【求助】OpenVPN无法通过公司代理服务器的验证!
我先介绍一下我们公司的情况:我们使用代理服务器上网的(其实基本上大多数公司都这样),代理地址例如是192.168.1.10:8080,然后平时上网的时候直接就能上,不用输入用户名和密码.但是今天我使用OpenVPN,公司代理死活验证不通过,我在Proxy setting里的设置是选择第二个,也就是use internet explore setting.
以下是日志,麻烦各位大大帮忙看看,感谢!
Mon May 14 13:39:39 2012 us=867000 LZO compression initialized
Mon May 14 13:39:39 2012 us=867000 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon May 14 13:39:39 2012 us=867000 Socket Buffers: R= S=
Mon May 14 13:39:39 2012 us=867000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon May 14 13:39:39 2012 us=867000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon May 14 13:39:39 2012 us=867000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon May 14 13:39:39 2012 us=867000 Local Options hash (VER=V4): '31fdf004'
Mon May 14 13:39:39 2012 us=867000 Expected Remote Options hash (VER=V4): '3e6d1056'
Mon May 14 13:39:39 2012 us=867000 Attempting to establish TCP connection with 192.168.1.10:8080
Mon May 14 13:39:39 2012 us=867000 TCP connection established with 192.168.1.10:8080
Mon May 14 13:39:39 2012 us=867000 Send to HTTP proxy: 'CONNECT 116.34.23.4:443 HTTP/1.0'
Mon May 14 13:39:40 2012 us=241000 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required'
Mon May 14 13:39:40 2012 us=241000 Proxy requires authentication
Mon May 14 13:39:40 2012 us=241000 HTTP proxy: no support for proxy authentication method
Mon May 14 13:39:40 2012 us=241000 TCP/UDP: Closing socket
Mon May 14 13:39:40 2012 us=241000 SIGTERM received, process exiting 是不是代理服务器把443端口给封闭了?
Mon May 14 13:39:40 2012 us=241000 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required'
Mon May 14 13:39:40 2012 us=241000 Proxy requires authentication
回复 #2 seaxp 的帖子
感谢回帖443肯定没封,因为可以上一些https的网站.
主题里的内容是我朋友的,她的电脑是入域的,所以上网从来不需要输入密码.
我在公司也有这个问题,但是我用无线连公司网络是OK的,连无线的话,需要输入域用户名和密码(因为我越域了),才能通过无线验证并拿到IP,这样再连VPN时就不再需要用户名和密码了,所以直接能上去,但是如果插网线,也是连不上的,但是错误日志稍有区别:
Mon May 14 09:31:18 2012 us=62000 LZO compression initialized
Mon May 14 09:31:18 2012 us=62000 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon May 14 09:31:18 2012 us=62000 Socket Buffers: R= S=
Mon May 14 09:31:18 2012 us=62000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon May 14 09:31:18 2012 us=62000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon May 14 09:31:18 2012 us=62000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon May 14 09:31:18 2012 us=62000 Local Options hash (VER=V4): '31fdf004'
Mon May 14 09:31:18 2012 us=62000 Expected Remote Options hash (VER=V4): '3e6d1056'
Mon May 14 09:31:18 2012 us=62000 Attempting to establish TCP connection with 192.168.88.88:1111
Mon May 14 09:31:18 2012 us=93000 TCP connection established with 192.168.88.88:1111
Mon May 14 09:31:18 2012 us=93000 Send to HTTP proxy: 'CONNECT 116.34.23.4:443 HTTP/1.0'
Mon May 14 09:31:18 2012 us=93000 Attempting Basic Proxy-Authorization
Mon May 14 09:31:18 2012 us=109000 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.)'
Mon May 14 09:31:18 2012 us=109000 Proxy requires authentication
Mon May 14 09:31:18 2012 us=109000 Proxy requires authentication
Mon May 14 09:31:18 2012 us=109000 TCP/UDP: Closing socket
Mon May 14 09:31:18 2012 us=109000 SIGTERM received, process exiting Proxy requires authentication
Mon May 14 13:39:40 2012 us=241000 HTTP proxy: no support for proxy authentication method
Mon May 14 13:39:40 2012 us=241000 TCP/UDP: Closing socket
Mon May 14 13:39:40 2012 us=241000 SIGTERM received, process exiting
初步可以看出是代理服务器需要用户认证信息,然后代理服务器的认证方法不被openvpn支持,你试着调整下代理服务器的认证方法吧,或者直接关掉代理服务器的用户认证
回复 #4 Spider007 的帖子
谢谢回复.代理服务器是公司的,我没有任何权限啊...
奇怪的是,如果我用无线上网(公司架设的,不是公共Wi-Fi),在联网时需要输入域账号和密码的,用这个方式联网,OpenVPN通过代理时就不需要用户名和密码了. 今天居然连无线网络都无法通过密码验证了,是不是那个狗日的IT也混这个论坛啊,妈屄的死全家!艹!
我用ccproxy做了二次代理,发现如果ccproxy不设密码,日志为:
Tue May 15 10:15:56 2012 us=62000 Attempting to establish TCP connection with 127.0.0.1:808
Tue May 15 10:15:56 2012 us=62000 TCP connection established with 127.0.0.1:808
Tue May 15 10:15:56 2012 us=62000 Send to HTTP proxy: 'CONNECT 116.34.67.23:443 HTTP/1.0'
Tue May 15 10:15:56 2012 us=62000 Attempting Basic Proxy-Authorization
Tue May 15 10:15:56 2012 us=62000 HTTP proxy returned: 'HTTP/1.0 407 Unauthorized'
Tue May 15 10:15:56 2012 us=62000 Proxy requires authentication
Tue May 15 10:15:56 2012 us=62000 Proxy requires authentication
Tue May 15 10:15:56 2012 us=62000 TCP/UDP: Closing socket
Tue May 15 10:15:56 2012 us=62000 SIGTERM received, process exiting
然后直接报错.
如果设置了密码,日志为:
Tue May 15 10:16:39 2012 us=312000 Attempting to establish TCP connection with 127.0.0.1:808
Tue May 15 10:16:39 2012 us=312000 TCP connection established with 127.0.0.1:808
Tue May 15 10:16:39 2012 us=312000 Send to HTTP proxy: 'CONNECT 116.34.67.23:443 HTTP/1.0'
Tue May 15 10:16:39 2012 us=375000 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Tue May 15 10:16:39 2012 us=390000 TCPv4_CLIENT link local:
Tue May 15 10:16:39 2012 us=390000 TCPv4_CLIENT link remote: 127.0.0.1:808
Tue May 15 10:16:39 2012 us=390000 Connection reset, restarting
Tue May 15 10:16:39 2012 us=390000 TCP/UDP: Closing socket
Tue May 15 10:16:39 2012 us=390000 SIGUSR1 received, process restarting
Tue May 15 10:16:39 2012 us=390000 Restart pause, 5 second(s)
然后往复循环.
跪求哪位大大出手相助啊!大家都是底层被压迫的贫苦百姓啊,翻个墙不容易啊!:') :') :') :') :') :') OpenVPN东西挺好,但是为啥代理服务器验证这块做得那么烂啊,我以前用的SocksOnline都能很轻松的通过代理验证 经过我的不懈努力,刚才终于成功了!!!哈哈!!!
如果你公司的代理服务器地址是192.168.1.10:8080,那么在.ovpn的配置文件最后加一行,其他的地址以此类推:
http-proxy 192.168.1.10 8080 auth.txt ntlm
然后在同一个目录下新建一个auth.txt的记事本文件(什么?你想换个名字?OK,那么上面那句话里你也把名字换掉)
然后文本里第一行是你的用户名,第二行是你的密码.
然后,最重要的一点,也是我之前一直搞不定的原因,就是在Proxy setting里,一定要选择"Use OpenVPN Config-file Settings",不能选"Manual Configuration"!!!
ok,搞定!
或许有人觉得是因为我不看手册导致的,好吧,我认,不过我觉得这个对于初学者是很容易碰到的问题,就作为初学者的tips吧,嘿嘿. 原来是域认证搞的鬼。因为域认证是默认由系统自动提供用户名和密码的,所以在OPENVPN下必须要建立默认的认证文件,才能由客户端自动读取。
页:
[1]