Erreur lors de la création d'un tunnel OPENVPN

Itaclem · Février 20, 2016, 8:16pm

Bonjour à tous,

C’est avec plaisir que je rejoint ce forum, tout comme j’ai le plaisir d’utiliser cet OS.

En revanche, étant tout nouveau il m’arrive quelque problèmes.

J’essai de creer un serveur OPENVPN sur une Debian toute fraiche.

Voici donc mon fichier /etc/openvpn/server.conf

port 1194 proto tcp dev tap0 ca ca.crt cert VPNSERVER10.crt key VPNSERVER10.key # This file should be kept secret dh dh1024.pem ifconfig-pool-persist ipp.txt server-bridge 192.168.0.14 255.255.255.0 192.168.0.81 192.168.0.90 client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 9
Le fichier /etc/network/interfaces

[code]# The loopback network interface
auto lo
iface lo inet loopback

Le fichier /etc/openvpn/scripts/ovdown

#!/bin/sh openvpn --rmtun --dev tap0

Le fichier /etc/openvpn/scripts/ovup

#!/bin/sh openvpn --mktun --dev tap0 brctl addif br0 tap0 ifconfig eth0 promisc up ifconfig tap0 promisc up ifconfig br0 192.168.0.14 netmask 255.255.255.0 broadcast 192.168.0.255

Le resultat de ifconfig :

[code]br0 Link encap:Ethernet HWaddr 00:15:5d:00:05:11
inet addr:192.168.0.14 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::215:5dff:fe00:511/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:585 errors:0 dropped:0 overruns:0 frame:0
TX packets:333 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31103 (30.3 KiB) TX bytes:37051 (36.1 KiB)

eth0 Link encap:Ethernet HWaddr 00:15:5d:00:05:11
inet6 addr: fe80::215:5dff:fe00:511/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:603 errors:0 dropped:0 overruns:0 frame:0
TX packets:339 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:41021 (40.0 KiB) TX bytes:37519 (36.6 KiB)
Interrupt:9 Base address:0xec00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1043 (1.0 KiB) TX bytes:1043 (1.0 KiB)[/code]

Coté client (Windows XP) voici l’erreur :

Tue Jun 09 21:10:31 2009 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ] Tue Jun 09 21:10:31 2009 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ] Tue Jun 09 21:10:31 2009 Local Options hash (VER=V4): '31fdf004' Tue Jun 09 21:10:31 2009 Expected Remote Options hash (VER=V4): '3e6d1056' Tue Jun 09 21:10:31 2009 Attempting to establish TCP connection with 192.168.0.14:1194 Tue Jun 09 21:10:32 2009 TCP: connect to 192.168.0.14:1194 failed, will try again in 5 seconds Tue Jun 09 21:10:38 2009 TCP: connect to 192.168.0.14:1194 failed, will try again in 5 seconds Tue Jun 09 21:10:44 2009 TCP: connect to 192.168.0.14:1194 failed, will try again in 5 seconds Tue Jun 09 21:10:50 2009 TCP: connect to 192.168.0.14:1194 failed, will try again in 5 seconds Tue Jun 09 21:10:56 2009 TCP: connect to 192.168.0.14:1194 failed, will try again in 5 seconds

PS : J’ai plus ou moin suivi le tuto présent sur ce forum

Piste :

[quote]Jn’ai pas compris cette partie du tuto donc j’ai sans doute sauter une etape :

openvpn plante parfois avec un noyau 2.4, il vaut mieux utiliser un 2.6.
Par ailleurs, quoi que je ne l’ai pas testé pour des raisons diverses, il est conseillé d’utiliser un noyau sur lequel est appliqué le patch grsecurity, trouvable sur grsecurity.net/ .

votre noyau doit comporter les options actives suivantes:
Citation:
Device Driver
-> Networking support
–> Networking Options
—> Universal Tun/Tap device driver support
—> 802.1d Ethernet Bridging[/quote]

Jun 9 23:13:57 VPNSERVER10 kernel: [ 3.788066] Clocksource tsc unstable (delta = -115026428 ns) Jun 9 23:13:57 VPNSERVER10 kernel: [ 3.927748] hdc: Virtual CD, ATAPI CD/DVD-ROM drive Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.666040] hdc: host max PIO4 wanted PIO255(auto-tune) selected PIO2 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.666137] hdc: MWDMA2 mode selected Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.666599] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.672034] ide1 at 0x170-0x177,0x376 on irq 15 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.705344] hda: max request size: 128KiB Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.705353] hda: 14679504 sectors (7515 MB) w/64KiB Cache, CHS=14563/16/63 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.705462] hda: hda1 hda2 < hda5 > Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.725475] hdc: ATAPI DVD-ROM drive, 0kB Cache Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.725482] Uniform CD-ROM driver Revision: 3.20 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.916118] PM: Starting manual resume from disk Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.979424] kjournald starting. Commit interval 5 seconds Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.979441] EXT3-fs: mounted filesystem with ordered data mode. Jun 9 23:13:57 VPNSERVER10 kernel: [ 6.397852] udevd version 125 started Jun 9 23:13:57 VPNSERVER10 kernel: [ 7.619722] piix4_smbus 0000:00:07.3: Found 0000:00:07.3 device Jun 9 23:13:57 VPNSERVER10 kernel: [ 7.707916] input: Power Button (FF) as /class/input/input1 Jun 9 23:13:57 VPNSERVER10 kernel: [ 7.735313] ACPI: Power Button (FF) [PWRF] Jun 9 23:13:57 VPNSERVER10 kernel: [ 8.691521] input: PC Speaker as /class/input/input2 Jun 9 23:13:57 VPNSERVER10 kernel: [ 8.695676] Error: Driver 'pcspkr' is already registered, aborting... Jun 9 23:13:57 VPNSERVER10 kernel: [ 8.776768] trackpoint.c: failed to get extended button data Jun 9 23:13:57 VPNSERVER10 kernel: [ 12.008127] IBM TrackPoint firmware: 0x01, buttons: 0/0 Jun 9 23:13:57 VPNSERVER10 kernel: [ 12.008595] input: TPPS/2 IBM TrackPoint as /class/input/input3 Jun 9 23:13:57 VPNSERVER10 kernel: [ 14.019592] Adding 361420k swap on /dev/hda5. Priority:-1 extents:1 across:361420k Jun 9 23:13:57 VPNSERVER10 kernel: [ 14.446826] EXT3 FS on hda1, internal journal Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.012149] loop: module loaded Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.869857] Bridge firewalling registered Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.872150] br0: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature. Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.893036] device eth0 entered promiscuous mode Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.905812] eth0: Using EEPROM-set media 100baseTx-FDX. Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.916031] br0: port 1(eth0) entering learning state Jun 9 23:13:57 VPNSERVER10 kernel: [ 31.912183] br0: topology change detected, propagating Jun 9 23:13:57 VPNSERVER10 kernel: [ 31.912192] br0: port 1(eth0) entering forwarding state Jun 9 23:13:57 VPNSERVER10 rsyslogd: [origin software="rsyslogd" swVersion="3.18.6" x-pid="1688" x-info="http://www.rsyslog.com"] restart Jun 9 23:13:57 VPNSERVER10 kernel: [ 36.206097] NET: Registered protocol family 10 Jun 9 23:13:57 VPNSERVER10 kernel: [ 36.206711] lo: Disabled Privacy Extensions Jun 9 23:14:07 VPNSERVER10 kernel: [ 46.444284] eth0: no IPv6 routers present Jun 9 23:14:08 VPNSERVER10 kernel: [ 47.068320] br0: no IPv6 routers present Jun 9 23:14:15 VPNSERVER10 /usr/sbin/cron[2024]: (CRON) INFO (pidfile fd = 3) Jun 9 23:14:15 VPNSERVER10 /usr/sbin/cron[2025]: (CRON) STARTUP (fork ok) Jun 9 23:14:15 VPNSERVER10 /usr/sbin/cron[2025]: (CRON) INFO (Running @reboot jobs) Jun 9 23:17:01 VPNSERVER10 /USR/SBIN/CRON[2070]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Merci d’avance

Itaclem · Février 20, 2016, 8:17pm

PS : C’est normal que le client se connecte sur une adresse local, c’est pour le test

fran.b · Février 20, 2016, 8:17pm

Quelle est l’IP du XP? Que donne les logs (voir dans /var/log/syslog du serveur)?

Itaclem · Février 20, 2016, 8:17pm

L’IP du client XP est en 192.168.0.12

Voici ce que me donne les logs :

Jun 9 23:13:57 VPNSERVER10 kernel: [ 3.788066] Clocksource tsc unstable (delta = -115026428 ns) Jun 9 23:13:57 VPNSERVER10 kernel: [ 3.927748] hdc: Virtual CD, ATAPI CD/DVD-ROM drive Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.666040] hdc: host max PIO4 wanted PIO255(auto-tune) selected PIO2 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.666137] hdc: MWDMA2 mode selected Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.666599] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.672034] ide1 at 0x170-0x177,0x376 on irq 15 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.705344] hda: max request size: 128KiB Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.705353] hda: 14679504 sectors (7515 MB) w/64KiB Cache, CHS=14563/16/63 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.705462] hda: hda1 hda2 < hda5 > Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.725475] hdc: ATAPI DVD-ROM drive, 0kB Cache Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.725482] Uniform CD-ROM driver Revision: 3.20 Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.916118] PM: Starting manual resume from disk Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.979424] kjournald starting. Commit interval 5 seconds Jun 9 23:13:57 VPNSERVER10 kernel: [ 4.979441] EXT3-fs: mounted filesystem with ordered data mode. Jun 9 23:13:57 VPNSERVER10 kernel: [ 6.397852] udevd version 125 started Jun 9 23:13:57 VPNSERVER10 kernel: [ 7.619722] piix4_smbus 0000:00:07.3: Found 0000:00:07.3 device Jun 9 23:13:57 VPNSERVER10 kernel: [ 7.707916] input: Power Button (FF) as /class/input/input1 Jun 9 23:13:57 VPNSERVER10 kernel: [ 7.735313] ACPI: Power Button (FF) [PWRF] Jun 9 23:13:57 VPNSERVER10 kernel: [ 8.691521] input: PC Speaker as /class/input/input2 Jun 9 23:13:57 VPNSERVER10 kernel: [ 8.695676] Error: Driver 'pcspkr' is already registered, aborting... Jun 9 23:13:57 VPNSERVER10 kernel: [ 8.776768] trackpoint.c: failed to get extended button data Jun 9 23:13:57 VPNSERVER10 kernel: [ 12.008127] IBM TrackPoint firmware: 0x01, buttons: 0/0 Jun 9 23:13:57 VPNSERVER10 kernel: [ 12.008595] input: TPPS/2 IBM TrackPoint as /class/input/input3 Jun 9 23:13:57 VPNSERVER10 kernel: [ 14.019592] Adding 361420k swap on /dev/hda5. Priority:-1 extents:1 across:361420k Jun 9 23:13:57 VPNSERVER10 kernel: [ 14.446826] EXT3 FS on hda1, internal journal Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.012149] loop: module loaded Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.869857] Bridge firewalling registered Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.872150] br0: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature. Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.893036] device eth0 entered promiscuous mode Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.905812] eth0: Using EEPROM-set media 100baseTx-FDX. Jun 9 23:13:57 VPNSERVER10 kernel: [ 16.916031] br0: port 1(eth0) entering learning state Jun 9 23:13:57 VPNSERVER10 kernel: [ 31.912183] br0: topology change detected, propagating Jun 9 23:13:57 VPNSERVER10 kernel: [ 31.912192] br0: port 1(eth0) entering forwarding state Jun 9 23:13:57 VPNSERVER10 rsyslogd: [origin software="rsyslogd" swVersion="3.18.6" x-pid="1688" x-info="http://www.rsyslog.com"] restart Jun 9 23:13:57 VPNSERVER10 kernel: [ 36.206097] NET: Registered protocol family 10 Jun 9 23:13:57 VPNSERVER10 kernel: [ 36.206711] lo: Disabled Privacy Extensions Jun 9 23:14:07 VPNSERVER10 kernel: [ 46.444284] eth0: no IPv6 routers present Jun 9 23:14:08 VPNSERVER10 kernel: [ 47.068320] br0: no IPv6 routers present Jun 9 23:14:15 VPNSERVER10 /usr/sbin/cron[2024]: (CRON) INFO (pidfile fd = 3) Jun 9 23:14:15 VPNSERVER10 /usr/sbin/cron[2025]: (CRON) STARTUP (fork ok) Jun 9 23:14:15 VPNSERVER10 /usr/sbin/cron[2025]: (CRON) INFO (Running @reboot jobs) Jun 9 23:17:01 VPNSERVER10 /USR/SBIN/CRON[2070]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Merci

Itaclem · Février 20, 2016, 8:17pm

2
Sat Jun 13 18:39:17 2009 us=96829 clement/82.64.130.29:49580 TLS: tls_pre_encryp t: key_id=0
Sat Jun 13 18:39:17 2009 us=96880 clement/82.64.130.29:49580 ENCRYPT IV: 344449b 6 83806c60
Sat Jun 13 18:39:17 2009 us=96934 clement/82.64.130.29:49580 ENCRYPT FROM: 00000 00d fa2a187b f3641eb4 cb07ed2d 0a981fc7 48
Sat Jun 13 18:39:17 2009 us=97003 clement/82.64.130.29:49580 ENCRYPT TO: 344449b 6 83806c60 b551d5b2 7c06ba39 9b45fb5b 2b7c2059 8a113415 ebbf84d2
Sat Jun 13 18:39:17 2009 us=97045 clement/82.64.130.29:49580 SENT PING
Sat Jun 13 18:39:17 2009 us=97081 clement/82.64.130.29:49580 TIMER: coarse timer wakeup 10 seconds
Sat Jun 13 18:39:17 2009 us=97118 clement/82.64.130.29:49580 RANDOM USEC=245029
Sat Jun 13 18:39:17 2009 us=97178 clement/82.64.130.29:49580 SCHEDULE: schedule_ add_modify wakeup=[Sat Jun 13 18:39:28 2009 us=171639] pri=915565483
Sat Jun 13 18:39:17 2009 us=97219 STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1 maxlen=1576
Sat Jun 13 18:39:17 2009 us=97254 MULTI TCP: multi_tcp_post TA_SOCKET_READ -> TA TUN_WRITE
Sat Jun 13 18:39:17 2009 us=97288 MULTI TCP: multi_tcp_action a=TA_TUN_WRITE p=1
Sat Jun 13 18:39:17 2009 us=97323 MULTI TCP: multi_tcp_wait_lite a=TA_TUN_WRITE mi=0x0905c818
Sat Jun 13 18:39:17 2009 us=97361 PO_CTL rwflags=0x0000 ev=8 arg=0x080a5b24
Sat Jun 13 18:39:17 2009 us=97396 PO_CTL rwflags=0x0002 ev=6 arg=0x080a5b20
Sat Jun 13 18:39:17 2009 us=97441 I/O WAIT Tr|TW|Sr|Sw [1/0]
Sat Jun 13 18:39:17 2009 us=97486 PO_WAIT[1,0] fd=6 rev=0x00000004 rwflags=0x000 2 arg=0x080a5b20
Sat Jun 13 18:39:17 2009 us=97520 event_wait returned 1
Sat Jun 13 18:39:17 2009 us=97554 I/O WAIT status=0x0008
Sat Jun 13 18:39:17 2009 us=97589 MULTI TCP: multi_tcp_dispatch a=TA_TUN_WRITE m i=0x0905c818
Sat Jun 13 18:39:17 2009 us=97625 clement/82.64.130.29:49580 TUN WRITE [42]
Sat Jun 13 18:39:17 2009 us=97696 clement/82.64.130.29:49580 write to TUN/TAP r eturned 42
Sat Jun 13 18:39:17 2009 us=97746 MULTI TCP: multi_tcp_post TA_TUN_WRITE -> TA_S OCKET_WRITE
Sat Jun 13 18:39:17 2009 us=97782 MULTI TCP: multi_tcp_action a=TA_SOCKET_WRITE p=1
Sat Jun 13 18:39:17 2009 us=97816 MULTI TCP: multi_tcp_wait_lite a=TA_SOCKET_WRI TE mi=0x0905c818
Sat Jun 13 18:39:17 2009 us=97853 PO_CTL rwflags=0x0002 ev=8 arg=0x080a5b24
Sat Jun 13 18:39:17 2009 us=97937 PO_CTL rwflags=0x0001 ev=6 arg=0x080a5b20
Sat Jun 13 18:39:17 2009 us=97981 I/O WAIT TR|Tw|Sr|SW [0/0]
Sat Jun 13 18:39:17 2009 us=98021 PO_WAIT[0,0] fd=8 rev=0x00000004 rwflags=0x000 2 arg=0x080a5b24
Sat Jun 13 18:39:17 2009 us=98056 event_wait returned 1
Sat Jun 13 18:39:17 2009 us=98089 I/O WAIT status=0x0002
Sat Jun 13 18:39:17 2009 us=98124 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_WRIT E mi=0x0905c818
Sat Jun 13 18:39:17 2009 us=98213 clement/82.64.130.29:49580 TCPv4_SERVER WRITE [53] to 82.64.130.29:49580: P_DATA_V1 kid=0 DATA 3ea0e914 6e61a50b 760a3941 7e38 b062 e2a13e3f 344449b6 83806c60 b551d5b[more…]
Sat Jun 13 18:39:17 2009 us=98250 clement/82.64.130.29:49580 STREAM: WRITE 53 of fset=183
Sat Jun 13 18:39:17 2009 us=99045 clement/82.64.130.29:49580 TCPv4_SERVER write returned 55
Sat Jun 13 18:39:17 2009 us=99111 STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1 maxlen=1576
Sat Jun 13 18:39:17 2009 us=99146 MULTI TCP: multi_tcp_post TA_SOCKET_WRITE -> T A_UNDEF
Sat Jun 13 18:39:17 2009 us=99192 SCHEDULE: schedule_find_least wakeup=[Sat Jun 13 18:39:28 2009 us=171639] pri=538042593
Sat Jun 13 18:39:18 2009 us=37496 EP_WAIT[0] rwflags=0x0001 ev=0x00000001 arg=0x 0905c818
Sat Jun 13 18:39:18 2009 us=37619 MULTI: REAP range 96 -> 112
Sat Jun 13 18:39:18 2009 us=37663 MULTI TCP: multi_tcp_action a=TA_SOCKET_READ p =0
Sat Jun 13 18:39:18 2009 us=37699 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_READ mi=0x0905c818
Sat Jun 13 18:39:18 2009 us=37736 clement/82.64.130.29:49580 STREAM: GET NEXT le n=1576
Sat Jun 13 18:39:18 2009 us=37784 clement/82.64.130.29:49580 STREAM: ADD length added=79
Sat Jun 13 18:39:18 2009 us=37822 clement/82.64.130.29:49580 STREAM: ADD returne d TRUE, buf_len=77, residual_len=0
Sat Jun 13 18:39:18 2009 us=37856 clement/82.64.130.29:49580 STREAM: GET FINAL l en=77
Sat Jun 13 18:39:18 2009 us=37889 clement/82.64.130.29:49580 STREAM: RESET
Sat Jun 13 18:39:18 2009 us=37925 clement/82.64.130.29:49580 TCPv4_SERVER read r eturned 77
Sat Jun 13 18:39:18 2009 us=38042 clement/82.64.130.29:49580 TCPv4_SERVER READ [ 77] from 82.64.130.29:49580: P_DATA_V1 kid=0 DATA 351686c3 85b3f060 a328093a 253 1bbf4 732dad35 c4c8e3ee b675da38 8e16b07[more…]
Sat Jun 13 18:39:18 2009 us=38086 clement/82.64.130.29:49580 TLS: tls_pre_decryp t, key_id=0, IP=82.64.130.29:49580
Sat Jun 13 18:39:18 2009 us=38150 clement/82.64.130.29:49580 DECRYPT IV: c4c8e3e e b675da38
Sat Jun 13 18:39:18 2009 us=38244 clement/82.64.130.29:49580 DECRYPT TO: 000000d 5 faffffff ffffff00 ffa1c5c1 23080600 01080006 04000100 ffa1c5c[more…]
Sat Jun 13 18:39:18 2009 us=38282 clement/82.64.130.29:49580 PID TEST 0:212 0:21 3
Sat Jun 13 18:39:18 2009 us=38347 STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1 maxlen=1576
Sat Jun 13 18:39:18 2009 us=38383 MULTI TCP: multi_tcp_post TA_SOCKET_READ -> TA TUN_WRITE
Sat Jun 13 18:39:18 2009 us=38418 MULTI TCP: multi_tcp_action a=TA_TUN_WRITE p=1
Sat Jun 13 18:39:18 2009 us=38453 MULTI TCP: multi_tcp_wait_lite a=TA_TUN_WRITE mi=0x0905c818
Sat Jun 13 18:39:18 2009 us=38492 PO_CTL rwflags=0x0000 ev=8 arg=0x080a5b24
Sat Jun 13 18:39:18 2009 us=38527 PO_CTL rwflags=0x0002 ev=6 arg=0x080a5b20
Sat Jun 13 18:39:18 2009 us=38572 I/O WAIT Tr|TW|Sr|Sw [1/0]
Sat Jun 13 18:39:18 2009 us=38618 PO_WAIT[1,0] fd=6 rev=0x00000004 rwflags=0x000 2 arg=0x080a5b20
Sat Jun 13 18:39:18 2009 us=38654 event_wait returned 1
Sat Jun 13 18:39:18 2009 us=38694 I/O WAIT status=0x0008
Sat Jun 13 18:39:18 2009 us=38730 MULTI TCP: multi_tcp_dispatch a=TA_TUN_WRITE m i=0x0905c818
Sat Jun 13 18:39:18 2009 us=38766 clement/82.64.130.29:49580 TUN WRITE [42]
Sat Jun 13 18:39:18 2009 us=38835 clement/82.64.130.29:49580 write to TUN/TAP r eturned 42
Sat Jun 13 18:39:18 2009 us=38887 STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1 maxlen=1576
Sat Jun 13 18:39:18 2009 us=38922 MULTI TCP: multi_tcp_post TA_TUN_WRITE -> TA_U NDEF
Sat Jun 13 18:39:19 2009 us=37027 EP_WAIT[0] rwflags=0x0001 ev=0x00000001 arg=0x 0905c818
Sat Jun 13 18:39:19 2009 us=37153 MULTI: REAP range 112 -> 128
Sat Jun 13 18:39:19 2009 us=37248 MULTI TCP: multi_tcp_action a=TA_SOCKET_READ p =0
Sat Jun 13 18:39:19 2009 us=37287 MULTI TCP: multi_tcp_dispatch a=TA_SOCKET_READ mi=0x0905c818
Sat Jun 13 18:39:19 2009 us=37325 clement/82.64.130.29:49580 STREAM: GET NEXT le n=1576
Sat Jun 13 18:39:19 2009 us=37373 clement/82.64.130.29:49580 STREAM: ADD length added=79
Sat Jun 13 18:39:19 2009 us=37410 clement/82.64.130.29:49580 STREAM: ADD returne d TRUE, buf_len=77, residual_len=0
Sat Jun 13 18:39:19 2009 us=37444 clement/82.64.130.29:49580 STREAM: GET FINAL l en=77
Sat Jun 13 18:39:19 2009 us=37478 clement/82.64.130.29:49580 STREAM: RESET
Sat Jun 13 18:39:19 2009 us=37514 clement/82.64.130.29:49580 TCPv4_SERVER read r eturned 77
Sat Jun 13 18:39:19 2009 us=37631 clement/82.64.130.29:49580 TCPv4_SERVER READ [ 77] from 82.64.130.29:49580: P_DATA_V1 kid=0 DATA e264a109 fccc8a69 e238b135 6d5 c4d69 49f11b82 94c89dec bcb395f9 e04c141[more…]
Sat Jun 13 18:39:19 2009 us=37676 clement/82.64.130.29:49580 TLS: tls_pre_decryp t, key_id=0, IP=82.64.130.29:49580
Sat Jun 13 18:39:19 2009 us=37740 clement/82.64.130.29:49580 DECRYPT IV: 94c89de c bcb395f9
Sat Jun 13 18:39:19 2009 us=37834 clement/82.64.130.29:49580 DECRYPT TO: 000000d 6 faffffff ffffff00 ffa1c5c1 23080600 01080006 04000100 ffa1c5c[more…]
Sat Jun 13 18:39:19 2009 us=37873 clement/82.64.130.29:49580 PID TEST 0:213 0:21 4
Sat Jun 13 18:39:19 2009 us=37938 STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1 maxlen=1576
Sat Jun 13 18:39:19 2009 us=37976 MULTI TCP: multi_tcp_post TA_SOCKET_READ -> TA _TUN_WRITE
Sat Jun 13 18:39:19 2009 us=38011 MULTI TCP: multi_tcp_action a=TA_TUN_WRITE p=1
Sat Jun 13 18:39:19 2009 us=38046 MULTI TCP: multi_tcp_wait_lite a=TA_TUN_WRITE mi=0x0905c818
Sat Jun 13 18:39:19 2009 us=38084 PO_CTL rwflags=0x0000 ev=8 arg=0x080a5b24
Sat Jun 13 18:39:19 2009 us=38120 PO_CTL rwflags=0x0002 ev=6 arg=0x080a5b20
Sat Jun 13 18:39:19 2009 us=38165 I/O WAIT Tr|TW|Sr|Sw [1/0]
Sat Jun 13 18:39:19 2009 us=38211 PO_WAIT[1,0] fd=6 rev=0x00000004 rwflags=0x000 2 arg=0x080a5b20
Sat Jun 13 18:39:19 2009 us=38246 event_wait returned 1
Sat Jun 13 18:39:19 2009 us=38280 I/O WAIT status=0x0008
Sat Jun 13 18:39:19 2009 us=38315 MULTI TCP: multi_tcp_dispatch a=TA_TUN_WRITE m i=0x0905c818
Sat Jun 13 18:39:19 2009 us=38351 clement/82.64.130.29:49580 TUN WRITE [42]
Sat Jun 13 18:39:19 2009 us=38423 clement/82.64.130.29:49580 write to TUN/TAP r eturned 42
Sat Jun 13 18:39:19 2009 us=38476 STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1 maxlen=1576
Sat Jun 13 18:39:19 2009 us=38511 MULTI TCP: multi_tcp_post TA_TUN_WRITE -> TA_U NDEF

Voici les nouveaux Logs, la connexion se fait bien désormais seulement aucun PING entre les deux.

Il y a peut etre des règle de firewall sur Debian ?

fran.b · Février 20, 2016, 8:17pm

Une IP en 192.168.0.12 du client va poser souci, les deux interfaces (la physique et la «tap» vont être sur le même réseau et la table de routage va être incohérente. Il te faut essayer à partir d’une machine ayant une adresse IP par exemple en 192.168.1.???

Itaclem · Février 20, 2016, 8:17pm

Les tests ont été effectué depuis un poste à distance avec une plage IP en 192.168.1.0.

Les logs et erreurs sont identiques

Merci beaucoup de ton aide

fran.b · Février 20, 2016, 8:17pm

Coté serveur tu dois avoir

[quote] grep vpn /var/log/syslog
Jun 14 14:22:35 cerbere ovpn-server[386]: Re-using SSL/TLS context
Jun 14 14:22:35 cerbere ovpn-server[386]: LZO compression initialized
Jun 14 14:22:35 cerbere ovpn-server[386]: TCP connection established with 192.168.1.240:42341
Jun 14 14:22:35 cerbere ovpn-server[386]: TCPv4_SERVER link local: [undef]
Jun 14 14:22:35 cerbere ovpn-server[386]: TCPv4_SERVER link remote: 192.168.1.240:42341
Jun 14 14:22:36 cerbere ovpn-server[386]: 192.168.1.240:42341 [agreg] Peer Connection Initiated with 192.168.1.240:42341
Jun 14 14:23:02 cerbere ovpn-server[386]: agreg/192.168.1.240:42341 Connection reset, restarting [0]
Jun 14 14:24:23 cerbere ovpn-server[386]: Re-using SSL/TLS context
Jun 14 14:24:23 cerbere ovpn-server[386]: LZO compression initialized
Jun 14 14:24:23 cerbere ovpn-server[386]: TCP connection established with 192.168.1.240:47693
Jun 14 14:24:23 cerbere ovpn-server[386]: TCPv4_SERVER link local: [undef]
Jun 14 14:24:23 cerbere ovpn-server[386]: TCPv4_SERVER link remote: 192.168.1.240:47693
Jun 14 14:24:24 cerbere ovpn-server[386]: 192.168.1.240:47693 [agreg] Peer Connection Initiated with 192.168.1.240:47693
[/quote]
agreg est le nom de la machine que j’utilise sur le client (ClefAgreg). 192.168.1.240 est l’adresse du routeur Wifi à partir duquel je me connecte.

/etc/openvpn/openvpn-status.log contient

[quote]OpenVPN CLIENT LIST
Updated,Sun Jun 14 16:31:25 2009
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
agreg,192.168.1.240:47693,78669,221665,Sun Jun 14 16:24:23 2009
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
00:…:5e,agreg,192.168.1.240:47693,Sun Jun 14 16:30:29 2009
GLOBAL STATS
Max bcast/mcast queue length,7
END
[/quote]

Coté client une tétrachiée de lignes

[quote]Jun 14 16:33:41 agreg ovpn-client[4332]: TCPv4_CLIENT READ [53] from …: P_DATA_V1 kid=0 DATA len=52
Jun 14 16:33:41 agreg ovpn-client[4332]: TCPv4_CLIENT WRITE [53] to …: P_DATA_V1 kid=0 DATA len=52
Jun 14 16:33:51 agreg ovpn-client[4332]: TCPv4_CLIENT READ [53] from …: P_DATA_V1 kid=0 DATA len=52
Jun 14 16:33:51 agreg ovpn-client[4332]: TCPv4_CLIENT WRITE [53] to …: P_DATA_V1 kid=0 DATA len=52
Jun 14 16:34:01 agreg ovpn-client[4332]: TCPv4_CLIENT WRITE [53] to …: P_DATA_V1 kid=0 DATA len=52
Jun 14 16:34:01 agreg ovpn-client[4332]: TCPv4_CLIENT READ [53] from …: P_DATA_V1 kid=0 DATA len=52
[/quote]les … étant IP + port du serveur.
Note que je ping sans pbm, est ce que le les autres services répondent?

Itaclem · Février 20, 2016, 8:17pm

Est t’il possible de me montrer tes paramètres de chaque coté?

Il n’y a rien a faire de plus que server.conf et client.ovpn ?

Peut etre des regles ou support de drivers ?

Itaclem · Février 20, 2016, 8:18pm

Ce paragraphe a t’il une importance crucial :

votre noyau doit comporter les options actives suivantes:
Citation:
Device Driver
-> Networking support
–> Networking Options
—> Universal Tun/Tap device driver support
—> 802.1d Ethernet Bridging

Erreur lors de la création d'un tunnel OPENVPN

The bridged network interface