Open VPN : serveur web site distant
xavier971
-
kraken972 Messages postés 2 Statut Membre -
kraken972 Messages postés 2 Statut Membre -
Bonjour,
J'ai fait une installation en mode bridged entre 2 site. l'init se fait bien.
j'arrive a pingger toutes les machines des 2 LAN qui sont tous 2 sur le réseau 192.168.1.0.
les 2 server sont sous MS 2003 server.
Cependant, sur mon server 192.168.1.10 j'ai un webserver :
quand j'y accede, la page commence à charger, mais ne se termine pas... c'est extremement lent, ça fait comme si il y des packets qui sont perdu ou autre.
est ce que quelqu'un peut m'aider, ça fait bien 1 bon moi que je suis la dessus à chercher partout ce qui pourrait faire cela.
any idea ?
je vous mets les logs server et client ci-contre :
voici les log du server :
Tue May 19 10:10:55 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11]
built on Nov 19 2008
Tue May 19 10:10:55 2009 NOTE: when bridging your LAN adapter with the TAP adapt
er, note that the new bridge adapter will often take on its own IP address that
is different from what the LAN adapter was previously set to
Tue May 19 10:10:55 2009 NOTE: your local LAN uses the extremely common subnet a
ddress 192.168.0.x or 192.168.1.x. Be aware that this might create routing conf
licts if you connect to the VPN server from public locations such as internet ca
fes that use the same subnet.
Tue May 19 10:10:55 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Tue May 19 10:10:55 2009 Diffie-Hellman initialized with 1024 bit key
Tue May 19 10:10:55 2009 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0
]
Tue May 19 10:10:55 2009 TAP-WIN32 device [tap-bridge] opened: \\.\Global\{87F42
131-C32E-4C4C-8CE5-B7F14901183A}.tap
Tue May 19 10:10:55 2009 NOTE: could not get adapter index for {87F42131-C32E-4C
4C-8CE5-B7F14901183A}
Tue May 19 10:10:55 2009 TAP-Win32 Driver Version 9.4
Tue May 19 10:10:55 2009 TAP-Win32 MTU=1500
Tue May 19 10:10:55 2009 Sleeping for 10 seconds...
Tue May 19 10:11:05 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Tue May 19 10:11:05 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue May 19 10:11:05 2009 UDPv4 link local (bound): [undef]:1194
Tue May 19 10:11:05 2009 UDPv4 link remote: [undef]
Tue May 19 10:11:05 2009 MULTI: multi_init called, r=256 v=256
Tue May 19 10:11:05 2009 IFCONFIG POOL: base=192.168.1.128 size=127
Tue May 19 10:11:05 2009 IFCONFIG POOL LIST
Tue May 19 10:11:05 2009 client1,192.168.1.128
Tue May 19 10:11:05 2009 Initialization Sequence Completed
Tue May 19 10:11:05 2009 MULTI: multi_create_instance called
Tue May 19 10:11:05 2009 213.188.181.162:63174 Re-using SSL/TLS context
Tue May 19 10:11:05 2009 213.188.181.162:63174 LZO compression initialized
Tue May 19 10:11:05 2009 213.188.181.162:63174 Control Channel MTU parms [ L:157
4 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 19 10:11:05 2009 213.188.181.162:63174 Data Channel MTU parms [ L:1574 D
:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue May 19 10:11:05 2009 213.188.181.162:63174 Local Options hash (VER=V4): 'f7d
f56b8'
Tue May 19 10:11:05 2009 213.188.181.162:63174 Expected Remote Options hash (VER
=V4): 'd79ca330'
Tue May 19 10:11:05 2009 213.188.181.162:63174 TLS: Initial packet from 213.188.
181.162:63174, sid=a9b5f3b9 737cdaeb
Tue May 19 10:11:06 2009 213.188.181.162:63174 VERIFY OK: depth=1, /C=FR/ST=MQ/L
=FortdeFrance/O=NOVATEC/OU=NOVATECMQ/CN=BALTUS/emailAddress=contact@novatecweb.c
om
Tue May 19 10:11:06 2009 213.188.181.162:63174 VERIFY OK: depth=0, /C=FR/ST=MQ/O
=NOVATEC/OU=NOVATECMQ/CN=client1/emailAddress=contact@novatecweb.com
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Encrypt: Cipher 'BF-
CBC' initialized with 128 bit key
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Encrypt: Using 160 b
it message hash 'SHA1' for HMAC authentication
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Decrypt: Cipher 'BF-
CBC' initialized with 128 bit key
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Decrypt: Using 160 b
it message hash 'SHA1' for HMAC authentication
Tue May 19 10:11:06 2009 213.188.181.162:63174 Control Channel: TLSv1, cipher TL
Sv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 19 10:11:06 2009 213.188.181.162:63174 [client1] Peer Connection Initiat
ed with 213.188.181.162:63174
Tue May 19 10:11:07 2009 client1/213.188.181.162:63174 MULTI: Learn: 02:ff:d2:79
:b8:2e -> client1/213.188.181.162:63174
Tue May 19 10:11:07 2009 client1/213.188.181.162:63174 PUSH: Received control me
ssage: 'PUSH_REQUEST'
Tue May 19 10:11:07 2009 client1/213.188.181.162:63174 SENT CONTROL [client1]: '
PUSH_REPLY,route-gateway 192.168.1.10,ping 10,ping-restart 120,ifconfig 192.168.
1.128 255.255.255.0' (status=1)
Tue May 19 10:12:10 2009 client1/213.188.181.162:63174 MULTI: Learn: 00:ff:3a:59
:53:34 -> client1/213.188.181.162:63174
voici les log du client :
Tue May 19 10:18:51 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11]
built on Nov 19 2008
Tue May 19 10:18:51 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Tue May 19 10:18:51 2009 LZO compression initialized
Tue May 19 10:18:51 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Tue May 19 10:18:51 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Tue May 19 10:18:51 2009 Local Options hash (VER=V4): 'd79ca330'
Tue May 19 10:18:51 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue May 19 10:18:51 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue May 19 10:18:51 2009 UDPv4 link local: [undef]
Tue May 19 10:18:51 2009 UDPv4 link remote: 93.121.176.28:1194
Tue May 19 10:18:51 2009 TLS: Initial packet from 93.121.176.28:1194, sid=e67d13
46 a171aaf2
Tue May 19 10:18:52 2009 VERIFY OK: depth=1, /C=FR/ST=MQ/L=FortdeFrance/O=NOVATE
C/OU=NOVATECMQ/CN=BALTUS/emailAddress=contact@novatecweb.com
Tue May 19 10:18:52 2009 VERIFY OK: nsCertType=SERVER
Tue May 19 10:18:52 2009 VERIFY OK: depth=0, /C=FR/ST=MQ/O=NOVATEC/OU=NOVATECMQ/
CN=BALTUS/emailAddress=contact@novatecweb.com
Tue May 19 10:18:52 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Tue May 19 10:18:52 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Tue May 19 10:18:52 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Tue May 19 10:18:52 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Tue May 19 10:18:52 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 1024 bit RSA
Tue May 19 10:18:52 2009 [BALTUS] Peer Connection Initiated with 93.121.176.28:1
194
Tue May 19 10:18:53 2009 SENT CONTROL [BALTUS]: 'PUSH_REQUEST' (status=1)
Tue May 19 10:18:54 2009 PUSH: Received control message: 'PUSH_REPLY,route-gatew
ay 192.168.1.10,ping 10,ping-restart 120,ifconfig 192.168.1.128 255.255.255.0'
Tue May 19 10:18:54 2009 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 19 10:18:54 2009 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 19 10:18:54 2009 OPTIONS IMPORT: route-related options modified
Tue May 19 10:18:54 2009 WARNING: potential TUN/TAP adapter subnet conflict betw
een local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.25
5.0]
Tue May 19 10:18:54 2009 TAP-WIN32 device [tap-bridge] opened: \\.\Global\{3A595
334-844F-4527-A496-D28339E5B3D1}.tap
Tue May 19 10:18:54 2009 TAP-Win32 Driver Version 9.4
Tue May 19 10:18:54 2009 TAP-Win32 MTU=1500
Tue May 19 10:18:54 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
92.168.1.128/255.255.255.0 on interface {3A595334-844F-4527-A496-D28339E5B3D1} [
DHCP-serv: 192.168.1.0, lease-time: 31536000]
Tue May 19 10:18:54 2009 NOTE: FlushIpNetTable failed on interface [22] {3A59533
4-844F-4527-A496-D28339E5B3D1} (status=1168) : ╔lÚment introuvable.
Tue May 19 10:18:59 2009 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue May 19 10:18:59 2009 Initialization Sequence Completed
J'ai fait une installation en mode bridged entre 2 site. l'init se fait bien.
j'arrive a pingger toutes les machines des 2 LAN qui sont tous 2 sur le réseau 192.168.1.0.
les 2 server sont sous MS 2003 server.
Cependant, sur mon server 192.168.1.10 j'ai un webserver :
quand j'y accede, la page commence à charger, mais ne se termine pas... c'est extremement lent, ça fait comme si il y des packets qui sont perdu ou autre.
est ce que quelqu'un peut m'aider, ça fait bien 1 bon moi que je suis la dessus à chercher partout ce qui pourrait faire cela.
any idea ?
je vous mets les logs server et client ci-contre :
voici les log du server :
Tue May 19 10:10:55 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11]
built on Nov 19 2008
Tue May 19 10:10:55 2009 NOTE: when bridging your LAN adapter with the TAP adapt
er, note that the new bridge adapter will often take on its own IP address that
is different from what the LAN adapter was previously set to
Tue May 19 10:10:55 2009 NOTE: your local LAN uses the extremely common subnet a
ddress 192.168.0.x or 192.168.1.x. Be aware that this might create routing conf
licts if you connect to the VPN server from public locations such as internet ca
fes that use the same subnet.
Tue May 19 10:10:55 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Tue May 19 10:10:55 2009 Diffie-Hellman initialized with 1024 bit key
Tue May 19 10:10:55 2009 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0
]
Tue May 19 10:10:55 2009 TAP-WIN32 device [tap-bridge] opened: \\.\Global\{87F42
131-C32E-4C4C-8CE5-B7F14901183A}.tap
Tue May 19 10:10:55 2009 NOTE: could not get adapter index for {87F42131-C32E-4C
4C-8CE5-B7F14901183A}
Tue May 19 10:10:55 2009 TAP-Win32 Driver Version 9.4
Tue May 19 10:10:55 2009 TAP-Win32 MTU=1500
Tue May 19 10:10:55 2009 Sleeping for 10 seconds...
Tue May 19 10:11:05 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Tue May 19 10:11:05 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue May 19 10:11:05 2009 UDPv4 link local (bound): [undef]:1194
Tue May 19 10:11:05 2009 UDPv4 link remote: [undef]
Tue May 19 10:11:05 2009 MULTI: multi_init called, r=256 v=256
Tue May 19 10:11:05 2009 IFCONFIG POOL: base=192.168.1.128 size=127
Tue May 19 10:11:05 2009 IFCONFIG POOL LIST
Tue May 19 10:11:05 2009 client1,192.168.1.128
Tue May 19 10:11:05 2009 Initialization Sequence Completed
Tue May 19 10:11:05 2009 MULTI: multi_create_instance called
Tue May 19 10:11:05 2009 213.188.181.162:63174 Re-using SSL/TLS context
Tue May 19 10:11:05 2009 213.188.181.162:63174 LZO compression initialized
Tue May 19 10:11:05 2009 213.188.181.162:63174 Control Channel MTU parms [ L:157
4 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue May 19 10:11:05 2009 213.188.181.162:63174 Data Channel MTU parms [ L:1574 D
:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Tue May 19 10:11:05 2009 213.188.181.162:63174 Local Options hash (VER=V4): 'f7d
f56b8'
Tue May 19 10:11:05 2009 213.188.181.162:63174 Expected Remote Options hash (VER
=V4): 'd79ca330'
Tue May 19 10:11:05 2009 213.188.181.162:63174 TLS: Initial packet from 213.188.
181.162:63174, sid=a9b5f3b9 737cdaeb
Tue May 19 10:11:06 2009 213.188.181.162:63174 VERIFY OK: depth=1, /C=FR/ST=MQ/L
=FortdeFrance/O=NOVATEC/OU=NOVATECMQ/CN=BALTUS/emailAddress=contact@novatecweb.c
om
Tue May 19 10:11:06 2009 213.188.181.162:63174 VERIFY OK: depth=0, /C=FR/ST=MQ/O
=NOVATEC/OU=NOVATECMQ/CN=client1/emailAddress=contact@novatecweb.com
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Encrypt: Cipher 'BF-
CBC' initialized with 128 bit key
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Encrypt: Using 160 b
it message hash 'SHA1' for HMAC authentication
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Decrypt: Cipher 'BF-
CBC' initialized with 128 bit key
Tue May 19 10:11:06 2009 213.188.181.162:63174 Data Channel Decrypt: Using 160 b
it message hash 'SHA1' for HMAC authentication
Tue May 19 10:11:06 2009 213.188.181.162:63174 Control Channel: TLSv1, cipher TL
Sv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 19 10:11:06 2009 213.188.181.162:63174 [client1] Peer Connection Initiat
ed with 213.188.181.162:63174
Tue May 19 10:11:07 2009 client1/213.188.181.162:63174 MULTI: Learn: 02:ff:d2:79
:b8:2e -> client1/213.188.181.162:63174
Tue May 19 10:11:07 2009 client1/213.188.181.162:63174 PUSH: Received control me
ssage: 'PUSH_REQUEST'
Tue May 19 10:11:07 2009 client1/213.188.181.162:63174 SENT CONTROL [client1]: '
PUSH_REPLY,route-gateway 192.168.1.10,ping 10,ping-restart 120,ifconfig 192.168.
1.128 255.255.255.0' (status=1)
Tue May 19 10:12:10 2009 client1/213.188.181.162:63174 MULTI: Learn: 00:ff:3a:59
:53:34 -> client1/213.188.181.162:63174
voici les log du client :
Tue May 19 10:18:51 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11]
built on Nov 19 2008
Tue May 19 10:18:51 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
her to call user-defined scripts or executables
Tue May 19 10:18:51 2009 LZO compression initialized
Tue May 19 10:18:51 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Tue May 19 10:18:51 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:
32 EL:0 AF:3/1 ]
Tue May 19 10:18:51 2009 Local Options hash (VER=V4): 'd79ca330'
Tue May 19 10:18:51 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Tue May 19 10:18:51 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue May 19 10:18:51 2009 UDPv4 link local: [undef]
Tue May 19 10:18:51 2009 UDPv4 link remote: 93.121.176.28:1194
Tue May 19 10:18:51 2009 TLS: Initial packet from 93.121.176.28:1194, sid=e67d13
46 a171aaf2
Tue May 19 10:18:52 2009 VERIFY OK: depth=1, /C=FR/ST=MQ/L=FortdeFrance/O=NOVATE
C/OU=NOVATECMQ/CN=BALTUS/emailAddress=contact@novatecweb.com
Tue May 19 10:18:52 2009 VERIFY OK: nsCertType=SERVER
Tue May 19 10:18:52 2009 VERIFY OK: depth=0, /C=FR/ST=MQ/O=NOVATEC/OU=NOVATECMQ/
CN=BALTUS/emailAddress=contact@novatecweb.com
Tue May 19 10:18:52 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Tue May 19 10:18:52 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Tue May 19 10:18:52 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Tue May 19 10:18:52 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Tue May 19 10:18:52 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 1024 bit RSA
Tue May 19 10:18:52 2009 [BALTUS] Peer Connection Initiated with 93.121.176.28:1
194
Tue May 19 10:18:53 2009 SENT CONTROL [BALTUS]: 'PUSH_REQUEST' (status=1)
Tue May 19 10:18:54 2009 PUSH: Received control message: 'PUSH_REPLY,route-gatew
ay 192.168.1.10,ping 10,ping-restart 120,ifconfig 192.168.1.128 255.255.255.0'
Tue May 19 10:18:54 2009 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 19 10:18:54 2009 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 19 10:18:54 2009 OPTIONS IMPORT: route-related options modified
Tue May 19 10:18:54 2009 WARNING: potential TUN/TAP adapter subnet conflict betw
een local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.25
5.0]
Tue May 19 10:18:54 2009 TAP-WIN32 device [tap-bridge] opened: \\.\Global\{3A595
334-844F-4527-A496-D28339E5B3D1}.tap
Tue May 19 10:18:54 2009 TAP-Win32 Driver Version 9.4
Tue May 19 10:18:54 2009 TAP-Win32 MTU=1500
Tue May 19 10:18:54 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
92.168.1.128/255.255.255.0 on interface {3A595334-844F-4527-A496-D28339E5B3D1} [
DHCP-serv: 192.168.1.0, lease-time: 31536000]
Tue May 19 10:18:54 2009 NOTE: FlushIpNetTable failed on interface [22] {3A59533
4-844F-4527-A496-D28339E5B3D1} (status=1168) : ╔lÚment introuvable.
Tue May 19 10:18:59 2009 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Tue May 19 10:18:59 2009 Initialization Sequence Completed
A voir également:
- Open VPN : serveur web site distant
- Open office gratuit - Télécharger - Suite bureautique
- Open core legacy patcher - Accueil - MacOS
- Vpn comment ça marche - Guide
- Vpn gratuit - Accueil - Guide VPN
- Open sankoré - Télécharger - Bureautique
3 réponses
Rebonjour,
c'est justement là que se situe le problème...
je ne comprends pas où il peut y avoir le conflit, puisque le role meme du mode bridgé est de permettre à 2 site distant d'exploiter le même réseau. dans notre cas 192.168.1.0...
dans ce cas précis, il n'y aura pas de connexion en cybercafé ou dans des lieux public
le LAN A : le pool est entre 1 et 100
le LAN B : pool entre 101 et 200
au dessus de 200 c'est réservé aux équipements type routeur et FXS pour la VOIP (qui fonctionne paradoxalement bien par ailleur)...
les gateway evidemment ont des adresse différentes
Je rencontre ce problème uniquement sur les service web et le RDP
help !! c'est plus que déconcertant.
Le champagne pour celui qui m'aide a trouver la soluce :)
pour les hacker pas d'inquiétude... il y a du firewall (IPCOP) sur le réseau, mais désactivé en moment afin de procéder par élimination...
c'est justement là que se situe le problème...
je ne comprends pas où il peut y avoir le conflit, puisque le role meme du mode bridgé est de permettre à 2 site distant d'exploiter le même réseau. dans notre cas 192.168.1.0...
dans ce cas précis, il n'y aura pas de connexion en cybercafé ou dans des lieux public
le LAN A : le pool est entre 1 et 100
le LAN B : pool entre 101 et 200
au dessus de 200 c'est réservé aux équipements type routeur et FXS pour la VOIP (qui fonctionne paradoxalement bien par ailleur)...
les gateway evidemment ont des adresse différentes
Je rencontre ce problème uniquement sur les service web et le RDP
help !! c'est plus que déconcertant.
Le champagne pour celui qui m'aide a trouver la soluce :)
pour les hacker pas d'inquiétude... il y a du firewall (IPCOP) sur le réseau, mais désactivé en moment afin de procéder par élimination...
Bonsoir,
C'est pourtant clair :
Le serveur vous dit :
Tue May 19 10:10:55 2009 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Et le client :
Tue May 19 10:18:54 2009 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Par ailleur je constate que vous branchez vos interfaces WAN directement sur vos serveur w2k3 : si un hacker passe par là, il va s'ammuser...
Pour creer un tunnel VPN, faite-le entre les routeurs/firewalls. Ce sont des équipements durcis et dédiés à cette tache.
Cordialement,
C'est pourtant clair :
Le serveur vous dit :
Tue May 19 10:10:55 2009 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Et le client :
Tue May 19 10:18:54 2009 WARNING: potential TUN/TAP adapter subnet conflict between local LAN [192.168.1.0/255.255.255.0] and remote VPN [192.168.1.0/255.255.255.0]
Par ailleur je constate que vous branchez vos interfaces WAN directement sur vos serveur w2k3 : si un hacker passe par là, il va s'ammuser...
Pour creer un tunnel VPN, faite-le entre les routeurs/firewalls. Ce sont des équipements durcis et dédiés à cette tache.
Cordialement,
