Bonjour,
J’ai un serveur openvpn.
Le client se connecte sans problème, mais impossible d’accéder au réseau local. seulement a la machine serveur.
Config serveur :
dev-node "VPN"
port 9921
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.32.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
client-to-client
cipher AES-256-CBC
persist-tun
status openvpn-status.log
verb 3
Config client :
client
dev tun
proto tcp
remote xxxxxxxxx xxx
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
Log lors de la connexion du client :
Fri Jan 22 20:06:16 2021 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Fri Jan 22 20:06:16 2021 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jan 22 20:06:16 2021 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Fri Jan 22 20:06:16 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jan 22 20:06:16 2021 Need hold release from management interface, waiting...
Fri Jan 22 20:06:17 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jan 22 20:06:17 2021 MANAGEMENT: CMD 'state on'
Fri Jan 22 20:06:17 2021 MANAGEMENT: CMD 'log all on'
Fri Jan 22 20:06:17 2021 MANAGEMENT: CMD 'echo all on'
Fri Jan 22 20:06:17 2021 MANAGEMENT: CMD 'bytecount 5'
Fri Jan 22 20:06:17 2021 MANAGEMENT: CMD 'hold off'
Fri Jan 22 20:06:17 2021 MANAGEMENT: CMD 'hold release'
Fri Jan 22 20:06:17 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxxx
Fri Jan 22 20:06:17 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jan 22 20:06:17 2021 Attempting to establish TCP connection with [AF_INET]xxxxxxxxxx [nonblock]
Fri Jan 22 20:06:17 2021 MANAGEMENT: >STATE:1611342377,TCP_CONNECT,,,,,,
Fri Jan 22 20:06:18 2021 TCP connection established with [AF_INET]xxxxxxxxxx
Fri Jan 22 20:06:18 2021 TCP_CLIENT link local: (not bound)
Fri Jan 22 20:06:18 2021 TCP_CLIENT link remote: [AF_INET]xxxxxxxxxx
Fri Jan 22 20:06:18 2021 MANAGEMENT: >STATE:1611342378,WAIT,,,,,,
Fri Jan 22 20:06:18 2021 MANAGEMENT: >STATE:1611342378,AUTH,,,,,,
Fri Jan 22 20:06:18 2021 TLS: Initial packet from [AF_INET]xxxxxxxxxx, sid=682c5531 66523b61
Fri Jan 22 20:06:18 2021 VERIFY OK: depth=1, C=FR, ST=FR, L=TOULOUSE, O=OpenVPN, OU=changeme, CN=DTEL, name=changeme, emailAddress=root@dtel.pro
Fri Jan 22 20:06:18 2021 VERIFY KU OK
Fri Jan 22 20:06:18 2021 Validating certificate extended key usage
Fri Jan 22 20:06:18 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Jan 22 20:06:18 2021 VERIFY EKU OK
Fri Jan 22 20:06:18 2021 VERIFY OK: depth=0, C=FR, ST=FR, L=TOULOUSE, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=root@dtel.pro
Fri Jan 22 20:06:19 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Jan 22 20:06:19 2021 [server] Peer Connection Initiated with [AF_INET]xxxxxxxxxx
Fri Jan 22 20:06:20 2021 MANAGEMENT: >STATE:1611342380,GET_CONFIG,,,,,,
Fri Jan 22 20:06:20 2021 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Jan 22 20:06:20 2021 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.32.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.32.0.6 10.32.0.5,peer-id 0,cipher AES-256-GCM'
Fri Jan 22 20:06:20 2021 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 22 20:06:20 2021 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 22 20:06:20 2021 OPTIONS IMPORT: route options modified
Fri Jan 22 20:06:20 2021 OPTIONS IMPORT: peer-id set
Fri Jan 22 20:06:20 2021 OPTIONS IMPORT: adjusting link_mtu to 1626
Fri Jan 22 20:06:20 2021 OPTIONS IMPORT: data channel crypto options modified
Fri Jan 22 20:06:20 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Jan 22 20:06:20 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jan 22 20:06:20 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jan 22 20:06:20 2021 interactive service msg_channel=0
Fri Jan 22 20:06:20 2021 ROUTE_GATEWAY 172.20.10.1/255.255.255.240 I=9 HWADDR=00:1c:42:cb:a1:fb
Fri Jan 22 20:06:20 2021 open_tun
Fri Jan 22 20:06:20 2021 TAP-WIN32 device [Connexion au réseau local] opened: \\.\Global\{F669C791-933C-46FE-A477-AE3665F0159D}.tap
Fri Jan 22 20:06:20 2021 TAP-Windows Driver Version 9.24
Fri Jan 22 20:06:20 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.32.0.6/255.255.255.252 on interface {F669C791-933C-46FE-A477-AE3665F0159D} [DHCP-serv: 10.32.0.5, lease-time: 31536000]
Fri Jan 22 20:06:20 2021 Successful ARP Flush on interface [3] {F669C791-933C-46FE-A477-AE3665F0159D}
Fri Jan 22 20:06:20 2021 MANAGEMENT: >STATE:1611342380,ASSIGN_IP,,10.32.0.6,,,,
Fri Jan 22 20:06:26 2021 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Fri Jan 22 20:06:26 2021 MANAGEMENT: >STATE:1611342386,ADD_ROUTES,,,,,,
Fri Jan 22 20:06:26 2021 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.32.0.5
Fri Jan 22 20:06:26 2021 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri Jan 22 20:06:26 2021 Route addition via IPAPI succeeded [adaptive]
Fri Jan 22 20:06:26 2021 C:\Windows\system32\route.exe ADD 10.32.0.0 MASK 255.255.255.0 10.32.0.5
Fri Jan 22 20:06:26 2021 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri Jan 22 20:06:26 2021 Route addition via IPAPI succeeded [adaptive]
Fri Jan 22 20:06:26 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 22 20:06:26 2021 Initialization Sequence Completed
Fri Jan 22 20:06:26 2021 MANAGEMENT: >STATE:1611342386,CONNECTED,SUCCESS,10.32.0.6,xxxxxxxxxx,9921,172.20.10.3,61250
Il fais bien la root, mais impossible de faire même un ping vers une machine sur mon réseau local en 192.168.1.0…
Par contre j’ai bien accès a mon serveur VPN. Seulement lui.
Une idée ?
Merci