• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

[2011-07-25]SSL VPN客户端接入失败经验案例

2011-07-25 发表
  • 0关注
  • 0收藏 5305浏览
金山 九段
粉丝:19人 关注:0人

SSL VPN客户端接入失败经验案例

一、   组网:

客户端通过https协议访问SSL VPN网关的用户登录页面,并完成认证操作。组网图略。

 

二、   问题描述:

H3C SSL VPN支持WEBTCPIP三种接入方式,其中TCPIP接入方式需要安装ActiveX控件、虚网卡及下载客户端。ActiveX控件和客户端会对系统的注册表及Hosts文件等进行操作。鉴于这种应用方式涉及到客户端操作系统的安全设置、软件安装情况等因素,所以在使用过程中会出现一些接入不成功的情况。本案例就目前已知的部分SSL VPN客户端接入失败的情况进行总结并给出相应的解决方案。

 

三、   过程分析:

目前已知的错误情况主要有以下几类:

1.配置问题

1.1配置了IP主机资源并授权给用户,但是无相应的IP全局配置。

1.2 Autohome特性采用IP接入方式,但是没有给用户进行IP资源授权。

1.3 IP全局配置中地址池地址和客户本地地址冲突。

1.4 SSL VPN网关地址包含在授权给用户的IP主机资源地址或网段中。

2.版本升级兼容问题

2.1 老版本ActiveX控件和新版本客户端配合有问题。

3.客户端环境问题

3.1 安装ActiveX控件失败导致下载客户端软件失败,原因可能有:

1) 浏览器禁止安装或运行ActiveX控件。

2) 浏览器禁止已经安装的SSL VPN ActiveX控件。

3) 运行64位浏览器时,无法安装ActiveX控件。

4) IE7/IE8启用了保护模式,但是没有把SSL VPN网关地址加入受信任站点。

5) 客户操作系统安装的防火墙及杀毒软件禁止安装ActiveX控件或或者禁止ActiveX控件修改注册表导致下载客户端失败。

6) 操作系统缺少某些组件或补丁导致安装ActiveX失败。

4.虚网卡相关

4.1 安装虚网卡失败。

4.2 XP/Server 2003系统下,虚网卡安装成功,但是不主动发起DHCP请求,导致分配地址失败。

4.3 客户操作系统安装的防火墙及杀毒软件等阻止客户端软件修改主机路由或者Hosts文件。

5.DNS解析相关问题

5.1 PC加入域后,通过虚网卡转发的DNS请求无法自动补充待解析域名,导致解析失败。

5.2 待访问IP资源是域名方式访问时,本地网卡的DNSSSL VPN下发的DNS的解析顺序无法保证,导致解析失败

 

四、   问题现象及解决方法:

1.客户端接入正常。

正常情况下用户客户端可以正常启动,对于IP接入方式可以正常安装虚网卡,并且虚网卡成功分配到地址和添加相应的路由,用户业务访问正常。

1.1设备管理器中可以看到虚网卡。

                                                                                                           图1 设备管理器中有虚网卡

1.2用户成功分配虚地址和添加路由。

                                                                                             图2 登录SSL VPN后虚网卡成功分到地址

                                                                                                   图3 登录SSL VPN后成功添加路由

1.3成功日志信息。

成功日志信息分为不启用“只允许访问VPN”和启用“只允许访问VPN”两种情况:

1)  未使能 “IP网络->全局配置”中“只允许访问VPN” 。

[04-28 14:35:05]: Callback function: Called the callback function successfully.

[04-28 14:35:05]: Starting the client

[04-28 14:35:05]: Start client: pcStartInfo=GATEWAY=192.168.252.25;svpnuid=5d0ebe3167f84e3e5f3ed04180904401;port=443;TIMEOUT=60

[04-28 14:35:05]: scan adapter Info:Adapter Name=Realtek RTL8139/810x Family Fast Ethernet NIC - Teefer2 Miniport, want SSLVPN Virtual Network Adapter(CS Support)

[04-28 14:35:05]: scan adapter Info:Adapter Name=D-Link DFE-530TX PCI Fast Ethernet Adapter (rev.C) #2 - Teefer2 Miniport, want SSLVPN Virtual Network Adapter(CS Support)

[04-28 14:35:05]: Clear DHCP Info: Found no virtual network adaptor.

[04-28 14:35:05]: FUNC=AutoInstall,    Preparing to install the driver

[04-28 14:35:05]: FUNC=AutoInstall,    Installation directory=C:\SSLVPN CLIENT

[04-28 14:35:05]: FUNC=AutoInstall,    Install driver on Win32

[04-28 14:35:05]: FUNC=AutoInstall,    Checked file C:\SSLVPN CLIENT\SVPNVnic_CS.sys successfully.

[04-28 14:35:05]: FUNC=AutoInstall,    Checked file C:\SSLVPN CLIENT\snetcfg.exe successfully.

[04-28 14:35:05]: FUNC=AutoInstall,    C:\SSLVPN CLIENT\netvdev.inf=3724

[04-28 14:35:05]: FUNC=AutoInstall,    Delete the original driver file C:\WINDOWS\inf\oem13.inf successfully.

[04-28 14:35:05]: FUNC=AutoInstall,    Checked file C:\SSLVPN CLIENT\netvdev.inf successfully.

[04-28 14:35:05]: FUNC=AutoInstall,    Checked file C:\SSLVPN CLIENT\FoundWindow.sys successfully.

[04-28 14:35:05]: "C:\SSLVPN CLIENT\snetcfg" -U sslvpn_adapter_cs

[04-28 14:35:09]: "C:\SSLVPN CLIENT\snetcfg" -l "C:\SSLVPN CLIENT\netvdev.inf"  -c a -i sslvpn_adapter_cs

[04-28 14:35:09]: FUNC=AutoInstall,    Started to install the driver...

[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: FUNC=AutoInstall,     Found installation window "软件安装"

[04-28 14:35:09]: FUNC=InstallButtonEnumWindowsProc,          Button name="没有通过 Windows 徽标测试,无法验证它同 Windows XP 的兼容性。", the name to be found="仍然继续(&C)"

[04-28 14:35:09]: FUNC=InstallButtonEnumWindowsProc,          Button name="您要继续安装此软件吗?", the name to be found="仍然继续(&C)"

[04-28 14:35:09]: FUNC=InstallButtonEnumWindowsProc,          Button name="仍然继续(&C)", the name to be found="仍然继续(&C)"

[04-28 14:35:09]: FUNC=AutoInstall,    Found installation button "仍然继续(&C)"

[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:09]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: .[04-28 14:35:10]: FUNC=AutoInstall,         Found installation window "硬件安装"

[04-28 14:35:12]: FUNC=InstallButtonEnumWindowsProc,          Button name="正在为此硬件安装的软件:", the name to be found="仍然继续(&C)"

[04-28 14:35:12]: FUNC=AutoInstall,    Did not find installation button "仍然继续(&C)"

[04-28 14:35:12]: .[04-28 14:35:12]: FUNC=AutoInstall,    Found installation window "硬件安装"

[04-28 14:35:12]: FUNC=InstallButtonEnumWindowsProc,          Button name="正在为此硬件安装的软件:", the name to be found="仍然继续(&C)"

[04-28 14:35:12]: FUNC=InstallButtonEnumWindowsProc,          Button name="SSLVPN Virtual Network Adapter(CS Support)", the name to be found="仍然继续(&C)"

[04-28 14:35:12]: FUNC=InstallButtonEnumWindowsProc,          Button name="没有通过 Windows 徽标测试,无法验证它同 Windows XP 的兼容性。", the name to be found="仍然继续(&C)"

[04-28 14:35:12]: FUNC=InstallButtonEnumWindowsProc,          Button name="继续安装此软件会立即或在以后使系统变得不稳定。Microsoft 建议您现在停止此安装,并同硬件供应商联系,以获得通过 Windows 徽标测试的软件。", the name to be found="仍然继续(&C)"

[04-28 14:35:12]: FUNC=InstallButtonEnumWindowsProc,          Button name="您想继续为此硬件安装软件吗?", the name to be found="仍然继续(&C)"

[04-28 14:35:12]: FUNC=InstallButtonEnumWindowsProc,          Button name="仍然继续(&C)", the name to be found="仍然继续(&C)"

[04-28 14:35:12]: FUNC=AutoInstall,    Found installation button "仍然继续(&C)"

[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:12]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: .[04-28 14:35:13]: FUNC=DriverExists,       Driver installed!

[04-28 14:35:19]: FUNC=AutoInstall,    Installed the virtual network adapter successfully.

[04-28 14:35:19]: Clear DHCP Info: Installed the virtual network adaptor successfully.

[04-28 14:35:19]: Start client: Cleared the DHCP information successfully.

[04-28 14:35:19]: Start client: Initialized the virtual network adaptor successfully.

[04-28 14:35:19]: Init Proxy: Init proxy id successful!

[04-28 14:35:19]: Start client: Initialized the proxy successfully.

[04-28 14:35:19]: Split message : pMsg=GATEWAY=192.168.252.25;svpnuid=5d0ebe3167f84e3e5f3ed04180904401;port=443;TIMEOUT=60

[04-28 14:35:19]: Split message: The call is successful.

[04-28 14:35:19]: Init TransForm: Client connected to server: 192.168.252.25 port=443

[04-28 14:35:19]: Local addr of the socket after connect is:192.168.96.17,port:3138

/*客户端成功连接网关,并向网关发起请求*/

[04-28 14:35:20]: NET_EXTEND / HTTP/1.1

COOKIE:svpnuid=5D0EBE3167F84E3E5F3ED04180904401

 

 

[04-28 14:35:20]: Splite Message: IP address is : :91.0.0.101

[04-28 14:35:20]: Splite Message: IP subnet mask is: 24

[04-28 14:35:20]: Splite Message: IP subnet route is: 2.2.2.0/24;192.168.100.10/32

[04-28 14:35:20]: Splite Message: Gateway IP address: 91.0.0.1

[04-28 14:35:20]: Splite Message:DNS IP:10.72.66.36;192.168.100.240

[04-28 14:35:20]: Splite Message:Static DNS:tech/10.154.240.55;press/10.153.3.111;tdms/10.154.243.65;h3cml04-ds/10.63.20.85;

[04-28 14:35:20]: Splite Message:DNS LIST:domain:tech,ip:10.154.240.55

[04-28 14:35:20]: Splite Message:DNS LIST:domain:press,ip:10.153.3.111

[04-28 14:35:20]: Splite Message:DNS LIST:domain:tdms,ip:10.154.243.65

[04-28 14:35:20]: Splite Message:DNS LIST:domain:h3cml04-ds,ip:10.63.20.85

[04-28 14:35:20]: Init TransForm: Contents of the packet that the gateway replied with: ReceiveBuf: HTTP/1.1 200 OK  /*网关校验用户身份成功,并下发相关配置信息*/

IPADDRESS:91.0.0.101  /*分配给客户端虚网卡的地址*/

SUBNETMASK:24

ROUTES:2.2.2.0/24;192.168.100.10/32  /*授权给用户的IP网段或地址*/

DNS:10.72.66.36;192.168.100.240  /*网关下发给用户的DNS*/

GATEWAY:91.0.0.1

RESTRICT:0     /*网关未配置只允许访问VPN”*/

STATICDNS:tech/10.154.240.55;press/10.153.3.111;tdms/10.154.243.65;h3cml04-ds/10.63.20.85;   /*网关下发的预置域名表项*/

 

 

[04-28 14:35:20]: Init transForm: Initialized the transmission module successfully.

[04-28 14:35:20]: Start client: Initialized the transmission channel.

[04-28 14:35:20]: Open VPN VF Driver: Opened the virtual network adaptor successfully.

[04-28 14:35:20]: Open VPN VF Driver: Initialized the virtual network adaptor successfully.

[04-28 14:35:20]: Open VPN VF Driver: Connected the virtual network adaptor successfully.

[04-28 14:35:20]: Access link: Connecting the virtual network adaptor

[04-28 14:35:20]: Start client: Opened the virtual network adaptor successfully.

[04-28 14:35:20]: Start client: Started the two main threads successfully.

[04-28 14:35:20]: SendProc: The sending thread started.

[04-28 14:35:20]: AddDnsTohosts:buf:

10.63.20.85   h3cml04-ds #H3C8042HJJMTW ADD

10.154.243.65   tdms #H3C8042HJJMTW ADD

10.153.3.111   press #H3C8042HJJMTW ADD

10.154.240.55   tech #H3C8042HJJMTW ADD  /*成功添加预置域名到Hosts文件中*/

[04-28 14:35:20]: RecvProc: The receiving thread started.

[04-28 14:35:25]: Get Packet From VF Queue: Received DHCP packets.

[04-28 14:35:25]: DHCP proxy: Replied with a DHCPOFFER packet.

[04-28 14:35:25]: Get Packet From VF Queue: Received DHCP packets.

[04-28 14:35:25]: DHCP proxy: Replied with a DHCPACK packet.   /*虚网卡通过DHCP成功分到地址*/

[04-28 14:35:25]: DoSetIpForwardEntry parameters: pszDest=2.2.2.0,pszNetMask=255.255.255.0,pszGateway=91.0.0.1,pszInterface=91.0.0.101,dwMetric=1 /*成功添加路由*/

[04-28 14:35:25]: ip:6500005b(91.0.0.101)/0

[04-28 14:35:25]: ip:6500005b(91.0.0.101)/1160a8c0

[04-28 14:35:25]: ip:6500005b(91.0.0.101)/ca0000c8

[04-28 14:35:25]: ip:6500005b(91.0.0.101)/100007f

[04-28 14:35:25]: Get packet from queue: Received ARP packets.

[04-28 14:35:25]: ARP proxy: The destination IP address is the address of the local device.

[04-28 14:35:25]: Get packet from queue: Received ARP packets.

[04-28 14:35:25]: ARP proxy: The destination IP address is the address of the local device.

[04-28 14:35:26]: DoSetIpForwardEntry parameters: pszDest=2.2.2.0,pszNetMask=255.255.255.0,pszGateway=91.0.0.1,pszInterface=91.0.0.101,dwMetric=1

[04-28 14:35:26]: ip:6500005b(91.0.0.101)/6500005b

[04-28 14:35:26]: Found the network adaptor with the IP address 91.0.0.101.

[04-28 14:35:26]: DoSetIpForwardEntry parameters: pszDest=192.168.100.10,pszNetMask=255.255.255.255,pszGateway=91.0.0.1,pszInterface=91.0.0.101,dwMetric=1

[04-28 14:35:26]: ip:6500005b(91.0.0.101)/6500005b

[04-28 14:35:26]: Found the network adaptor with the IP address 91.0.0.101.

[04-28 14:35:26]: DHCP proxy: Set the routing information successfully.

[04-28 14:35:26]: Get packet from queue: Received ARP packets.

[04-28 14:35:26]: ARP proxy: The destination IP address is the address of the local device.

 

2)      使能 “IP网络->全局配置”中“只允许访问VPN”。

[04-28 16:36:50]: Callback function: Called the callback function successfully.

[04-28 16:36:50]: Starting the client

[04-28 16:36:50]: Start client: pcStartInfo=GATEWAY=200.0.0.221;svpnuid=656d18c9bd42cc9cfed57fe4ce674400;port=443;TIMEOUT=60

[04-28 16:36:50]: scan adapter Info:Adapter Name=SSLVPN Virtual Network Adapter(CS Support) - Teefer2 Miniport, want SSLVPN Virtual Network Adapter(CS Support)

[04-28 16:36:50]: Clear DHCP Info:Adapter Name={FEFB80FA-895F-44EF-8F18-C6A21038AECB}

[04-28 16:36:50]: Clear DHCP Info:Adapter Desc=SSLVPN Virtual Network Adapter(CS Support) - Teefer2 Miniport

[04-28 16:36:50]: Clear DHCP Info:IP Address=0.0.0.0

[04-28 16:36:50]: Clear DHCP Info:DhcpClassId=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FEFB80FA-895F-44EF-8F18-C6A21038AECB}

 

[04-28 16:36:50]: Clear DHCP Info: DhcpClassId=SYSTEM\CurrentControlSet\Services\{FEFB80FA-895F-44EF-8F18-C6A21038AECB}\Parameters\Tcpip

 

[04-28 16:36:50]: FUNC=DriverMatch,          Checked file C:\WINDOWS\system32\drivers\SVPNVnic_CS.sys and C:\SSLVPN CLIENT\SVPNVnic_CS.sys successfully.

[04-28 16:36:50]: Start client: Cleared the DHCP information successfully.

[04-28 16:36:50]: Start client: Initialized the virtual network adaptor successfully.

[04-28 16:36:50]: Init Proxy: Init proxy id successful!

[04-28 16:36:50]: Start client: Initialized the proxy successfully.

[04-28 16:36:50]: Split message : pMsg=GATEWAY=200.0.0.221;svpnuid=656d18c9bd42cc9cfed57fe4ce674400;port=443;TIMEOUT=60

[04-28 16:36:50]: Split message: The call is successful.

[04-28 16:36:50]: Init TransForm: Client connected to server: 200.0.0.221 port=443

[04-28 16:36:50]: Local addr of the socket after connect is:200.0.0.202,port:3799

/*客户端成功连接网关,并向网关发起请求*/

[04-28 15:00:41]: NET_EXTEND / HTTP/1.1

COOKIE:svpnuid=88DD7B8285A97E7F018A9C1041AF4401

 

[04-28 15:00:41]: Splite Message: IP address is : :91.0.0.101

[04-28 15:00:41]: Splite Message: IP subnet mask is: 24

[04-28 15:00:41]: Splite Message: IP subnet route is: 2.2.2.0/24;192.168.100.10/32

[04-28 15:00:41]: Splite Message: Gateway IP address: 91.0.0.1

[04-28 15:00:41]: Splite Message:DNS IP:10.72.66.36;192.168.100.240

[04-28 15:00:41]: Splite Message:Static DNS:tech/10.154.240.55;press/10.153.3.111;tdms/10.154.243.65;h3cml04-ds/10.63.20.85;

[04-28 15:00:41]: Splite Message:DNS LIST:domain:tech,ip:10.154.240.55

[04-28 15:00:41]: Splite Message:DNS LIST:domain:press,ip:10.153.3.111

[04-28 15:00:41]: Splite Message:DNS LIST:domain:tdms,ip:10.154.243.65

[04-28 15:00:41]: Splite Message:DNS LIST:domain:h3cml04-ds,ip:10.63.20.85

[04-28 15:00:41]: Init TransForm: Contents of the packet that the gateway replied with: ReceiveBuf: HTTP/1.1 200 OK  /*网关校验用户身份成功,并下发相关配置信息*/

IPADDRESS:91.0.0.101  /*分配给客户端虚网卡的地址*/

SUBNETMASK:24

ROUTES:2.2.2.0/24;192.168.100.10/32  /*授权给用户的IP网段或地址*/

DNS:10.72.66.36;192.168.100.240  /*网关下发给用户的DNS*/

GATEWAY:91.0.0.1

RESTRICT:1  /*网关配置只允许访问VPN”*/

STATICDNS:tech/10.154.240.55;press/10.153.3.111;tdms/10.154.243.65;h3cml04-ds/10.63.20.85;  /*网关下发的预置域名表项*/

 

 

[04-28 15:00:41]: Init transForm: Initialized the transmission module successfully.

[04-28 15:00:41]: Start client: Initialized the transmission channel.

[04-28 15:00:41]: Open VPN VF Driver: Opened the virtual network adaptor successfully.

[04-28 15:00:41]: Open VPN VF Driver: Initialized the virtual network adaptor successfully.

[04-28 15:00:41]: Open VPN VF Driver: Connected the virtual network adaptor successfully.

[04-28 15:00:41]: Access link: Connecting the virtual network adaptor

[04-28 15:00:41]: Start client: Opened the virtual network adaptor successfully.

[04-28 15:00:41]: Start client: Started the two main threads successfully.

[04-28 15:00:41]: AddDnsTohosts:buf:

10.63.20.85   h3cml04-ds #H3C8042HJJMTW ADD

10.154.243.65   tdms #H3C8042HJJMTW ADD

10.153.3.111   press #H3C8042HJJMTW ADD

10.154.240.55   tech #H3C8042HJJMTW ADD  /*成功添加预置域名到Hosts文件中*/

[04-28 15:00:41]: SendProc: The sending thread started.

[04-28 15:00:41]: RecvProc: The receiving thread started.

[04-28 15:00:45]: Get Packet From VF Queue: Received DHCP packets.

[04-28 15:00:45]: DHCP proxy: Replied with a DHCPOFFER packet.

[04-28 15:00:45]: Get Packet From VF Queue: Received DHCP packets.

[04-28 15:00:45]: DHCP proxy: Replied with a DHCPACK packet.  /*虚网卡通过DHCP成功分到地址*/

[04-28 15:00:45]: ip:6500005b(91.0.0.101)/0

[04-28 15:00:45]: ip:6500005b(91.0.0.101)/100007f

[04-28 15:00:45]: ip:6500005b(91.0.0.101)/1160a8c0

[04-28 15:00:45]: ip:6500005b(91.0.0.101)/ca0000c8

[04-28 15:00:45]: Get packet from queue: Received ARP packets.

[04-28 15:00:45]: ARP proxy: The destination IP address is the address of the local device.

[04-28 15:00:45]: Get packet from queue: Received ARP packets.

[04-28 15:00:45]: Get packet from queue: Received ARP packets.

[04-28 15:00:45]: ARP proxy: The destination IP address is the address of the local device.

[04-28 15:00:46]: ip:6500005b(91.0.0.101)/6500005b

[04-28 15:00:46]: Found the network adaptor with the IP address 91.0.0.101.

[04-28 15:00:46]: The local addr of the socket is:192.168.96.17

[04-28 15:00:46]: ip:1160a8c0(192.168.96.17)/6500005b

[04-28 15:00:46]: ip:1160a8c0(192.168.96.17)/100007f

[04-28 15:00:46]: ip:1160a8c0(192.168.96.17)/1160a8c0

[04-28 15:00:46]: Found the network adaptor with the IP address 192.168.96.17.

[04-28 15:00:46]: Set the host route successfully. The gateway address is fe63a8c0:

/*成功设置主机路由*/

[04-28 15:00:46]: Backed up the route. The IP address of the next hop is: fe63a8c0

/*成功备份路由*/

[04-28 15:00:46]: Get packet from queue: Received ARP packets.

[04-28 15:00:46]: ARP proxy: The destination IP address is the address of the local device.

[04-28 15:00:47]: Get packet from queue: Received ARP packets.

 

2配置了IP主机资源并授权给用户,但是无相应的IP全局配置。

2.1 页面错误提示信息。

                                                                                                              图4 IP客户端启动失败

2.2 异常日志信息。

 [03-31 14:23:48]: FUNC=DriverMatch,       Checked file C:\WINDOWS\system32\drivers\SVPNVnic_CS.sys and C:\SSLVPN CLIENT\SVPNVnic_CS.sys successfully.

[03-31 14:23:48]: Start client: Cleared the DHCP information successfully.

[03-31 14:23:48]: Start client: Initialized the virtual network adaptor successfully.

[03-31 14:23:48]: Init Proxy: Init proxy id successful!

[03-31 14:23:48]: Start client: Initialized the proxy successfully.

[03-31 14:23:48]: Split message : pMsg=GATEWAY=100.0.0.221;svpnuid=3293da6b37a5d2c9c03997db3fe74401;port=443;TIMEOUT=60

[03-31 14:23:48]: Split message: The call is successful.

[03-31 14:23:48]: Init TransForm: Client connected to server: 100.0.0.221 port=443

[03-31 14:23:48]: Local addr of the socket after connect is:100.0.0.202,port:4346

[03-31 14:23:49]: NET_EXTEND / HTTP/1.1

COOKIE:svpnuid=3293DA6B37A5D2C9C03997DB3FE74401

 

[03-31 14:23:49]: Init TransForm: Failed to read the message recurrently! Received a wrong packet: x


[03-31 14:23:49]: Start client: Failed to initialize the gateway transmission channel.

[03-31 14:23:49]: ========

[03-31 14:23:49]: No result returned from the server.

[03-31 14:23:49]: Release resource: Releasing the resource

[03-31 14:23:49]: Release resouse: iCode=0,pcInfo=No result returned from the server.

[03-31 14:23:49]: Release resource: Closing the socket

[03-31 14:23:49]: Release resource: Socket closed normally.

[03-31 14:23:49]: Release resouse: Closing the network adaptor

[03-31 14:23:49]: Close VPN VF driver: Success!

[03-31 14:23:49]: Release resource: Normal IP access: Restoring the route

[03-31 14:23:49]: ip:0()/0

[03-31 14:23:49]: Found the network adaptor with the IP address .

[03-31 14:23:49]: Release resouse: g_FuncCallBack = NULL!

[03-31 14:23:49]: Release resource: Left normally.

2.3 解决方案。

配置“资源管理->IP网络->全局配置”中的IP地址池,并且使地址池中地址与设备接口地址网段不冲突。

 

3AutoHome特性采用IP接入方式,但是没有给用户进行IP资源授权。

3.1 页面错误提示信息。

                                                                                                         图5 Autohome特性登录失败

3.2 异常日志信息。

[03-31 14:23:48]: FUNC=DriverMatch,          Checked file C:\WINDOWS\system32\drivers\SVPNVnic_CS.sys and C:\SSLVPN CLIENT\SVPNVnic_CS.sys successfully.

[03-31 14:23:48]: Start client: Cleared the DHCP information successfully.

[03-31 14:23:48]: Start client: Initialized the virtual network adaptor successfully.

[03-31 14:23:48]: Init Proxy: Init proxy id successful!

[03-31 14:23:48]: Start client: Initialized the proxy successfully.

[03-31 14:23:48]: Split message : pMsg=GATEWAY=100.0.0.221;svpnuid=3293da6b37a5d2c9c03997db3fe74401;port=443;TIMEOUT=60

[03-31 14:23:48]: Split message: The call is successful.

[03-31 14:23:48]: Init TransForm: Client connected to server: 100.0.0.221 port=443

[03-31 14:23:48]: Local addr of the socket after connect is:100.0.0.202,port:4346

[03-31 14:23:49]: NET_EXTEND / HTTP/1.1

COOKIE:svpnuid=3293DA6B37A5D2C9C03997DB3FE74401

[04-12 11:16:46]: Splite Message: Failed the authentication by the server, the code returned by the server= 556

[04-12 11:16:46]: Init TransForm: Failed to resolve the packet that the gateway replied with!  x


[04-12 11:16:46]: Start client: Failed to initialize the gateway transmission channel.

[04-12 11:16:46]: ========

[04-12 11:16:46]: 未知故障,请尝试重新登录!

[04-12 11:16:46]: Release resource: Releasing the resource

[04-12 11:16:46]: Release resouse: iCode=0,pcInfo=未知故障,请尝试重新登录!

3.3 解决方案。

给用户授权相应的IP资源。

 

4.IP全局配置中地址池地址和用户本地地址冲突。

4.1 错误配置。

                                                                                                          图6 IP网络全局地址池配置

                                                                                                              图7 客户端本地IP配置

4.2 页面错误提示信息。

                                                                                                              图8 IP客户端接入失败

4.3 异常日志信息。

 [03-31 14:49:33]: FUNC=DriverMatch,       Checked file C:\WINDOWS\system32\drivers\SVPNVnic_CS.sys and C:\SSLVPN CLIENT\SVPNVnic_CS.sys successfully.

[03-31 14:49:33]: Start client: Cleared the DHCP information successfully.

[03-31 14:49:33]: Start client: Initialized the virtual network adaptor successfully.

[03-31 14:49:33]: Init Proxy: Init proxy id successful!

[03-31 14:49:33]: Start client: Initialized the proxy successfully.

[03-31 14:49:33]: Split message : pMsg=GATEWAY=100.0.0.221;svpnuid=28873200eb3af562f41e7be87ad74400;port=443;TIMEOUT=60

[03-31 14:49:33]: Split message: The call is successful.

[03-31 14:49:33]: Init TransForm: Client connected to server: 100.0.0.221 port=443

[03-31 14:49:33]: Local addr of the socket after connect is:100.0.0.202,port:4530

[03-31 14:49:33]: NET_EXTEND / HTTP/1.1

COOKIE:svpnuid=28873200EB3AF562F41E7BE87AD74400

 

[03-31 14:49:33]: Splite Message: IP address is : :192.168.96.2

[03-31 14:49:33]: Splite Message: IP subnet mask is: 24

[03-31 14:49:33]: Get VF Index: Found the virtual network adaptor.

[03-31 14:49:33]: Splite Message: IP address assigned to the virtual network adaptor conflicts with that of the local network adaptor.

[03-31 14:49:33]: Init TransForm: Failed to resolve the packet that the gateway replied with!  x


[03-31 14:49:33]: Start client: Failed to initialize the gateway transmission channel.

[03-31 14:49:33]: ========

[03-31 14:49:33]: IP address assigned to the virtual network adaptor conflicts with that of the local network adaptor!

[03-31 14:49:33]: Release resource: Releasing the resource

[03-31 14:49:33]: Release resouse: iCode=0,pcInfo=IP address assigned to the virtual network adaptor conflicts with that of the local network adaptor!

[03-31 14:49:33]: Release resource: Closing the socket

[03-31 14:49:33]: Release resource: Socket closed normally.

[03-31 14:49:33]: Release resouse: Closing the network adaptor

[03-31 14:49:33]: Close VPN VF driver: Success!

[03-31 14:49:33]: Release resource: Normal IP access: Restoring the route

[03-31 14:49:33]: ip:260a8c0(192.168.96.2)/0

[03-31 14:49:33]: ip:260a8c0(192.168.96.2)/ca000064

[03-31 14:49:33]: ip:260a8c0(192.168.96.2)/100007f

[03-31 14:49:33]: ip:260a8c0(192.168.96.2)/1060a8c0

[03-31 14:49:33]: ip:260a8c0(192.168.96.2)/33f4a8c0

[03-31 14:49:33]: Release resouse: g_FuncCallBack = NULL!

[03-31 14:49:33]: Release resource: Left normally.

4.4 解决方案。

修改“资源管理->IP网络->全局配置”中的IP地址池,使地址池中地址与客户本地地址网段不冲突。

 

5.SSL VPN网关地址包含在授权给用户的IP主机资源地址或网段中。

5.1 错误现象。

用户登录后无法访问IP资源,一段时间后客户端弹出“客户端正在连接”的提示信息:

                                                                                                             图9 客户端错误提示信息

连接成功后查看路由信息,本案中SSL VPN网关地址为192.168.252.21IP资源包含192.168.252.0/24网段地址,导致生成下面红色框标注的异常路由,导致去往SSL VPN网关的报文转发异常。

                                                                                                                     图10 异常路由信息

5.2 异常日志信息。

[04-01 14:44:08]: AddDnsTohosts:buf:

10.63.20.85   h3cml04-ds #H3C8042HJJMTW ADD

10.154.243.65   tdms #H3C8042HJJMTW ADD

10.153.3.111   press #H3C8042HJJMTW ADD

10.154.240.55   tech #H3C8042HJJMTW ADD

[04-01 14:44:08]: RestartClient: Succeed to restart IP Client.

[04-01 14:44:08]: SendProc: The sending thread quitted.

[04-01 14:46:24]: Receive procedure: Failed to receive the packet header. Error No = 10054

[04-01 14:46:24]: [04-01 14:46:24]: RecvProc: The receiving thread quitted.

SendProc, Quitted the thread from non-running state.

[04-01 14:46:24]: SendProc: Preparing to restart IP client

[04-01 14:46:24]: ReleaseAndReconnect: Releasing the resource

[04-01 14:46:24]: ReleaseAndReconnect: iCode=104,pcInfo=IP Client is connectting to VPN server,Please wait a moment!

[04-01 14:46:24]: ReleaseAndReconnect: Closing the socket

[04-01 14:46:24]: ReleaseAndReconnect: Socket closed normally.

[04-01 14:46:24]: ReleaseAndReconnect: Normal IP access: Restoring the route

[04-01 14:46:24]: ip:200005b(91.0.0.2)/200005b

[04-01 14:46:24]: Found the network adaptor with the IP address 91.0.0.2.

[04-01 14:46:24]: FreeDnsListDNS LIST:domain:h3cml04-ds,ip:10.63.20.85

[04-01 14:46:24]: FreeDnsListDNS LIST:domain:tdms,ip:10.154.243.65

[04-01 14:46:24]: FreeDnsListDNS LIST:domain:press,ip:10.153.3.111

[04-01 14:46:24]: FreeDnsListDNS LIST:domain:tech,ip:10.154.240.55

[04-01 14:46:24]: ReleaseAndReconnect: Calling the callback function

[04-01 14:46:24]: Restarting the client

[04-01 14:46:24]: InitRtTrans: Client connected to server: 368879808 port=443

[04-01 14:46:24]: Local addr of the socket after connect is:192.168.96.16,port:1547

[04-01 14:46:24]: NET_EXTEND / HTTP/1.1

COOKIE:svpnuid=E696FC07A3C7E0775FF6809A09AB4401

5.3 解决方案。

有两种方法可以解决该问题:

1)  启用“资源管理->IP网络->全局配置”中“只允许访问VPN”选项,用户登录后系统会自动添加到SSL VPN网关的主机路由:

                                                                                          图11 启用“只访问VPN”选项下的路由信息

2)  修改IP资源,将SSL VPN网关地址排除在授权IP资源网段之外。

 

6.老版本ActiveX控件和新版本客户端配合问题。

6.1 页面错误提示信息。

                                                                                            图12 ActiveX控件版本和客户端版本不兼容

如果选择否,那么会出现启动IP客户端接入失败。

6.2 解决方案。

登录之前删除已经存在的客户端软件或者出现上述提示时选择“是”。

 

7.IE的管理加载项中将ActiveX控件禁用。

7.1 错误配置。

已经安装了SSL VPN ActiveX控件,但是IE的管理加载项中禁用控件。

                                                                                                    图13 禁用SSL VPN ActiveX控件

7.2 页面错误提示信息。

用户登录时会提示没有安装ActiveX控件,点击“取消”后,一直停留在主机检测页面:

                                                                                                         图14 提示安装ActiveX信息

                                                                                                         图15 提示安装ActiveX控件

                                                                                           图16 点击“取消”后无法安装ActiveX控件

7.3 解决方案。

启用IE的管理加载项中的ActiveX控件。

 

8IE安全选项中禁止运行ActiveX控件和插件。

8.1 错误配置。

                                                                                                         图17 禁止ActiveX控件配置

8.2 页面错误提示信息。

                                                                                                                 图18 页面错误提示

8.3 解决方案。

启用IE安全选项中“运行ActiveX 控件和插件”。

 

9.运行64位浏览器时无法安装ActiveX控件。

9.1 页面错误提示信息。

运行64位浏览器时,无法安装ActiveX控件,页面一直停留在验证ActiveX控件阶段。

                                                                                                       图19 不提示安装ActiveX控件

9.2 解决方案。

运行32位浏览器。

 

10.IE7/IE8启用了保护模式,但是SSL VPN网关地址非受信任站点。

10.1 页面错误提示信息。

根据用户是否安装ActiveX控件,是否有客户端,有如下3种错误提示信息:

1)  用户首次登录,没有安装ActiveX控件。

点击“确定”后,有下面提示:

点击“确定”,弹出下面提示:

2)  用户已经成功安装ActiveX控件:

用户登录后,弹出下面提示信息:

点击“确定”,弹出下面提示信息:

点击“确定”,弹出下面提示信息:

3)  已经安装ActiveX控件,并且有客户端文件,用户登录后提示如下信息:

10.2 解决方案。

取消IE浏览器的保护模式,或者将SSL VPN网关地址添加到浏览器受信任站点中。

 

11.操作系统缺少某些组件或补丁导致安装ActiveX失败

11.1 错误提示信息。

提示安装ActiveX控件,但是点击安装后,出现提示信息“安装ActiveX控件失败”。

手动安装ActiveX控件,出现错误提示信息“注册ActiveX控件失败”。在运行中运行“regsvr32 vpnactx.dll”,系统返回0x8007007e错误码。

11.2 解决方案。

Activex控件的注册安装需要系统的一些组件(.dll)预先安装注册好,如果系统中这些文件不存在或被损坏或者是没有注册,则会导致ActiveX控件安装失败。上述错误是由于在系统中缺少必要的组件,导致不能安装其他的ActiveX文件。解决方案如下:

1)  SSL VPN登录首页下载ActiveX控件安装文件。

2)  在“开始->运行”里输入: regsvr32 atl.dll 回车, 如果显示成功,再运行3)

3)  点击ActiveX控件安装包里的setup.exe

如果运行 regsvr32 atl.dll 不成功,请参考如下步骤解决:

1)  检查Windows系统目录(system32目录)中是否存在如下三个文件: msvcp60.dll,mfc42.dll, msvcrt.dll 文件, 如果不存在,请从网上下载或者从其他机器复制。

2)  检查系统目录(system32目录)中是否存在 atl.dll 文件, 如果不存在, 请从网上下载或者从其他机器复制。然后在“开始->运行”运行如下命令: regsvr32 atl.dll

3)  再次手动安装SSL VPN ActiveX控件。

 

12.安装虚网卡失败。

12.1 异常日志信息。

[09-07 13:47:24]: FUNC=AutoInstall,    Started to install the driver...

[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:24]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]:

.[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:47:25]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:33]: .[09-07 13:48:34]: .[09-07 13:48:34]: .[09-07 13:48:34]: .[09-07 13:48:34]: .[09-07 13:48:34]: .[09-07 13:48:34]: .[09-07 13:48:34]: .[09-07 13:48:34]: .[09-07 13:48:34]: /*虚网卡安装过程*/

FUNC=DriverExists,          Driver installed!

[09-07 13:48:34]: FUNC=AutoInstall,    Installed the virtual network adapter successfully.

[09-07 13:48:34]: Clear DHCP Info: Installed the virtual network adaptor successfully.

[09-07 13:48:34]: Start client: Initialized the virtual network adaptor successfully.

 

一段时间后出现如下错误提示:

 

                                                                                                                 图20 错误提示信息

 

12.2 系统中无虚网卡相关信息。

                                                                                                       图21 异常情况下无虚网卡信息

                                                                                                         图22 异常情况下虚网卡信息

用户再次登录,日志中仍然出现上述安装信息。

12.3 解决方案。

上述问题出现的原因是由于系统缺陷引起,系统无法安装任何第三方虚网卡。暂无解决方案,建议重装系统。

 

13.XP/Server 2003系统下,虚网卡安装成功,但是不主动发起DHCP请求,导致分配地址失败。

13.1 页面错误提示信息。

13.2 页面错误提示信息。

                                                                                                              表1 IP客户端启动失败

13.3 异常日志信息。

 [04-01 11:01:33]: Init transForm: Initialized the transmission module successfully.

[04-01 11:01:33]: Start client: Initialized the transmission channel.

[04-01 11:01:33]: Open VPN VF Driver: Opened the virtual network adaptor successfully.

[04-01 11:01:33]: Open VPN VF Driver: Initialized the virtual network adaptor successfully.

[04-01 11:01:33]: Open VPN VF Driver: Connected the virtual network adaptor successfully.

[04-01 11:01:33]: Access link: Connecting the virtual network adaptor

[04-01 11:01:34]: Start client: Opened the virtual network adaptor successfully.

[04-01 11:01:34]: Start client: Started the two main threads successfully.

[04-01 11:01:34]: SendProc: The sending thread started.

[04-01 11:01:34]: RecvProc: The receiving thread started.

[04-01 11:01:34]: AddDnsTohosts:buf:

10.63.20.85   h3cml04-ds #H3C8042HJJMTW ADD

10.154.243.65   tdms #H3C8042HJJMTW ADD

10.153.3.111   press #H3C8042HJJMTW ADD

10.154.240.55   tech #H3C8042HJJMTW ADD

[04-01 11:01:45]: SendProc, Quitted the thread from non-running state.

[04-01 11:01:45]: SendProc: The sending thread quitted./*缺少DHCP地址请求日志*/

[04-01 11:01:45]: start client: Failed to set route.

[04-01 11:01:45]: Receive procedure1: Peer socket closed!

[04-01 11:01:45]: RecvProc: Preparing to release the resources

[04-01 11:01:45]: Release resource: Releasing the resource

[04-01 11:01:45]: Release resouse: iCode=102,pcInfo=IP access client stopped!

[04-01 11:01:45]: Release resource: Closing the socket

[04-01 11:01:45]: Release resource: Socket closed normally.

[04-01 11:01:45]: Release resouse: Closing the network adaptor

[04-01 11:01:45]: Access link: Disconnected the virtual network adaptor!

[04-01 11:01:45]: Close VPN VF driver: Success!

[04-01 11:01:45]: Release resource: Permitted to access only the VPN: Restoring the route

[04-01 11:01:45]: RenewClient: Route restored.

[04-01 11:01:45]: FreeDnsListDNS LIST:domain:h3cml04-ds,ip:10.63.20.85

[04-01 11:01:45]: FreeDnsListDNS LIST:domain:tdms,ip:10.154.243.65

[04-01 11:01:45]: FreeDnsListDNS LIST:domain:press,ip:10.153.3.111

[04-01 11:01:45]: FreeDnsListDNS LIST:domain:tech,ip:10.154.240.55

[04-01 11:01:45]: Release resource: Calling the callback function

[04-01 11:01:45]: Release resource: Left normally.

[04-01 11:01:45]: RecvProc: The receiving thread quitted.

[04-01 11:02:26]: StopClient: Stop client is finished!

13.4 解决方案。

“媒介感知”功能:windows 2000后的系统缺省具有media sense功能,当网线拔掉后,此网口上绑定的tcp/ip协议会自动卸掉,而此功能禁调后,无论网线插拔,网卡上绑定的tcp/ip协议都不会自动卸掉,同时不会发起dhcp请求。

修改注册表中下面一项的值:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

名为DisableDHCPMediaSense,类型为DWORD,取值为0

 

14.客户操作系统安装的防火墙及杀毒软件等阻止客户端软件修改主机路由或者Hosts文件。

防火墙的安全级别设置较高后,可能会禁止第三方程序修改注册表,修改 host文件等操作,导致客户端无法添加路由或修改Hosts文件,从而导致访问异常。

14.1 异常日志信息。

[04-15 17:35:18]: Init transForm: Initialized the transmission module successfully.

[04-15 17:35:18]: Start client: Initialized the transmission channel.

[04-15 17:35:18]: Open VPN VF Driver: Opened the virtual network adaptor successfully.

[04-15 17:35:18]: Open VPN VF Driver: Initialized the virtual network adaptor successfully.

[04-15 17:35:18]: Open VPN VF Driver: Connected the virtual network adaptor successfully.

[04-15 17:35:18]: Access link: Connecting the virtual network adaptor

[04-15 17:35:19]: Start client: Opened the virtual network adaptor successfully.

[04-15 17:35:19]: Start client: Started the two main threads successfully.

[04-15 17:35:19]: SendProc: The sending thread started.

[04-15 17:35:19]: RecvProc: The receiving thread started.

[04-15 17:35:21]: Get Packet From VF Queue: Received DHCP packets.

[04-15 17:35:21]: DHCP proxy: Replied with a DHCPOFFER packet.

[04-15 17:35:21]: Get Packet From VF Queue: Received DHCP packets.

[04-15 17:35:21]: DHCP proxy: Replied with a DHCPACK packet.

[04-15 17:35:21]: DoSetIpForwardEntry parameters: pszDest=10.5.25.0,pszNetMask=255.255.255.0,pszGateway=172.16.112.1,pszInterface=172.16.112.30,dwMetric=1

[04-15 17:35:21]: ip:1e7010ac(172.16.112.30)/0

[04-15 17:35:21]: ip:1e7010ac(172.16.112.30)/1e21a8c0

[04-15 17:35:21]: ip:1e7010ac(172.16.112.30)/0

[04-15 17:35:21]: ip:1e7010ac(172.16.112.30)/100007f

[04-15 17:35:22]: DoSetIpForwardEntry parameters: pszDest=10.5.25.0,pszNetMask=255.255.255.0,pszGateway=172.16.112.1,pszInterface=172.16.112.30,dwMetric=1

[04-15 17:35:22]: ip:1e7010ac(172.16.112.30)/1e7010ac

[04-15 17:35:22]: Found the network adaptor with the IP address 172.16.112.30.

[04-15 17:35:22]: Set IP forward entry: Failed to add 10.5.25.0 to the routing table, dwStatus = 5

……

14.2 解决方案。

SSL VPN客户端添加到防火墙信任程序列表中。

 

15.待访问IP资源是域名方式访问时,本地网卡的DNSSSL VPN下发的DNS的解析顺序无法保证,导致解析失败。

15.1 错误现象。

访问IP资源时打开公网其他页面。

15.2 解决方案。

将待访问的IP资源对应的域名添加到预置域名配置中。

该案例对您是否有帮助:

您的评价:1

若您有关于案例的建议,请反馈:

作者在2019-06-11对此案例进行了修订
1 个评论
粉丝:10人 关注:7人

积累经验

编辑评论

举报

×

侵犯我的权益 >
对根叔知了社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔知了社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作