【求助】OpenVPN无法通过公司代理服务器的验证!

jbcdidgosir

我先介绍一下我们公司的情况:我们使用代理服务器上网的(其实基本上大多数公司都这样),代理地址例如是192.168.1.10:8080,然后平时上网的时候直接就能上,不用输入用户名和密码.

但是今天我使用OpenVPN,公司代理死活验证不通过,我在Proxy setting里的设置是选择第二个,也就是use internet explore setting.

以下是日志,麻烦各位大大帮忙看看,感谢!

Mon May 14 13:39:39 2012 us=867000 LZO compression initialized
Mon May 14 13:39:39 2012 us=867000 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon May 14 13:39:39 2012 us=867000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon May 14 13:39:39 2012 us=867000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon May 14 13:39:39 2012 us=867000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon May 14 13:39:39 2012 us=867000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon May 14 13:39:39 2012 us=867000 Local Options hash (VER=V4): '31fdf004'
Mon May 14 13:39:39 2012 us=867000 Expected Remote Options hash (VER=V4): '3e6d1056'
Mon May 14 13:39:39 2012 us=867000 Attempting to establish TCP connection with 192.168.1.10:8080
Mon May 14 13:39:39 2012 us=867000 TCP connection established with 192.168.1.10:8080
Mon May 14 13:39:39 2012 us=867000 Send to HTTP proxy: 'CONNECT 116.34.23.4:443 HTTP/1.0'
Mon May 14 13:39:40 2012 us=241000 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required'
Mon May 14 13:39:40 2012 us=241000 Proxy requires authentication
Mon May 14 13:39:40 2012 us=241000 HTTP proxy: no support for proxy authentication method
Mon May 14 13:39:40 2012 us=241000 TCP/UDP: Closing socket
Mon May 14 13:39:40 2012 us=241000 SIGTERM[soft,init_instance] received, process exiting

seaxp

是不是代理服务器把443端口给封闭了？

Mon May 14 13:39:40 2012 us=241000 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required'
Mon May 14 13:39:40 2012 us=241000 Proxy requires authentication

jbcdidgosir

感谢回帖

443肯定没封,因为可以上一些https的网站.

主题里的内容是我朋友的,她的电脑是入域的,所以上网从来不需要输入密码.

我在公司也有这个问题,但是我用无线连公司网络是OK的,连无线的话,需要输入域用户名和密码(因为我越域了),才能通过无线验证并拿到IP,这样再连VPN时就不再需要用户名和密码了,所以直接能上去,但是如果插网线,也是连不上的,但是错误日志稍有区别:

Mon May 14 09:31:18 2012 us=62000 LZO compression initialized
Mon May 14 09:31:18 2012 us=62000 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon May 14 09:31:18 2012 us=62000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon May 14 09:31:18 2012 us=62000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon May 14 09:31:18 2012 us=62000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon May 14 09:31:18 2012 us=62000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon May 14 09:31:18 2012 us=62000 Local Options hash (VER=V4): '31fdf004'
Mon May 14 09:31:18 2012 us=62000 Expected Remote Options hash (VER=V4): '3e6d1056'
Mon May 14 09:31:18 2012 us=62000 Attempting to establish TCP connection with 192.168.88.88:1111
Mon May 14 09:31:18 2012 us=93000 TCP connection established with 192.168.88.88:1111
Mon May 14 09:31:18 2012 us=93000 Send to HTTP proxy: 'CONNECT 116.34.23.4:443 HTTP/1.0'
Mon May 14 09:31:18 2012 us=93000 Attempting Basic Proxy-Authorization
Mon May 14 09:31:18 2012 us=109000 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. )'
Mon May 14 09:31:18 2012 us=109000 Proxy requires authentication
Mon May 14 09:31:18 2012 us=109000 Proxy requires authentication
Mon May 14 09:31:18 2012 us=109000 TCP/UDP: Closing socket
Mon May 14 09:31:18 2012 us=109000 SIGTERM[soft,init_instance] received, process exiting

Spider007

Proxy requires authentication
Mon May 14 13:39:40 2012 us=241000 HTTP proxy: no support for proxy authentication method
Mon May 14 13:39:40 2012 us=241000 TCP/UDP: Closing socket
Mon May 14 13:39:40 2012 us=241000 SIGTERM[soft,init_instance] received, process exiting

初步可以看出是代理服务器需要用户认证信息，然后代理服务器的认证方法不被openvpn支持，你试着调整下代理服务器的认证方法吧，或者直接关掉代理服务器的用户认证

jbcdidgosir

谢谢回复.

代理服务器是公司的,我没有任何权限啊...

奇怪的是,如果我用无线上网(公司架设的,不是公共Wi-Fi),在联网时需要输入域账号和密码的,用这个方式联网,OpenVPN通过代理时就不需要用户名和密码了.

jbcdidgosir

今天居然连无线网络都无法通过密码验证了,是不是那个狗日的IT也混这个论坛啊,妈屄的死全家!艹!

我用ccproxy做了二次代理,发现如果ccproxy不设密码,日志为:
Tue May 15 10:15:56 2012 us=62000 Attempting to establish TCP connection with 127.0.0.1:808
Tue May 15 10:15:56 2012 us=62000 TCP connection established with 127.0.0.1:808
Tue May 15 10:15:56 2012 us=62000 Send to HTTP proxy: 'CONNECT 116.34.67.23:443 HTTP/1.0'
Tue May 15 10:15:56 2012 us=62000 Attempting Basic Proxy-Authorization
Tue May 15 10:15:56 2012 us=62000 HTTP proxy returned: 'HTTP/1.0 407 Unauthorized'
Tue May 15 10:15:56 2012 us=62000 Proxy requires authentication
Tue May 15 10:15:56 2012 us=62000 Proxy requires authentication
Tue May 15 10:15:56 2012 us=62000 TCP/UDP: Closing socket
Tue May 15 10:15:56 2012 us=62000 SIGTERM[soft,init_instance] received, process exiting
然后直接报错.

如果设置了密码,日志为:
Tue May 15 10:16:39 2012 us=312000 Attempting to establish TCP connection with 127.0.0.1:808
Tue May 15 10:16:39 2012 us=312000 TCP connection established with 127.0.0.1:808
Tue May 15 10:16:39 2012 us=312000 Send to HTTP proxy: 'CONNECT 116.34.67.23:443 HTTP/1.0'
Tue May 15 10:16:39 2012 us=375000 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Tue May 15 10:16:39 2012 us=390000 TCPv4_CLIENT link local: [undef]
Tue May 15 10:16:39 2012 us=390000 TCPv4_CLIENT link remote: 127.0.0.1:808
Tue May 15 10:16:39 2012 us=390000 Connection reset, restarting [0]
Tue May 15 10:16:39 2012 us=390000 TCP/UDP: Closing socket
Tue May 15 10:16:39 2012 us=390000 SIGUSR1[soft,connection-reset] received, process restarting
Tue May 15 10:16:39 2012 us=390000 Restart pause, 5 second(s)
然后往复循环.

跪求哪位大大出手相助啊!大家都是底层被压迫的贫苦百姓啊,翻个墙不容易啊!

jbcdidgosir

OpenVPN东西挺好,但是为啥代理服务器验证这块做得那么烂啊,我以前用的SocksOnline都能很轻松的通过代理验证

jbcdidgosir

经过我的不懈努力,刚才终于成功了!!!哈哈!!!
如果你公司的代理服务器地址是192.168.1.10:8080,那么在.ovpn的配置文件最后加一行,其他的地址以此类推:
http-proxy 192.168.1.10 8080 auth.txt ntlm

然后在同一个目录下新建一个auth.txt的记事本文件(什么?你想换个名字?OK,那么上面那句话里你也把名字换掉)
然后文本里第一行是你的用户名,第二行是你的密码.

然后,最重要的一点,也是我之前一直搞不定的原因,就是在Proxy setting里,一定要选择"Use OpenVPN Config-file Settings",不能选"Manual Configuration"!!!

ok,搞定!

或许有人觉得是因为我不看手册导致的,好吧,我认,不过我觉得这个对于初学者是很容易碰到的问题,就作为初学者的tips吧,嘿嘿.

daidai120

提示: 作者被禁止或删除内容自动屏蔽

seaxp

原来是域认证搞的鬼。因为域认证是默认由系统自动提供用户名和密码的，所以在OPENVPN下必须要建立默认的认证文件，才能由客户端自动读取。

guanyuli

提示: 作者被禁止或删除内容自动屏蔽

		自动登录	找回密码
密码			注册

【求助】OpenVPN无法通过公司代理服务器的验证!

回复 #2 seaxp 的帖子

回复 #4 Spider007 的帖子