Windows Server 2012上的OpenVPN客户端无法更改路由

我有一个虚拟的Windows 2012服务器运行一些互联网通信软件，这需要我改变IP范围一次。 这是否安全无关紧要，这只是testing软件，并没有严重的事情在服务器上完成。

我的问题是，我无法让OpenVPN在服务器上工作。 出于testing目的，我只是select了任何公共的免费VPN，如freevpn.me

我的freevpn.me连接的openvpn.log如下所示：

Fri Feb 17 07:13:23 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017 Fri Feb 17 07:13:23 2017 Windows version 6.2 (Windows 8 or greater) 64bit Fri Feb 17 07:13:23 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 Enter Management Password: Fri Feb 17 07:13:23 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Fri Feb 17 07:13:23 2017 Need hold release from management interface, waiting... Fri Feb 17 07:13:23 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'state on' Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'log all on' Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'hold off' Fri Feb 17 07:13:23 2017 MANAGEMENT: CMD 'hold release' Fri Feb 17 07:13:40 2017 MANAGEMENT: CMD 'username "Auth" "freevpnme"' Fri Feb 17 07:13:40 2017 MANAGEMENT: CMD 'password [...]' Fri Feb 17 07:13:40 2017 MANAGEMENT: CMD 'proxy HTTP 172.22.1.3 3128' Fri Feb 17 07:13:41 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Fri Feb 17 07:13:41 2017 NOTE: --fast-io is disabled since we are running on Windows Fri Feb 17 07:13:41 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:41 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Fri Feb 17 07:13:41 2017 Attempting to establish TCP connection with [AF_INET]172.22.1.3:3128 [nonblock] Fri Feb 17 07:13:41 2017 MANAGEMENT: >STATE:1487312021,TCP_CONNECT,,,,,, Fri Feb 17 07:13:42 2017 TCP connection established with [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:42 2017 Send to HTTP proxy: 'CONNECT 212.129.33.61:443 HTTP/1.0' Fri Feb 17 07:13:42 2017 Send to HTTP proxy: 'Host: 212.129.33.61' Fri Feb 17 07:13:42 2017 HTTP proxy returned: 'HTTP/1.0 200 Connection established' Fri Feb 17 07:13:44 2017 TCP_CLIENT link local: (not bound) Fri Feb 17 07:13:44 2017 TCP_CLIENT link remote: [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:44 2017 MANAGEMENT: >STATE:1487312024,WAIT,,,,,, Fri Feb 17 07:13:44 2017 MANAGEMENT: >STATE:1487312024,AUTH,,,,,, Fri Feb 17 07:13:44 2017 TLS: Initial packet from [AF_INET]172.22.1.3:3128, sid=ad1adcd1 b2b7cd7a Fri Feb 17 07:13:44 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Feb 17 07:13:44 2017 VERIFY OK: depth=1, C=MT, ST=MLT, L=Valletta, O=FreeVPN.me, OU=FreeVPN.me, CN=FreeVPN.me CA, name=FreeVPN.me, [email protected] Fri Feb 17 07:13:44 2017 VERIFY OK: depth=0, C=MT, ST=MLT, L=Valletta, O=FreeVPN.me, OU=FreeVPN.me, CN=FreeVPN.me, name=FreeVPN.me, [email protected] Fri Feb 17 07:13:45 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Fri Feb 17 07:13:45 2017 [FreeVPN.me] Peer Connection Initiated with [AF_INET]172.22.1.3:3128 Fri Feb 17 07:13:46 2017 MANAGEMENT: >STATE:1487312026,GET_CONFIG,,,,,, Fri Feb 17 07:13:46 2017 SENT CONTROL [FreeVPN.me]: 'PUSH_REQUEST' (status=1) Fri Feb 17 07:13:46 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.13.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.13.1.110 10.13.1.109' Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: timers and/or timeouts modified Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: --ifconfig/up options modified Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: route options modified Fri Feb 17 07:13:46 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Fri Feb 17 07:13:46 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri Feb 17 07:13:46 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 17 07:13:46 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Fri Feb 17 07:13:46 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Feb 17 07:13:46 2017 interactive service msg_channel=0 Fri Feb 17 07:13:46 2017 ROUTE_GATEWAY 172.22.1.1/255.255.255.0 I=12 HWADDR=00:50:56:98:74:d6 Fri Feb 17 07:13:46 2017 open_tun Fri Feb 17 07:13:46 2017 TAP-WIN32 device [Ethernet] opened: \\.\Global\{3EFF9323-DB9B-45CF-A89F-E8E2637975E4}.tap Fri Feb 17 07:13:46 2017 TAP-Windows Driver Version 9.21 Fri Feb 17 07:13:46 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.13.1.110/255.255.255.252 on interface {3EFF9323-DB9B-45CF-A89F-E8E2637975E4} [DHCP-serv: 10.13.1.109, lease-time: 31536000] Fri Feb 17 07:13:46 2017 Successful ARP Flush on interface [15] {3EFF9323-DB9B-45CF-A89F-E8E2637975E4} Fri Feb 17 07:13:46 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Fri Feb 17 07:13:46 2017 MANAGEMENT: >STATE:1487312026,ASSIGN_IP,,10.13.1.110,,,, Fri Feb 17 07:13:48 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 172.22.1.3 MASK 255.255.255.255 172.22.1.1 IF 12 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=5 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.13.1.109 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.13.1.109 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 MANAGEMENT: >STATE:1487312028,ADD_ROUTES,,,,,, Fri Feb 17 07:13:48 2017 C:\Windows\system32\route.exe ADD 10.13.0.1 MASK 255.255.255.255 10.13.1.109 Fri Feb 17 07:13:48 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4 Fri Feb 17 07:13:48 2017 Route addition via IPAPI succeeded [adaptive] Fri Feb 17 07:13:48 2017 Initialization Sequence Completed Fri Feb 17 07:13:48 2017 MANAGEMENT: >STATE:1487312028,CONNECTED,SUCCESS,10.13.1.110,172.22.1.3,3128,172.22.1.193,52553 

这是VPN连接后的路由表：

• IPTABLES DROP不能打到外部设备
• 如何允许工作站从Windows服务器使用静态路由
• 如何在Linux中的桥梁之间进行路由？
• 无法安装源路由 – RTNETLINK答案：没有这样的进程（IPsec / strongswan）
• 排除多宿主设备上的默认路由

 C:\>route print =========================================================================== Schnittstellenliste 15...00 ff 3e ff 93 23 ......TAP-Windows Adapter V9 12...00 50 56 98 74 d6 ......vmxnet3 Ethernet Adapter #3 1...........................Software Loopback Interface 1 13...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 28...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #2 =========================================================================== IPv4-Routentabelle =========================================================================== Aktive Routen: Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik 0.0.0.0 0.0.0.0 172.22.1.1 172.22.1.193 261 0.0.0.0 128.0.0.0 10.9.0.33 10.13.1.110 20 0.0.0.0 128.0.0.0 10.13.1.109 10.13.1.110 20 10.9.0.1 255.255.255.255 10.9.0.33 10.13.1.110 20 10.13.0.1 255.255.255.255 10.13.1.109 10.13.1.110 20 10.13.1.108 255.255.255.252 Auf Verbindung 10.13.1.110 276 10.13.1.110 255.255.255.255 Auf Verbindung 10.13.1.110 276 10.13.1.111 255.255.255.255 Auf Verbindung 10.13.1.110 276 127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306 127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306 127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 128.0.0.0 128.0.0.0 10.9.0.33 10.13.1.110 20 128.0.0.0 128.0.0.0 10.13.1.109 10.13.1.110 20 172.22.1.0 255.255.255.0 Auf Verbindung 172.22.1.193 261 172.22.1.3 255.255.255.255 172.22.1.1 172.22.1.193 5 172.22.1.193 255.255.255.255 Auf Verbindung 172.22.1.193 261 172.22.1.255 255.255.255.255 Auf Verbindung 172.22.1.193 261 224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306 224.0.0.0 240.0.0.0 Auf Verbindung 10.13.1.110 276 224.0.0.0 240.0.0.0 Auf Verbindung 172.22.1.193 261 255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306 255.255.255.255 255.255.255.255 Auf Verbindung 10.13.1.110 276 255.255.255.255 255.255.255.255 Auf Verbindung 172.22.1.193 261 =========================================================================== Ständige Routen: Netzwerkadresse Netzmaske Gatewayadresse Metrik 0.0.0.0 0.0.0.0 172.22.1.1 Standard =========================================================================== IPv6-Routentabelle =========================================================================== Aktive Routen: If Metrik Netzwerkziel Gateway 1 306 ::1/128 Auf Verbindung 15 276 fe80::/64 Auf Verbindung 12 261 fe80::/64 Auf Verbindung 12 261 fe80::1dca:d314:3e09:82ae/128 Auf Verbindung 15 276 fe80::20c6:40f9:7577:57df/128 Auf Verbindung 1 306 ff00::/8 Auf Verbindung 15 276 ff00::/8 Auf Verbindung 12 261 ff00::/8 Auf Verbindung =========================================================================== Ständige Routen: Keine C:\> 

如果我去ifconfig.me，它说我的IP地址仍然是141.76.15.132

我到目前为止所尝试的是：

• 以pipe理员身份运行OpenVPN
• 将DNS服务器更改为8.8.8.8/8.8.4.4（google）
• 禁用/启用防火墙

我不知道为什么这不起作用。

但我不确定如何将这些解决scheme与我的OpenVPN设置集成。

任何帮助是极大的赞赏。

编辑在2017-02-20

我有点进一步。 所以连接似乎已经build立，但Windows 2012仍然使用原来的以太网适配器，我不能改变这两个的顺序：

Netstat显示了两个nic，TAP V9是OpenVPN适配器，而vmxnet3是原来的一个。 后者的分配优先级是12，OpenVPN是15（更低）。 在以太网连接中手动设置度量标准不起作用（请参阅左图，netstat）。 我也尝试改变以太网网卡的顺序，OpenVPN（列表顶部）应该先访问。 这也不pipe用（见右图）

这是networking和共享，你可以看到，stream量只是通过“Ethernet0 4”