买手机一分不花还“送”话费?有人一口气买5部后悔了_网易新闻
买手机一分不花还“送”话费?有人一口气买5部后悔了
用微信扫码二维码
分享至好友和朋友圈
(原标题:买手机一分不花还“送”话费?有人一口气买5部后悔了)
孙先生收到的短信。涉事的营业厅已经关门。扬子晚报消息,“手机你拿走,话费我来送!不要您掏一分钱,手机、话费免费带回家,真正的零元购机时代来临了!”南京市民孙先生去年10月收到这样一条“零元购机”短信广告。从去年12月到今年8月,孙先生在该运营商位于江宁的一家营业厅连续参加了5次“零元购机”活动。今年8月,问题突然爆发,孙先生身背两万多元债务却维权无门,向扬子晚报消费评审团栏目进行投诉。初尝甜头买部手机不要钱,还能赚4千多孙先生是在日收到这条广告短信的。短信内容显示,某运营商正举办“零元购机”活动,地点在江宁区秣陵街道凤仪街上的一家营业厅。两个月后,孙先生正好想换新手机,突然想起这条短信。可是,这样的好事真的靠谱吗?正好孙先生有个朋友王某(化名)在该运营商处工作,想到两人是“发小”,对方肯定不会骗自己,便向对方咨询。王某告诉他,自己和不少同事也参加了这个活动,真的是不要钱就能拿到新手机,而且还能“白赚”到不少话费。2016年12月,孙先生来到该营业厅办理业务,自主选择的是一部国产手机。营业厅工作人员要他填张“业务受理单”,协议单右下角盖的是该运营商南京分公司的公章,中间盖的是营业厅的公章。协议看上去是运营商官方提供的,右上方还有运营商的协议“序号”。根据协议,孙先生通过刷信用卡的方式,一次性向该营业厅指定的账户转账8560元。支付记录上,收款人显示为“个体户赵某”,即该营业厅负责人。虽然这部手机当时的市场价大约为4千元。但协议上清清楚楚地表明:这8560元会分10个月返还到孙先生的银行卡上,每个月返856元。这样算下来,10个月后,孙先生不但白拿一部手机,还能赚到4千多元的话费。在这之后,孙先生每个月都能准时收到856元的返还款,这让孙先生很高兴。加大投入用上老婆身份证,又“拿”了4部手机尝到甜头后,孙先生又分别于日、5月30日、8月1日、8月21日,在该营业厅参加活动。活动规则除了1月份的那次有点复杂,其余均和第一次大同小异,但根据所选手机的不同,孙先生通过信用卡支付给该营业厅的费用也更多了。今年5月30日,孙先生选择的是一部三星S8手机,通过信用卡向营业厅一次性支付约1.5万元。协议上注明,这些钱会分12个月返还给他。孙先生说,在办理过程中,营业厅工作人员发现他名下的电话卡数量已经超出规定,不能用他的身份证继续办理电话卡了。但工作人员并没有不让孙先生参加活动,而是“建议”孙先生用妻子的身份证办理电话卡,继续让他参加“零元购机”活动。随后的8月1日和8月21日,孙先生又在该营业厅分别选了一部苹果7 Plus手机,两次各向营业厅支付15176元。同样,协议注明这些钱分12个月返还。问题来了从8月开始,说好的“返还款”没了孙先生告诉扬子晚报消费评审团记者,从去年12月到今年8月,他在该营业厅5次参加“零元购机”活动,共得5部手机,用自己或妻子的身份证办理过7张电话卡。因为营业厅工作人员说有“考核任务”,参加活动必须办卡。他说,在今年8月之前,这5部手机所涉及到的费用,都能准时返还。其中,第一部手机的所有费用,到今年8月刚好全部还清。但从今年8月(含)至今,另外四部手机的返还款他一分钱都没拿到!因为付款给营业厅时用的是信用卡,现在孙先生每月要自己掏钱还4千多元,每个月拿的工资,基本上都用来还信用卡了。“我日子快过不下去了!”孙先生当着记者的面算了一笔账。这五次活动,他总共支出55928元,得到的五部手机,即便是按照手机厂商的官方指导价格(一般来说,实际购机会便宜几百元),总共价值28900元,营业厅目前总共返还给他11091元,他损失15937元。另外,办理贷款7957元,营业厅只替他还了3716元,还有4241元需要他个人偿还。加起来,孙先生现在实际损失20178元!记者调查涉事营业厅已关门,受害者超百人根据孙先生的投诉,扬子晚报消费评审团记者近日来到位于江宁的这家营业厅,发现已经停止营业。卷帘门紧锁,上面贴着一张没有署名的字条“内部停业整顿,有事电话……”附近居民告诉记者:今年8月,这个营业厅就关门了,听说是出事了。孙先生说,他在维权时就遇到一个和自己一样办了5部手机的人。据他了解,参加该活动的大多数人都办过2部以上手机。在接下来的维权中,孙先生发现参加这种“零元购机”活动的人数超过120人。而该营业厅的负责人赵某是运营商在南京地区的一个“代理商”。赵某在南京有两家营业厅,除了江宁这一家,在侯家桥还有一家,几乎在同一时期,也在对外办理这样的“零元购机”活动。孙先生告诉记者,这120人中有20-30人就是这家运营商的工作人员。其余人员有不少是这些工作人员的朋友、亲戚、同学等。除了“零元购机”,在今年8月“出事”前,这两家营业厅还对外举办过“话费充600元送600元”的活动,即市民一次性缴纳给营业厅600元,营业厅分12个月返还给消费者共计1200元话费,每月返还100元。但到今年8月,这一活动的返还款同样停止发放。运营商:活动与公司无关,已报警记者近日以“零元购机”参与者的身份,拨打运营商客服,要求公司方面给出一个说法。一位自称负责“后台处理投诉问题”的工作人员说,该活动是营业厅自主举办的活动,并非运营商公司的官方活动,公司方面会积极督促活动的主办方履行承诺。记者追问,事情如何处理,损失谁来买单?对方回复说,公司方面已经报警处理,并已将相关材料提交给警方,目前此事正在处理当中。在记者的再三追问下,该工作人员承认,营业厅负责人赵某是他们公司的“代理商”。有请大众评审律师:客户可直接起诉运营商对此事件,江苏玖润律师事务所饶奋斌律师分析认为,本事件事实清楚、证据完整,运营商负有不可推卸的责任。涉事的客户可直接起诉运营商,而不是赵某个人。饶律师分析说,首先,孙先生等人并不是与赵某个人私下达成的协议,而是在运营商的营业厅与代表运营商的工作人员签署的协议。协议上,盖的运营商的公章。客户的出发点是看中运营商的信誉,认可这样的活动。此外,从这种“零元购机”的活动开始出现,到问题爆发,时间跨度长达10个月,要说运营商毫不知情不太现实。即便运营商说不是官方活动,而是赵某个人举办的,那么如果这样的活动与运营商的现行制度相冲突,运营商方面为何不制止呢?此外诸如短信广告、协议等也是以运营商的“官方”身份出现的。运营商在十个月内都没有“叫停”,不是内部的管理出了大问题,就是“默认”了这种活动。即便赵某私下“篡改”协议,那么也是运营商与赵某个人之间的事情。运营商可以起诉赵某个人。但这与孙先生等客户没有关系。如果孙先生等人想采取法律的途径维权,可以直接起诉运营商,要求运营商履行协议,支付相应返还款。饶律师说,在银行业常有类似案例。比如,一个人去银行存钱,但营业员并没有把钱交给银行,而是自己私吞了。这虽然是营业员个人的错误行为,但客户的损失是由银行来承担。至于营业员的错误,则是银行与营业员之间的事。银行会起诉营业员,对方有可能因职务犯罪坐牢并偿还银行损失,但这不是银行不兑现客户存款的理由。市民评审员:消费需理性“占便宜”前应三思对此事件,南京市民郑小姐直言,如今电子产品更新换代频繁,不少人一见手机、电脑出新款就想购买“尝鲜”,根本不考虑自己的实际需求。这是一种不理智的消费行为,也会造成资源的浪费。“要那么多手机有什么用呢?更何况活动规则还这么稀奇古怪,买手机居然还要办贷款,听起来就不太靠谱。”
原标题:买手机一分钱不花,还“送”你话费?
【免责声明】上游新闻客户端未标有“来源:上游新闻-重庆晨报”或“上游新闻LOGO、水印的文字、图片、音频视频等稿件均为转载稿。如转载稿涉及版权等问题,请与上游新闻联系。
(原标题:买手机一分不花还“送”话费?有人一口气买5部后悔了)
本文来源:重庆晨报上游新闻
责任编辑:王晓易_NE0011
用微信扫码二维码
分享至好友和朋友圈
加载更多新闻
热门产品:
:
:
热门影院:
阅读下一篇
用微信扫描二维码
分享至好友和朋友圈已选条件:
主屏尺寸:
外观颜色:
其他参数:
主屏分辨率
屏幕像素密度
后置摄像头
前置摄像头
更多选项(RAM容量,ROM容量)等
共 1817 款
参考价:¥2998
参考价:¥2999
参考价:¥3899
参考价:¥2699
参考价:¥8388
参考价:¥999
参考价:¥2699
参考价:¥4899
参考价:¥2799
参考价:¥4899
参考价:¥2999
参考价:¥3988
参考价:¥6198
参考价:¥1199
参考价:¥3598
参考价:¥5328
参考价:¥3298
参考价:¥899
参考价:¥1959
参考价:¥6488
参考价:¥3488
参考价:¥2900
参考价:¥1699[即将上市]
参考价:¥2499
参考价:¥1309
参考价:¥1799
参考价:¥3000[缺货]
参考价:¥2439
参考价:¥3450
参考价:¥1998
参考价:¥2499
参考价:¥2099
参考价:¥3299
参考价:¥1599
参考价:¥4958
参考价:¥1399
参考价:¥1498
参考价:¥1998
参考价:¥1299
参考价:¥3099
参考价:¥2199
参考价:¥4999
参考价:¥1699
参考价:¥2250
还有款手机&&Linux 下 OpenVPN 安装和 Windows OpenVPN GUI 安装笔记 - 程序员小辉
最后更新日期:
: 首次整理
: 加入 ip forward 的说明
: 加入 OpenVPN 2.1 新版本中的
script-security 配置参数说明。
基于伟大的 GFW 越来越牛B,网站的正常维护如 FTP、pop & smtp 的邮件收发、在 google 查技术资料,都经常被 GFW 强行断开。为了解决这个问题,于是我在自己的国外主机上安装了一个 OpenVPN,当时记录了一下安装的经过。
今天正好又有一个朋友问及 OpenVPN 安装的事情,于是我重新整理一下这篇(), 希望对大家有所帮助。
当时在安装 OpenVPN 的时候,得到了 WenZK 的指导帮助。在此表示感谢。
一. OpenVPN 安装环境
Server 端的环境
redhat, kernel版本: 2.4.20-31.9, IP 为 70.8.7.6
kernel 需要支持 tun 设备, 需要加载 iptables 模块.
检查 tun 是否安装:
root@a [/]# modinfo tun
/lib/modules/2.4.20-31.9/kernel/drivers/net/tun.o
description:
如果没有 modinfo 命令, 直接找一下, 看看 kernel 里是否有 tun.o 文件:
find -name tun.o
./lib/modules/2.4.20/kernel/drivers/net/tun.o
检查iptables 模块, 查看是否有下列文件:
/etc/init.d/iptables
OpenSSL。如果需要启用 SSL 连接,则需要先安装 OpenSSL。安装 OpenSSL 的方法在这里不做介绍,具体可以用 Google 搜索。CentOS 下可以用 yum install:
yum install openssl
yum install openssl-devel
安装的 OpenVPN 的版本: 2.0.5. 现在似乎已经有一个更新的版本了. 可在 上下载.
Client 端的环境:
Windows XP PRO SP2
OpenVPN GUI For windows 1.0.3 , 可在
注意: OpenVPN GUI for windows 的版本要和 OpenVPN Server 的版本配套.
例如, 服务器装的是 OpenVPN 2.0.5, 那么下载的 OpenVPN GUI fow windows 应该是: openvpn-2.0.5-gui-1.0.3-install.exe
OpenVPN GUI的所有历史版本:
二. OpenVPN 服务端安装过程
https://www.xiaohui.com/dev/server/-install-openvpn.htm
用 SecureCRT 登录到 host, 进入根目录
下载 LZO,解压到lzo-2.02.
wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.02.tar.gz
下载 OpenVPN, 解压到openvpn-2.0.5
wget http://openvpn.net/release/openvpn-2.0.5.tar.gz
cd /lzo-2.02
./configure
make check
make install
安装 OpenVPN
cd /openvpn-2.0.5
./configure
# 或用指定dir: (注:下述命令, 应该在一行写完. 为了方便显示, 这里分成了四行)
# ./configure --with-lzo-headers=/usr/local/include
--with-lzo-lib=/usr/local/lib
--with-ssl-headers=/usr/local/include/openssl
--with-ssl-lib=/usr/local/lib
make install
生成证书Key
初始化 PKI
(如果没有 export 命令也可以用 setenv [name] [value] 命令)
cd /openvpn-2.0.5/easy-rsa
export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY_DIR=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=CN
export KEY_PROVINCE=GD
export KEY_CITY=SZ
export KEY_ORG="xiaohui.com"
export KEY_EMAIL="your-email [at] xiaohui.com"
./clean-all
./build-ca
Generating a 1024 bit RSA private key
................++++++
........++++++
writing new private key to 'ca.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [SZ]:
Organization Name (eg, company) [xiaohui.com]:
Organizational Unit Name (eg, section) []:xiaohui.com
Common Name (eg, your name or your server's hostname) []:server
Email Address [your-email [at] xiaohui.com]:
# 建立 server key
代码: 代码:
./build-key-server server
Generating a 1024 bit RSA private key
......++++++
....................++++++
writing new private key to 'server.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [SZ]:
Organization Name (eg, company) [xiaohui.com]:
Organizational Unit Name (eg, section) []:xiaohui.com
Common Name (eg, your name or your server's hostname) []:server
Email Address [your-email [at] xiaohui.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:xiaohui.com
Using configuration from /openvpn-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName
:PRINTABLE:'CN'
stateOrProvinceName
:PRINTABLE:'GD'
localityName
:PRINTABLE:'SZ'
organizationName
:PRINTABLE:'xiaohui.com'
organizationalUnitName:PRINTABLE:'xiaohui.com'
commonName
:PRINTABLE:'server'
emailAddress
:IA5STRING:'your-email [at] xiaohui.com'
Certificate is to be certified until Mar 19 08:15:31 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
#生成客户端 key
./build-key client1
Generating a 1024 bit RSA private key
.....++++++
......++++++
writing new private key to 'client1.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [SZ]:
Organization Name (eg, company) [xiaohui.com]:
Organizational Unit Name (eg, section) []:xiaohui.com
Common Name (eg, your name or your server's hostname) []:client1
#重要: 每个不同的 client 生成的证书, 名字必须不同.
Email Address [your-email [at] xiaohui.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:xiaohui.com
Using configuration from /openvpn-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName
:PRINTABLE:'CN'
stateOrProvinceName
:PRINTABLE:'GD'
localityName
:PRINTABLE:'SZ'
organizationName
:PRINTABLE:'xiaohui.com'
organizationalUnitName:PRINTABLE:'xiaohui.com'
commonName
:PRINTABLE:'client1'
emailAddress
:IA5STRING:'your-email [at] xiaohui.com'
Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
依次类推生成其他客户端证书/key
./build-key client2
./build-key client3
注意在进入 Common Name (eg, your name or your server's hostname) []: 的输入时, 每个证书输入的名字必须不同.
生成 Diffie Hellman 参数 。代码:
./build-dh
将 keys 下的所有文件打包下载到本地
tar -cf mykeys.tar /openvpn-2.0.5/easy-rsa/keys
cp mykeys.tar /home/xiaohui.comsys/public_html/mykeys.tar
将 mykeys.tar 移到 web public(绝对路径因人而异) 上, 然后用 http://www.a.com/mykeys.tar 方式将其下载到本地保存, 然后将其从server删除:
rm /home/xiaohui.comsys/public_html/mykeys.tar
也可以用其他方法把 key file搞到本地,例如 ftp.
创建服务端配置文件
从样例文件创建:
cd $dir/sample-config-files/ # 进入源代码解压目录下的sample-config-files子目录
cp server.conf /usr/local/etc
# cp服务器配置文件到/usr/local/etc
vi /usr/local/etc/server.conf
我建立的server.conf 的内容稍后另附.
创建客户端配置文件
cd $dir/sample-config-files/
#进入源代码解压目录下的sample-config-files子目录
cp client.conf /usr/local/etc
#cp客户端配置文件到/usr/local/etc
vi /usr/local/etc/client.conf
我建立的client.conf 的内容稍后另附.
启动Openvpn: openvpn [server config file]
/usr/local/sbin/openvpn --config /usr/local/etc/server.conf
三. OpenVPN GUI For Windows 客户端安装过程
安装 OpenVPN GUI For Windows, 到
下载. 目前的版本是 1.0.3. 注意: OpenVPN GUI 的版本要和 OpenVPN Server 的版本配套. 详见第一节一. 安装环境中的说明.
依屏幕指示安装openvpn gui.
配置 openvpn gui
安装结束后, 进入安装文件夹下的 config 目录, 然后将上面第 10 步建立的 client.conf 文件从 server 上下载到此文件夹, 并更名为 client.ovpn
同时, 将第8 步打包的 mykeys.tar 中的下列证书文件解压到此文件夹:
client1.crt
client1.csr
client1.key
然后双击 client.ovpn 即可启动 openvpn, 或者通过 OpenVPN GUI 的控制启动 VPN.
如果双击 client.ovpn 没有反应, 则在任务栏点 OpenVPN GUI 的小图标右键, 选择 edit config, 将内容复制过去再保存. 然后再点右键中的 connect即可.
如果需要第二台机器上使用 vpn , 进行同样的配置, 只需要将 client1.crt, client1.csr, client1.key 换成对应的 client2.xxx 即可, 然后将 client.ovpn 中的对应key文件值改掉.
四. OpenVPN 配置样例文件
OpenVPN 服务端:server.conf
local 70.8.7.6
ca /openvpn-2.0.5/easy-rsa/keys/ca.crt
cert /openvpn-2.0.5/easy-rsa/keys/server.crt
key /openvpn-2.0.5/easy-rsa/keys/server.key
# This file should be kept secret
dh /openvpn-2.0.5/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 120
persist-key
persist-tun
status /openvpn-2.0.5/easy-rsa/keys/openvpn-status.log
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 70.88.98.10"
# name server 地址, 如何获取见随后说明
push "dhcp-option DNS 70.88.99.11"
# name server 地址, 如何获取见随后说明
说明: 有些 domain 被 GFW 封掉了, 这时, 如果要访问这些网站, 应该将 server 上的
push 到 client.
上面示例中的 dns ip: 70.88.98.10, 70.88.99.10, 可以在 /etc/resolv.conf 中找到:
vi /etc/resolv.conf
nameserver
70.88.98.10
nameserver
70.88.99.11
OpenVPN 客户端: client.ovpn
remote 70.8.7.6 1194
persist-key
persist-tun
cert client1.crt
key client1.key
ns-cert-type server
redirect-gateway def1
五. OpenVPN 访问外网的设置
VPN连接成功后, 还需要设置路由, 才能透过VPN访问Internet. 在 linux host 上添加路由:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 70.8.7.6
/etc/init.d/iptables save
/etc/init.d/iptables restart
不同的机器,-o eth0 参数可能不一样,具体可输入 ifconfig 查看,搞清 ip(70.8.7.6)所在的网卡号.
同时, 需要将 ip forward 打开. 不要用 echo 1 > /proc/sys/net/ipv4/ip_forward 的方式, 这种方式重启后无效. 先查看一下:
sysctl -a | grep for
#查看结果:
net.ipv4.conf.tun0.mc_forwarding = 0
net.ipv4.conf.tun0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
如果你的主机上列数值不是为1, 则要将其改成1, 例如:
sysctl -w net.ipv4.ip_forward=1
开启域名服务器
如果你需要访问一些已经被GFW封掉了域名的网站, 但你的 OpenVPN 服务器没有被封的话,那么你需要在你的主机上开启 name server, 并将 dns push 给 client。 一般的独立主机, 都带有 private dns server.
rpm -qa | grep bind
/etc/init.d/named start
另外, 必须保证 server.conf 配置中, 有这三个配置:
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 70.88.98.10"
# name server 地址
push "dhcp-option DNS 70.88.99.11"
# name server 地址
当 client 连接成功后, 在 cmd 下执行 ipconfig /all, 应该有这类似这样的输出:
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-AA-B0-60-2B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 10.8.0.5
DHCP Server . . . . . . . . . . . : 10.8.0.5
DNS Servers . . . . . . . . . . . : 10.8.0.1
70.88.98.10
70.88.99.11
Lease Obtained. . . . . . . . . . : 日 5:13:52
Lease Expires . . . . . . . . . . : 日 5:13:52
六. 设置 OpenVPN 服务器 reboot后自动启动 openvpn
vi /etc/rc.local
然后在最后面加入此行:
/usr/local/sbin/openvpn --config /usr/local/etc/server.conf > /dev/null 2>&1 &
七. OpenVPN 测试
VPN 登录上去之后, 测试 MSN, QQ, IE 等网络应用, 也可以尝试访问一些被 GFW 禁掉的网站, 当然, 前提是你的 VPN 服务器不在境内.
八. 使用 OpenVPN 的强烈注意事项
不建议用 VPN 登录 paypal 帐户和 google adsense 帐户. 否则有可能导致帐户受限或带来其他风险.
十. 一些补充
补充:今天用 yum -y update 升级了 CentOS 之后,发现 OpenVPN 连接不上去了,老是说用户检验出错。经检查 server log,发现有以下日志:
Thu Feb 10 11:13:07 2011 us=.***.**:45771 TLS: Initial packet from 222.244.***.**:45771, sid=eec450eb 8673ceef
Thu Feb 10 11:13:10 2011 us=.244.***.**:45771 openvpn_execve: external program may not be called unless '--script-secur
ity 2' or higher is enabled.
Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier.
See --help t
ext or man page for detailed info.
Thu Feb 10 11:13:10 2011 us=.244.***.**:45771 TLS Auth Error: user-pass-verify script failed to execute: /usr/bin/php -
q /home/xiaohui/openvpn-manager/admin/openvpn-auth.php
Thu Feb 10 11:13:10 2011 us=.244.***.**:45771 TLS Auth Error: Auth Username/Password verification failed for peer
经查,原来是 CentOS 在进行
yum update 时,将 OpenVPN
也由2.0 升级到了 2.1。而 OpenVPN 2.1 最大的改变之一,就是加了一个 script-security参数。如果按我的这篇教程进行安装,但装的是 OpenVPN 2.1 及以上版本的话,记得在 server.conf 中再加上这么一行配置即可:
script-security 3
相关文章:
前一篇:下一篇:
第 1 楼& Rony 发表于
很详细。 非常感谢。
第 2 楼& 拉拉 发表于
第 3 楼& flintt 发表于
启动openvpn的终端关闭后,好像sever端停止了vpn的服务
第 4 楼& rrt 发表于
明显有硬伤,我只问一句,lz你自己严格按照你的文档做了没有。
结果怎么样?
我很怀疑你的iptables的nat设置。
XiaoHui 回复于
19:37: 如果有错误,还请麻烦指出。:)
有时候我记不清设置,都是直接看这篇笔记来做的。我按这个文档,装了不下十台 VPN SERVER了。
第 5 楼& gniudad 发表于
不错,感谢。
我也按这个文档装了不下10台了。哈哈。
只是文中:如果你的主机上列数值不是为1, 则要将其改成1, 例如:
sysctl -w net.ipv4.ip_forward=1
我以为全部要改成1,但好像只要最后一项改1就行了。
第 6 楼& tt 发表于
为什么我在做这一步# 建立 server key 代码: 代码: ./build-key-server server
的时候出错:error loading extension section server,请指教。
XiaoHui 回复于
14:34: 抱歉,今天才看到你的邮件。
我没有遇到过这个错误。你确认你的环境变量、软件版本、目录设置,都是按我说的来做的吗?
刚才在GOOGLE搜索了一下,你看看这里:
注意最后的一个贴子,他说他解决了这个问题。你看看对你有用没。
第 7 楼& marion 发表于
搞多公钥-私钥对有什么必要?
为什么不用 duplicate-cn?
第 8 楼& zengw 发表于
我做到这一步:
cd /openvpn-2.0.5/easy-rsa
export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY_DIR=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=CN
export KEY_PROVINCE=GD
export KEY_CITY=SZ
export KEY_ORG="dvdmaster"
export KEY_EMAIL=""
./clean-all
mkdir:无法创建目录'pwd/keys': 没有那个文件或目录
XiaoHui 回复于
19:12: 你所使用的 OPENVPN,版本号是多少?
第 9 楼& zengw 发表于
OPENvpn 是2.0.9的,LZO是2.02的,Linux是redhat9的,内核为2.4.20;虚拟机是5.5.1版本的;
XiaoHui 回复于
12:21: 你尝试自己先手工把那几个目录建好看看。我没折腾过 OpenVPN 2.0.9。直接用文中的步骤安装 2.0.5 是没有问题的。
第 10 楼& zengw 发表于
以下是我的操作跟出错代码:
[root@localhost openvpn-2.0.9]# cd easy-rsa/
[root@localhost easy-rsa]# ls
revoke-crt
build-key-pass
build-req-pass
openssl.cnf
revoke-full
build-key-pkcs12
build-inter
build-key-server
[root@localhost easy-rsa]# pwd
/openvpn-2.0.9/easy-rsa
[root@localhost easy-rsa]# ./clean-all
you must define KEY_DIR
[root@localhost easy-rsa]# export D='pwd'
[root@localhost easy-rsa]# export KEY_CONFIG=$D/openssl.cnf
[root@localhost easy-rsa]# export KEY_DIR=$D/keys
[root@localhost easy-rsa]# export KEY_SIZE=1024
[root@localhost easy-rsa]# export KEY_COUNTRY=CN
[root@localhost easy-rsa]# export KEY_PROVINCE=GD
[root@localhost easy-rsa]# export KEY_CITY=SZ
[root@localhost easy-rsa]# export KEY_ORG=&dvdmaster&
[root@localhost easy-rsa]# export KEY_EMAIL=&&
[root@localhost easy-rsa]# ./vars
NOTE: when you run ./clean-all, I will be doing a rm -rf on pwd/keys
[root@localhost easy-rsa]# ./clean-all
[root@localhost easy-rsa]# ./build-ca
error on line -1 of pwd/openssl.cnf
1984:error::system library:fopen:No such file or directory:bss_file.c:104:fopen('pwd/openssl.cnf','rb')
1984:error::BIO routines:BIO_new_file:no such file:bss_file.c:107:
1984:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:[root@localhost easy-rsa]#
第 11 楼& zengw 发表于
能给我发一个openvpn2.0.5的安装包吗?网上找不到了
XiaoHui 回复于
第 12 楼& zengw 发表于
问题已经得到解决,TKS!
第 13 楼& harley_chen 发表于
我也设置了,
vpn连接后, 还是没办法上网,不能ping外网...
nat功能也开了...
第 14 楼& zengw 发表于
没做/etc/init.d/named start 这一步,完成后我用Windows vpn客户端拨号到vmware上去成功了并能上网,但是公司另一台PC拨号拨上去后却不能上网,其获得的IP和DNS均正常!请问是不是跟没做/etc/init.d/named start 这一步有关,但是跟vmware同一台PC上的Windows却可以上网!
第 15 楼& ks 发表于
我用freebsd和windowsxp,都已经配置安装完毕,客户端也分配到ip,但是互相之间却无法ping通
我已经在server端的配置文件中配置了local的地址,server端的ifconfig显示如下
tun0: flags=8051&UP,POINTOPOINT,RUNNING,MULTICAST& metric 0 mtu 1500
inet 192.168.10.1 --& 192.168.10.2 netmask 0xffffffff
在server端本机ping 192.168.10.1也ping不通
client端ipconfig 显示的ip正常 只是没有网关
请问是什么原因
XiaoHui 回复于
00:02: 你本地局域网的 IP 段是多少?是不是SERVER指定的IP段,与本地局域网指定的相冲突?
第 16 楼& poppy 发表于
我在安装Openvpn的过程中,出现了这么个问题:
#modprobe tun
FATAL: Could not load /lib/modules/2.6.18-ovz028stab053.5-smp/modules.dep: No such file or directory
而且/lib/modules/下面是空的。。
我检查了下
没有tun设备~~
# modinfo tun
modinfo: could not open /lib/modules/2.6.18-ovz028stab053.5-smp/modules.dep
郁闷了。。是系统没有加载tun设备呢? 还是我哪个地方要开启tun设备?
怎么解决这个tun设备的问题啊。。谢谢了
第 17 楼& kingstar 发表于
看了这篇文章之后才装的 OPENVPN,稳妥起见,下载的 OPENVPN 版本正是楼主例文中的 2.0.5。
我在 theplanet 的主机上安装成功。终于破墙了。
才看到。我也顶一下。:)
XiaoHui 是不是写了个 HOOK,将网站文章的评论 和 论坛回贴,同步了?
我看见论坛里好多回贴的都标着“通过 XiaoHui.com 评论系统发表”。:)
原帖由 FlyFire 于
21:44 发表
XiaoHui 是不是写了个 HOOK,将网站文章的评论 和 论坛回贴,同步了?
我看见论坛里好多回贴的都标着“通过 XiaoHui.com 评论系统发表”。:)
点头。我做了一个关联。如果论坛上讨论的话题,是我网站上发表的文章,就建立关联。然后用定时程序,将网站的评论和论坛的回贴进行同步。
第 21 楼& 王菲菲 发表于
成功了到底是一种什么情况。我是第一次用linux,第一次设置VPN。谢谢!怎么测试他的成功。
XiaoHui 回复于
18:27: 连接成功后,任务栏图标区的 OPENVPN GUI的 ICON, 会由暗红色变成绿色。
第 22 楼& 秋天的树 发表于
第 23 楼& pan 发表于
我的服务器跟客户机连接不上。我们电信网一个IP下有几个主机,而且IP是动态生成的,不知道是不是跟这个有关系?
XiaoHui 回复于
11:56: 你自己看日志记录,确保是连接到了正确的服务器上。
第 24 楼& liusir 发表于
上面安装不成功的,可能是 OPENVPN 不同版本的问题引起的差异。我刚才严格按 XIAOHUI 文档里说的 OPENVPN版本进行了安装,一路绿灯,成功了。:)
第 25 楼& pan 发表于
想在Windows下装个Redhat虚拟机,Redhat作服务器,Windows作客户机,但他们共用一个ip,而且ip是动态分配的,这样他们之间的openvpn能建立起来吗?
server.conf的local怎么写?
XiaoHui 回复于
20:54: 不懂,没试过。虚拟机应该可以分配不同的IP的。
第 26 楼& luo 发表于
请问openvpn如何把两个不同区域的局域局连成一个局域网,就是说,两个公司,不同城市,两台linux做点对点连接后,下面的客户端可以互通?
第 27 楼& luo 发表于
按楼主的配置,winxp连接openvpn一直提示‘connecting to client has failed’,下面是客户端的日志。楼主帮我看看
Fri May 29 15:03:43 2009 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov
Fri May 29 15:03:43 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri May 29 15:03:43 2009 LZO compression initialized
Fri May 29 15:03:43 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri May 29 15:03:43 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Fri May 29 15:03:43 2009 Local Options hash (VER=V4): '69109d17'
Fri May 29 15:03:43 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri May 29 15:03:43 2009 Attempting to establish TCP connection with 192.168.1.222:1194
Fri May 29 15:03:43 2009 TCP connection established with 192.168.1.222:1194
Fri May 29 15:03:43 2009 TCPv4_CLIENT link local: [undef]
Fri May 29 15:03:43 2009 TCPv4_CLIENT link remote: 192.168.1.222:1194
Fri May 29 15:03:43 2009 TLS: Initial packet from 192.168.1.222:1194, sid=9e2dc9b0 29a67f10
Fri May 29 15:03:43 2009 VERIFY OK: depth=1, /C=CN/ST=GD/L=SZ/O=kemei/OU=kemei/CN=server/emailAddress=system-
Fri May 29 15:03:43 2009 VERIFY OK: nsCertType=SERVER
Fri May 29 15:03:43 2009 VERIFY OK: depth=0, /C=CN/ST=GD/O=kemei/OU=kemei/CN=server/emailAddress=system-
Fri May 29 15:03:43 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 29 15:03:43 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 29 15:03:43 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 29 15:03:43 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 29 15:03:43 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 29 15:03:43 2009 [server] Peer Connection Initiated with 192.168.1.222:1194
Fri May 29 15:03:45 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri May 29 15:03:45 2009 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.0.1,route 10.8.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri May 29 15:03:45 2009 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 29 15:03:45 2009 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 29 15:03:45 2009 OPTIONS IMPORT: route options modified
Fri May 29 15:03:45 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri May 29 15:03:45 2009 There are no TAP-Win32 adapters on this system.
You should be able to create a TAP-Win32 adapter by going to Start -& All Programs -& OpenVPN -& Add a new TAP-Win32 virtual ethernet adapter.
Fri May 29 15:03:45 2009 Exiting
XiaoHui 回复于
00:05: >> Fri May 29 15:03:45 2009 There are no TAP-Win32 adapters on this system. You should be able to create a TAP-Win32 adapter by going to Start -> All Programs -> OpenVPN -> Add a new TAP-Win32 virtual ethernet adapter
看这句LOG, 貌似是你 TAP 的驱动没装上?
第 28 楼& luo 发表于
上面那个问题我已经搞定了。原因是我下载了错误的for WIN版本导致虚拟网卡没有装上,但是现在又是有一问题就是我可以拔号上去了,但如何访问对方的局域网??目前这样我只能访问服务器那台,服务器或客户端还需要进行行怎么样的设置呢?
第 29 楼& xukai 发表于
Wed Jun 03 13:40:30 2009 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov
Wed Jun 03 13:40:30 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 03 13:40:30 2009 Cannot load certificate file xukai.crt: error::scd: error::BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Wed Jun 03 13:40:30 2009 Exiting
我按照楼主的做下来,连接的时候的报错,上面是log中的文件。
报错是connecting to client has failed.
XiaoHui 回复于
18:10: 证书的配置没有做对。
第 30 楼& xukai 发表于
Wed Jun 03 16:10:32 2009 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov
Wed Jun 03 16:10:32 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 03 16:10:32 2009 LZO compression initialized
Wed Jun 03 16:10:32 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 03 16:10:32 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 03 16:10:32 2009 Local Options hash (VER=V4): ''
Wed Jun 03 16:10:32 2009 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jun 03 16:10:32 2009 UDPv4 link local (bound): [undef]:1194
Wed Jun 03 16:10:32 2009 UDPv4 link remote: 192.168.242.144:1194
Wed Jun 03 16:10:32 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:34 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:37 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:38 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:40 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:42 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:45 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:47 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:50 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:52 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:55 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:56 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:10:58 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:01 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:03 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:06 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:08 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:11 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:13 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:15 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:17 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:19 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:21 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:24 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:25 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:27 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:29 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:31 2009 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Jun 03 16:11:32 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 03 16:11:32 2009 TLS Error: TLS handshake failed
Wed Jun 03 16:11:32 2009 TCP/UDP: Closing socket
Wed Jun 03 16:11:32 2009 SIGUSR1[soft,tls-error] received, process restarting
Wed Jun 03 16:11:32 2009 Restart pause, 2 second(s)
上面的问题解决了,现在老这样了,请问怎么回事?
XiaoHui 回复于
22:32: 客户端与服务端的物理链接不通。确认 1194 端口是开的,客户端与服务端能够正常PING通。下面是 OPENVPN 官方解释,你自己对照排除一下:
You get the error message: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity). This error indicates that the client was unable to establish a network connection with the server.
Solutions:
Make sure the client is using the correct hostname/IP address and port number which will allow it to reach the OpenVPN server.
If the OpenVPN server machine is a single-NIC box inside a protected LAN, make sure you are using a correct port forward rule on the server's gateway firewall. For example, suppose your OpenVPN box is at 192.168.4.4 inside the firewall, listening for client connections on UDP port 1194. The NAT gateway servicing the 192.168.4.x subnet should have a port forward rule that says forward UDP port 1194 from my public IP address to 192.168.4.4.
Open up the server's firewall to allow incoming connections to UDP port 1194 (or whatever TCP/UDP port you have configured in the server config file).
第 31 楼& luo 发表于
客户端连入服务端后。可以ping通服务端的lan wan tun ip,,但是连接服务端的lan同一交换下的电脑,有的可以连通,有的不行,,就比如127 77 5 212 这些IP都可以连通,其它IP又不能联通,不知道是什么原因,是因为路由的原因吗?获取的掩码是255.255.255.252,而且拔入后访问共享,比如访问77这台的默认共享c$,不需要提示输入用户和密码,直接就可以打开共享了,这我觉得有安全问题,这问xiaohui这是什么原因,怎么解决呀。
XiaoHui 回复于
18:06: 我装 VPN 只是为了穿墙,这种情况我不知道,没折腾过。不好意思。:)
第 32 楼& terry76 发表于
请教一下,不知道为什么我vpn进去后,能访问内网,但用不用server push过来的dns,仍是用着拔号连接的dns,客户机是win7系统。
XiaoHui 回复于
01:12: 这个我就搞不清了,没在 WIN7下测试过。
第 33 楼& lz 发表于
Wed Jul 15 10:43:22 2009 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov
Wed Jul 15 10:43:22 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jul 15 10:43:22 2009 Cannot load certificate file lz.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Jul 15 10:43:22 2009 Exiting
按照你的配置顺利安装成功,客户端连接也正常。可过了几天之后我又建立了几个用户就连不上了。开始建的用户能连上,后建的几个一个也连不上。上面是日志,麻烦帮我分析下是什么原因?谢谢
XiaoHui 回复于
15:20: 你用的是证书校验方式吧?看提示,是你的证书有问题。 lz.crt load 失败。既然之前连接成功,就按以前的步骤,重做一下证书,并确保客户端的配置文件里,指定了正确的证书文件名。
第 34 楼& lz 发表于
是证书校验方式。证书和以前生成的方法是一样的啊,客户端配置文件也改了。用./build-key生成客户端有什么特别需要注意的么?除了做./build-key,还需要运行别的东西么?另外我生成客户端时提示:"you must define KEY_DIR",然后运行了一遍你文档里export的那些命令之后就可以使用了。
客户端配置如下:
remote 192.168.0.20 1194
persist-key
persist-tun
cert lz.crt
key lz.key
ns-cert-type server
redirect-gateway def1
XiaoHui 回复于
19:04: 我许久没有接触 OpenVPN 这块了,技术细节我记不太清了,一时也没时间帮你分析。既然你第一次生成是正确的,而后面几次生成证书不对,那肯定是后面的步骤有错误或遗漏的地方。再仔细找找,排除一下原因。或者,全部重新生成一次证书(包括服务器证书)。
安装和配置的过程中,最好把你做的每一步的命令都记录一下,这样以后出问题或新做证书,也方便排查或实施。
第 35 楼& rinkey 发表于
WRwRThu Jul 16 16:36:24 2009 us=921733 client1/202.127.207.101:2239 MULTI: bad source address from client [202.127.207.101], packet dropped
客户端链接的时候,server的log里面有很多这样的记录,这是什么意思?怎么解决
XiaoHui 回复于
21:13: 我没接触过这个错误,查了一下资料,网上有篇关于这个错误的解决方案,你参考一下:
在 OpenVPN 自己的newsgroup 上,有一个关于这个的讨论:
第 36 楼& rinkey 发表于
openVPN服务器有两块网卡eth0 为公网IP,eth1为内网网关IP,并做了NAT。服务器买开启VPN时,内网的主机可以PING 通eth1和公网IP,但是开启VPN以后内网就PING不通了。而VPN client 也PING 不通内网主机。 怎么解决?
因为不怎么熟悉linux,所以基本全部按照楼主命令的来做,
到最后开启vpn的时候,显示这样,(这里只列出最后一部分显示信息)
用的putty,最后命令一直停在那里,也不见开启1194端口,很奇怪,希望有人给予解答
最好能聊q,嘿嘿,这样太不方便,q:
Fri Jul 17 01:49:47 2009 us=708255 TUN/TAP device tun0 opened
Fri Jul 17 01:49:47 2009 us=708281 TUN/TAP TX queue length set to 100
Fri Jul 17 01:49:47 2009 us=708312 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Jul 17 01:49:47 2009 us=715115 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Jul 17 01:49:47 2009 us=717906 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jul 17 01:49:47 2009 us=717952 Socket Buffers: R=[1072] S=[1072]
Fri Jul 17 01:49:47 2009 us=717974 UDPv4 link local (bound): 210.127.253.11:1194
Fri Jul 17 01:49:47 2009 us=717985 UDPv4 link remote: [undef]
Fri Jul 17 01:49:47 2009 us=718003 MULTI: multi_init called, r=256 v=256
Fri Jul 17 01:49:47 2009 us=718036 IFCONFIG POOL: base=10.8.0.4 size=62
Fri Jul 17 01:49:47 2009 us=718069 Initialization Sequence Completed
第 38 楼& sail 发表于
Fri Aug 21 18:22:36 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct
Fri Aug 21 18:22:36 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Aug 21 18:22:36 2009 Cannot load certificate file client.crt: error::system library:fopen:No such file or directory: error::BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
Fri Aug 21 18:22:36 2009 Exiting
这是我的客户端的问题 不知道怎么回事
XiaoHui 回复于
20:57: 客户端证书错误。
第 39 楼& 朵朵 发表于
根据这个做 我成功 谢谢xiaohui
第 40 楼& 王菲菲 发表于
Server 端的环境
redhat, kernel版本: 2.4.20-31.9, IP 为 70.8.7.6
“IP 为 70.8.7.6”是在什么时候设的?
XiaoHui 回复于
11:09: 安装 SERVER OS 时指定的。
我的安装终于可以连接上了,但是连上去以后访问不了网站,我也输入了echo 1 & /proc/sys/net/ipv4/ip_forward,但就是死活访问不了,怎么回事啊?
XiaoHui 回复于
sysctl -a | grep for
看一下 ipfoward 是否打开了。
第 42 楼& 藤苇 发表于
我遇到一个问题我没法解决,想向你咨询下
[root@localhost root]# /usr/local/sbin/openvpn --config /usr/local/etc/server.conf
Sun Sep 27 17:41:12 2009 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] built on Sep 27 2009
Sun Sep 27 17:41:12 2009 Cannot open dh1024.pem for DH parameters:error::system library:fopen:NO such file or directory:error::BIO routines:BIO_new_file:no such file
Sun Sep 27 14:41:12 2009 Exiting
这是怎么一回事呢?急急急!!!
XiaoHui 回复于
21:44: 没有 Diffie Hellman 参数或文件的位置没有设置正确。见第七步代码:
./build-dh
第 43 楼& 藤苇 发表于
./build-dh
这一步我做了都是按照你上面说的去做的
export D=`pwd` 只是这一步没做。
export KEY_CONFIG=root/openvpn-2.0.9/easy-rsa/openssl.cnf
export KEY_DIR=root/openvpn-2.0.9/easy-rsa/keys
第 44 楼& 藤苇 发表于
在root/openvpn-2.0.9/easy-rsa/keys下生成了这个文件dh1024.pem 。
第 45 楼& 藤苇 发表于
D=`pwd` 是什么意思呢?
XiaoHui 回复于
10:22: pwd 表示当前工作目录
第 46 楼& 藤苇 发表于
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.
# This configuration can be used by multiple #
# clients, however each client should have
# its own cert and key files.
# On Windows, you might want to rename this
# file so it has a .ovpn extension
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.
On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server?
Use the same setting as
# on the server.
;proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 172.16.37.83 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing.
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.
Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.
See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets.
Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description.
It's best to use
# a separate .crt/.key file pair
# for each client.
A single ca
# file can be used for all clients.
cert client1.crt
key client1.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".
This is an
# important precaution to protect against
# a potential attack discussed here:
http://openvpn.net/howto.html#mitm
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".
The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
# Set log file verbosity.
# Silence repeating messages
服务器配置
#################################################
# Sample OpenVPN 2.0 config file for
# multi-client server.
# This file is for the server side
# of a many-clients &-& one-server
# OpenVPN configuration.
# OpenVPN also supports
# single-machine &-& single-machine
# configurations (See the Examples page
# on the web site for more info).
# This config should work on Windows
# or Linux/BSD systems.
Remember on
# Windows to quote pathnames and use
# double backslashes, e.g.:
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# Comments are preceded with '#' or ';'
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.
You will need to
# open up this port on your firewall.
# TCP or UDP server?
;proto udp
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.
On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).
Each client
# and the server must have their own cert and
# key file.
The server and all clients will
# use the same ca file.
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.
Remember to use
# a unique Common Name for the server
# and each of the client certificates.
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /root/openvpn-2.0.9/easy-rsa/keys/ca.crt
cert /root/openvpn-2.0.9/easy-rsa/keys/server.crt
key /root/openvpn-2.0.9/easy-rsa/keys/server.key
# This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh /root/openvpn-2.0.9/easy-rsa/keys/dh1024.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.0.0.0 255.255.255.0
# Maintain a record of client &-& virtual IP address
# associations in this file.
If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface.
Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0.
Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients.
Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
# Push routes to the client to allow it
# to reach other p10.8.0.1rivate subnets behind
# the server.
Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.11.0 255.255.255.0"
;push "route 192.168.13.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
client-config-dir /usr/local/etc/ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN.
This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
client-config-dir /usr/local/etc/ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
ifconfig-push 10.9.0.1 10.9.0.2
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients.
There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
group, and firewall the TUN/TAP interface
for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
modify the firewall in response to access
from different clients.
page for more info on learn-address script.
;learn-address ./script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel.
Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
;push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.
# http://openvpn.net/faq.html#dhcpcaveats
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names.
This is recommended
# only for testing purposes.
For production use,
# each client should have its own certificate/key
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
# Generate with:
openvpn --genkey --secret ta.key
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC
# Blowfish (default)
;cipher AES-128-CBC
;cipher DES-EDE3-CBC
# Triple-DES
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nobody
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /root/openvpn-2.0.9/easy-rsa/keys/openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.
# or the other (but not both).
openvpn.log
;log-append
openvpn.log
# Set the appropriate level of log
# file verbosity.
# 0 is silent, except for fatal errors/root/openvpn-2.0.9/easy-rsa/keys
# 4 is reasonable for genera/root/openvpn-2.0.9/easy-rsa/keysl usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
# Silence repeating messages.
At most 20
# sequential messages of the same message
# category will be output to the log.
openvpn服务器是red hat Linux
客户机是windows server 2000 两个网卡 开起了rip协议
server ip: 172.16.37.83
虚拟ip 10.0.0.1;
client1 ip:172.16.37.110
192.168.11.1
虚拟IP 10.0.0.5;
client2 ip: 172.16.19.22. 192.168.12.1
虚拟ip 10.0.0.13;
在server中可ping通10.0.0.1 172.16.37.83 172.16.37.110
172.16.19.22 192.168.11.1 192.168.12.1
ping不通 10.0.0.5 10.0.0.13
client1 中可ping通 172.16.37.83 172.16.37.110
172.16.19.22 192.168.11.1 192.168.12.1 10.0.0.5 10.0.0.13
ping不通 10.0.0.1
client2中可ping通 172.16.37.83 172.16.37.110
172.16.19.22 192.168.11.1 192.168.12.1 10.0.0.5 10.0.0.13
ping不通 10.0.0.1
楼主这是哪出现了问题呢?拜托拜托
XiaoHui 回复于
18:47: Tooooooo looooooooog, 看着头晕又不方便比较。 能不能把 #的注释去掉再贴上来。
第 47 楼& 藤苇 发表于
;dev-node MyTap
;proto udp
remote 172.16.37.83 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
cert client1.crt
key client1.key
;ns-cert-type server
;tls-auth ta.key 1
服务器配置
;local a.b.c.d
;proto udp
;dev-node MyTap
ca /root/openvpn-2.0.9/easy-rsa/keys/ca.crt
cert /root/openvpn-2.0.9/easy-rsa/keys/server.crt
key /root/openvpn-2.0.9/easy-rsa/keys/server.key # This file should be kept secret
dh /root/openvpn-2.0.9/easy-rsa/keys/dh1024.pem
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;push &route 192.168.11.0 255.255.255.0&
;push &route 192.168.13.0 255.255.255.0&
client-config-dir /usr/local/etc/ccd
;route 192.168.40.128 255.255.255.248
client-config-dir /usr/local/etc/ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push &redirect-gateway&
;push &dhcp-option DNS 10.8.0.1&
;push &dhcp-option WINS 10.8.0.1&
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status /root/openvpn-2.0.9/easy-rsa/keys/openvpn-status.log
;log openvpn.log
;log-append openvpn.log
openvpn服务器是red hat Linux
客户机是windows server 2000 两个网卡 开起了rip协议
server ip: 172.16.37.83 虚拟ip 10.0.0.1;
client1 ip:172.16.37.110 192.168.11.1 虚拟IP 10.0.0.5;
client2 ip: 172.16.19.22. 192.168.12.1 虚拟ip 10.0.0.13;
在server中可ping通10.0.0.1 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1 192.168.12.1 ping不通 10.0.0.5 10.0.0.13
client1 中可ping通 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1 192.168.12.1 10.0.0.5 10.0.0.13 ping不通 10.0.0.1
client2中可ping通 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1
192.168.12.1 10.0.0.5 10.0.0.13 ping不通 10.0.0.1
楼主这是哪出现了问题呢?拜托拜托
我的QQ是加我
第 48 楼& 藤苇 发表于
;dev-node MyTap
;proto udp
remote 172.16.37.83 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
cert client1.crt
key client1.key
;ns-cert-type server
;tls-auth ta.key 1
服务器配置
;local a.b.c.d
;proto udp
;dev-node MyTap
ca /root/openvpn-2.0.9/easy-rsa/keys/ca.crt
cert /root/openvpn-2.0.9/easy-rsa/keys/server.crt
key /root/openvpn-2.0.9/easy-rsa/keys/server.key # This file should be kept secret
dh /root/openvpn-2.0.9/easy-rsa/keys/dh1024.pem
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;push "route 192.168.11.0 255.255.255.0"
;push "route 192.168.13.0 255.255.255.0"
client-config-dir /usr/local/etc/ccd
;route 192.168.40.128 255.255.255.248
client-config-dir /usr/local/etc/ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway"
;push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option WINS 10.8.0.1"
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status /root/openvpn-2.0.9/easy-rsa/keys/openvpn-status.log
;log openvpn.log
;log-append openvpn.log
openvpn服务器是red hat Linux
客户机是windows server 2000 两个网卡 开起了rip协议
server ip: 172.16.37.83 虚拟ip 10.0.0.1;
client1 ip:172.16.37.110 192.168.11.1 虚拟IP 10.0.0.5;
client2 ip: 172.16.19.22. 192.168.12.1 虚拟ip 10.0.0.13;
在server中可ping通10.0.0.1 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1 192.168.12.1 ping不通 10.0.0.5 10.0.0.13 192.168.11.1 192.168.12.1
client1 中可ping通 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1 192.168.12.1 10.0.0.5 10.0.0.13 ping不通 10.0.0.1
client2中可ping通 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1
192.168.12.1 10.0.0.5 10.0.0.13 ping不通 10.0.0.1
楼主这是哪出现了问题呢?拜托拜托
我的QQ是加我
第 49 楼& 藤苇 发表于
在以上的“在server中可ping通10.0.0.1 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1 192.168.12.1 ping不通 10.0.0.5 10.0.0.13”修改一下
在server中可ping通10.0.0.1 172.16.37.83 172.16.37.110 172.16.19.22 192.168.11.1 192.168.12.1 ping不通 10.0.0.5 10.0.0.13 192.168.11.1 192.168.12.1
XiaoHui 回复于
21:27: 看了一下,配置很正常。有几个参数我没有用过,如client-config-dir 等。你可以参考我文中第四小节的样例文件,先用最简单的配置搭建起来再说。
如果能连接但 Ping 不通,要看看是不是配置了 iptables。可参见第五节。
第 50 楼& 藤苇 发表于
可以连接但ping不通,
red hat Linux 中的网络配置要怎么设置呢?
第 51 楼& 藤苇 发表于
Microsoft Windows 2000 [Version 5.00.2195]
(C) 版权所有
Microsoft Corp.
C:\Documents and Settings\Administrator&ipconfig/all
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : 2000serv-qh80ma
Primary DNS Suffix
. . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter 本地连接 3:
Connection-specific DNS Suffix
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-C2-18-82-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.0.0.6
DNS Servers . . . . . . . . . . . : 10.0.0.1
70.88.98.10
70.88.99.11
Lease Obtained. . . . . . . . . . : 日 20:43:19
Lease Expires . . . . . . . . . . : 日 20:43:19
Ethernet adapter 本地连接 2:
Connection-specific DNS Suffix
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-2E-84-B5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.11.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.37.110
DNS Servers . . . . . . . . . . . : 218.30.19.40
61.134.1.4
Ethernet adapter 本地连接:
Connection-specific DNS Suffix
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-2E-84-AB
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.37.110
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.11.1
DNS Servers . . . . . . . . . . . : 218.30.19.40
61.134.1.4
C:\Documents and Settings\Administrator&ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 172.16.37.110: TTL expired in transit.
Reply from 172.16.37.110: TTL expired in transit.
Reply from 172.16.37.110: TTL expired in transit.
Reply from 172.16.37.110: TTL expired in transit.
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =
0ms, Average =
C:\Documents and Settings\Administrator&ping 10.0.0.13
Pinging 10.0.0.13 with 32 bytes of data:
Reply from 10.0.0.13: bytes=32 time&10ms TTL=128
Reply from 10.0.0.13: bytes=32 time&10ms TTL=128
Reply from 10.0.0.13: bytes=32 time&10ms TTL=128
Reply from 10.0.0.13: bytes=32 time&10ms TTL=128
Ping statistics for 10.0.0.13:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =
0ms, Average =
C:\Documents and Settings\Administrator&ping 172.16.37.83
Pinging 172.16.37.83 with 32 bytes of data:
Reply from 172.16.37.83: bytes=32 time&10ms TTL=64
Reply from 172.16.37.83: bytes=32 time&10ms TTL=64
Reply from 172.16.37.83: bytes=32 time&10ms TTL=64
Reply from 172.16.37.83: bytes=32 time&10ms TTL=64
Ping statistics for 172.16.37.83:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum =
0ms, Average =
Default Gateway 那里没ip。
麻烦你在给我看看哪个地方出错了!!!
第 52 楼& 藤苇 发表于
Mon Oct 12 20:43:17 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct
Mon Oct 12 20:43:17 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Oct 12 20:43:17 2009 WARNING: No server certificate verification method has been enabled.
See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 12 20:43:17 2009 LZO compression initialized
Mon Oct 12 20:43:17 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Oct 12 20:43:17 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 12 20:43:17 2009 Local Options hash (VER=V4): '9;
Mon Oct 12 20:43:17 2009 Expected Remote Options hash (VER=V4): 'c9;
Mon Oct 12 20:43:17 2009 Attempting to establish TCP connection with 172.16.37.83:1194
Mon Oct 12 20:43:17 2009 TCP connection established with 172.16.37.83:1194
Mon Oct 12 20:43:17 2009 TCPv4_CLIENT link local: [undef]
Mon Oct 12 20:43:17 2009 TCPv4_CLIENT link remote: 172.16.37.83:1194
Mon Oct 12 20:43:17 2009 TLS: Initial packet from 172.16.37.83:1194, sid=fbbcc93
Mon Oct 12 20:43:17 2009 VERIFY OK: depth=1, /C=CN/ST=GD/L=SZ/O=xiaohui.com/emailAddress=your-email__at__xiaohui.com
Mon Oct 12 20:43:17 2009 VERIFY OK: depth=0, /C=CN/ST=GD/O=xiaohui.com/CN=server/emailAddress=your-email__at__xiaohui.com
Mon Oct 12 20:43:17 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 12 20:43:17 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 12 20:43:17 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 12 20:43:17 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 12 20:43:17 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Oct 12 20:43:17 2009 [server] Peer Connection Initiated with 172.16.37.83:1194
Mon Oct 12 20:43:18 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Oct 12 20:43:18 2009 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.13.0 255.255.255.0,dhcp-option DNS 10.0.0.1,d
