茫然中……
那就仔细研究下吧
这种问题确实需要一点网络基础+耐心+细心才能解决的。
博主你太有才了