je loue actuellement un serveur Kimsufi (KS1) sur lequel j'ai installé Archlinux.
Je m'en sers pour faire tourner plusieurs applications dont openvpn qui ne fonctionne malheureusement pas du côté client (connexion impossible).
J'ai passé des heures à modifier mes config, regarder des forums pour tenter de résoudre le problème mais rien n'y fait.
Pouvez vous m'aider svp ?
voici le log du côté client (j'ai mis le fichier sur mon cloud car il est un peu long) :
http://cloud.vavalm.ovh/index.php/s/1uHqlr0xOC5OhOX )
Je met quand même la fin du log qui peut être intéressante :
Code : Tout sélectionner
Tue Jun 09 16:42:57 2015 us=939776 MANAGEMENT: CMD 'proxy NONE '
Tue Jun 09 16:42:58 2015 us=953633 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jun 09 16:42:59 2015 us=47933 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jun 09 16:42:59 2015 us=47933 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 09 16:42:59 2015 us=47933 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 09 16:42:59 2015 us=48933 LZO compression initialized
Tue Jun 09 16:42:59 2015 us=48933 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Jun 09 16:42:59 2015 us=48933 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jun 09 16:42:59 2015 us=48933 MANAGEMENT: >STATE:1433860979,RESOLVE,,,
Tue Jun 09 16:42:59 2015 us=50505 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jun 09 16:42:59 2015 us=50505 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jun 09 16:42:59 2015 us=50505 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jun 09 16:42:59 2015 us=50505 Local Options hash (VER=V4): '2f2c6498'
Tue Jun 09 16:42:59 2015 us=50505 Expected Remote Options hash (VER=V4): '9915e4a2'
Tue Jun 09 16:42:59 2015 us=50505 Attempting to establish TCP connection with [AF_INET]37.59.58.92:443 [nonblock]
Tue Jun 09 16:42:59 2015 us=50505 MANAGEMENT: >STATE:1433860979,TCP_CONNECT,,,
Tue Jun 09 16:43:00 2015 us=50799 TCP connection established with [AF_INET]37.59.58.92:443
Tue Jun 09 16:43:00 2015 us=50799 TCPv4_CLIENT link local: [undef]
Tue Jun 09 16:43:00 2015 us=50799 TCPv4_CLIENT link remote: [AF_INET]37.59.58.92:443
Tue Jun 09 16:43:00 2015 us=50799 MANAGEMENT: >STATE:1433860980,WAIT,,,
Tue Jun 09 16:43:00 2015 us=97742 MANAGEMENT: >STATE:1433860980,AUTH,,,
Tue Jun 09 16:43:00 2015 us=97742 TLS: Initial packet from [AF_INET]37.59.58.92:443, sid=cfbf7526 49ae2870
Tue Jun 09 16:43:01 2015 us=208583 VERIFY OK: depth=1, C=FR, ST=59, L=Lille, O=Nord, OU=MyOrganizationalUnit, CN=Nord CA, name=EasyRSA, emailAddress=vavalm@live.fr
Tue Jun 09 16:43:01 2015 us=208583 VERIFY OK: depth=0, C=FR, ST=59, L=Lille, O=Nord, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=vavalm@live.fr
Tue Jun 09 16:43:02 2015 us=84772 Connection reset, restarting [0]
Tue Jun 09 16:43:02 2015 us=84772 TCP/UDP: Closing socket
Tue Jun 09 16:43:02 2015 us=84772 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jun 09 16:43:02 2015 us=84772 MANAGEMENT: >STATE:1433860982,RECONNECTING,connection-reset,,
Tue Jun 09 16:43:02 2015 us=84772 Restart pause, 5 second(s)
Tue Jun 09 16:43:03 2015 us=86371 SIGTERM[hard,init_instance] received, process exiting
Tue Jun 09 16:43:03 2015 us=86371 MANAGEMENT: >STATE:1433860983,EXITING,init_instance,,
Code : Tout sélectionner
;dev tap
dev tun
# Windows needs the TAP-Windows adapter name from the Network Connections panel if you have more than one. On XP SP2, you may need to disable the firewall for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or UDP server? Use the same setting as on the server.
proto tcp
;proto udp
# The hostname/IP and port of the server. You can have multiple remote entries to load balance between the servers.
remote vavalm.ovh 443
# Choose a random host from the remote list for load-balancing. Otherwise try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the host name of the OpenVPN server. Very useful on machines which are not permanently connected to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an HTTP proxy to reach the actual OpenVPN server, put the proxy server/IP and
# port number here. See the man page if your proxy server requires authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot of duplicate packets. Set this flag to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parm
ca ca.crt
cert vavalm.crt
key vavalm.key
;ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
# Select a cryptographic cipher. If the cipher option is used on the server then you must also specify it here
cipher AES-256-CBC
# Enable compression on the VPN link
comp-lzo
# Set log file verbosity.
verb 4
Code : Tout sélectionner
proto tcp
port 443
dev tun
# Cles et certificats
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
tls-auth /etc/openvpn/ta.key 0
# Reseau
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
# Données et Securite
user nobody
group nobody #nogroup for debian nobody for archlinux
chroot /etc/openvpn/jail
persist-key
persist-tun
#cipher AES-256-CBC
cipher AES-256-CBC
#cipher DES-EDE3-CBC # Triple-DES
comp-lzo
#Log
verb 6
mute 20
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
log /var/log/openvpn.log
#autres
ifconfig-pool-persist ipp.txt
max-clients 10
ifconfig-pool-persist ipp.txt
max-clients 10
#client
client-to-client
keepalive 10 120
/var/log/openvpn-status.log
Code : Tout sélectionner
OpenVPN CLIENT LIST
Updated,Tue Jun 9 14:53:55 2015
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
Code : Tout sélectionner
Tue Jun 9 14:42:43 2015 us=276428 85.192.236.223:50813 NOTE: --mute triggered...
Tue Jun 9 14:42:44 2015 us=842319 85.192.236.223:50813 83 variation(s) on previous 20 message(s) suppressed by --mute
Tue Jun 9 14:42:44 2015 us=842480 85.192.236.223:50813 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=FR, ST=59, L=Lille, O=Nord, OU=MyOrganizationalUnit, CN=vavalm, name=Valentin, emailAddress=vavalm@live.fr
Tue Jun 9 14:42:44 2015 us=842834 85.192.236.223:50813 TLS_ERROR: BIO read tls_read_plaintext error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Tue Jun 9 14:42:44 2015 us=842917 85.192.236.223:50813 TLS Error: TLS object -> incoming plaintext read error
Tue Jun 9 14:42:44 2015 us=842990 85.192.236.223:50813 TLS Error: TLS handshake failed
Tue Jun 9 14:42:44 2015 us=843311 85.192.236.223:50813 Fatal TLS error (check_tls_errors_co), restarting
Tue Jun 9 14:42:44 2015 us=843464 85.192.236.223:50813 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Jun 9 14:42:44 2015 us=843679 TCP/UDP: Closing socket
Cordialement.