Avant d'être sous Arch, cette même connexion VPN fonctionnait parfaitement sous Mint et Gnome2
Je n'ai pas touché à la config du serveur, et je me suis évertué à modifier mon fichier client.conf comme ceci :
Code : Tout sélectionner
client
dev tap0
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
;user nobody
;group nogroup
persist-key
persist-tun
# FICHIERS
ca /home/hedy/Systeme/OpenVPN/ca.crt
cert /home/hedy/Systeme/OpenVPN/hedy.crt
key /home/hedy/Systeme/OpenVPN/hedy.key
# tout le trafic passera par le VPN
redirect-gateway
script-security 2 execve
#up /etc/openvpn/update-resolv-conf
#down /etc/openvpn/update-resolv-conf
ns-cert-type server
;tls-auth ta.key 1
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
Code : Tout sélectionner
Tue Jan 17 12:53:13 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 3 2012
Tue Jan 17 12:53:13 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jan 17 12:53:13 2012 WARNING: file '/home/hedy/Systeme/OpenVPN/hedy.key' is group or others accessible
Tue Jan 17 12:53:13 2012 LZO compression initialized
Tue Jan 17 12:53:13 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jan 17 12:53:13 2012 Socket Buffers: R=[229376->131072] S=[229376->131072]
Tue Jan 17 12:53:13 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jan 17 12:53:13 2012 Local Options hash (VER=V4): 'd79ca330'
Tue Jan 17 12:53:13 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue Jan 17 12:53:13 2012 UDPv4 link local: [undef]
Tue Jan 17 12:53:13 2012 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Tue Jan 17 12:53:14 2012 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=24a0fb6e 37db274e
Tue Jan 17 12:53:14 2012 VERIFY OK: depth=1, /C=CA/ST=QB/L=Montreal/O=Albator_crew/CN=Albator_crew_CA/emailAddress=openvpn@myserveur
Tue Jan 17 12:53:14 2012 VERIFY OK: nsCertType=SERVER
Tue Jan 17 12:53:14 2012 VERIFY OK: depth=0, /C=CA/ST=QB/L=Montreal/O=Albator_crew/CN=myserveur/emailAddress=openvpn@myserveur
Tue Jan 17 12:53:16 2012 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Tue Jan 17 12:53:16 2012 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
Tue Jan 17 12:53:16 2012 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Tue Jan 17 12:53:16 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 17 12:53:16 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 12:53:16 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 17 12:53:16 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 17 12:53:16 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 17 12:53:16 2012 [myserveur] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194
Tue Jan 17 12:53:18 2012 SENT CONTROL [myserveur]: 'PUSH_REQUEST' (status=1)
Tue Jan 17 12:53:18 2012 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25'
Tue Jan 17 12:53:18 2012 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 17 12:53:18 2012 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 17 12:53:18 2012 OPTIONS IMPORT: route options modified
Tue Jan 17 12:53:18 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jan 17 12:53:18 2012 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Tue Jan 17 12:53:18 2012 ROUTE default_gateway=192.168.0.254
Tue Jan 17 12:53:18 2012 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Tue Jan 17 12:53:18 2012 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.0.1
Tue Jan 17 12:53:18 2012 TUN/TAP device tap0 opened
Tue Jan 17 12:53:18 2012 TUN/TAP TX queue length set to 100
Tue Jan 17 12:53:18 2012 /usr/sbin/ip link set dev tap0 up mtu 1500
Tue Jan 17 12:53:18 2012 /usr/sbin/ip addr add dev tap0 10.8.0.26/6 broadcast 255.255.255.254
Tue Jan 17 12:53:18 2012 NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Tue Jan 17 12:53:18 2012 Initialization Sequence Completed
En fait, l'objectif est que tout le trafic (http, jabber...) passe par ce VPN
Sous Mint et Gnome2, ça fonctionnait comme ça en tout cas.