Problème OpenVPN

Fermé
killruana Messages postés 19 Date d'inscription lundi 11 juin 2007 Statut Membre Dernière intervention 19 avril 2010 - 19 avril 2010 à 14:54
Bonjour,
Comme l'indique de manière très claire (sic) mon titre, j'ai un problème avec OpenVPN : pour une raison que j'ignore, et alors que ça marchait très bien jusqu'à maintenant, mon tunnel VPN ne fonctionne plus.
Symptômes : impossible de me connecter à Internet via le vpn.
Jusqu'à maintenant, la passerelle était 10.8.0.1, mais pour une raison que j'ignore, le client s'évertue à vouloir prendre 10.8.0.5 comme passerelle...

Merci d'avance pour votre aide.



INFOS :
-SERVEUR : Un kimsufi sous freebsd 8.0
--server.conf :
# Configuration du serveur
mode server
local XXX
proto tcp
port 443
dev tun

# Clefs
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh1024.pem

# Configuration VPN
#client-to-client
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
mute 20

push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"


--ifconfig :
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:1c:c0:56:81:0b
inet XXX netmask 0xffffff00 broadcast 91.121.158.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff
Opened by PID 3586


--routes :
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 91.121.158.254 UGS 2 2873 sis0
10.8.0.0/24 10.8.0.2 UGS 0 0 tun0
10.8.0.1 link#3 UHS 0 0 lo0
10.8.0.2 link#3 UH 0 0 tun0
91.121.158.0/24 link#1 U 2 4506 sis0
XXX link#1 UHS 0 0 lo0
127.0.0.1 link#2 UH 0 78 lo0



-CLIENT : un ordinateur sous WinXP derrière une box
--client.conf :
client
dev tun
proto tcp-client
remote XXX
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert killruana.crt
key killruana.key
comp-lzo
verb 4
;mute 20
route-method exe
route-delay 2

--log de connexion :
Mon Apr 19 14:42:16 2010 us=78000 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Mon Apr 19 14:42:16 2010 us=93000 WARNING: No server certificate verification method has been enabled. See https://openvpn.net/community-resources/how-to/#mitm for more info.
Mon Apr 19 14:42:16 2010 us=93000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 19 14:42:16 2010 us=312000 LZO compression initialized
Mon Apr 19 14:42:16 2010 us=312000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Apr 19 14:42:16 2010 us=328000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr 19 14:42:16 2010 us=328000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Apr 19 14:42:16 2010 us=328000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Apr 19 14:42:16 2010 us=328000 Local Options hash (VER=V4): '69109d17'
Mon Apr 19 14:42:16 2010 us=328000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Mon Apr 19 14:42:16 2010 us=328000 Attempting to establish TCP connection with XXX:443
Mon Apr 19 14:42:16 2010 us=375000 TCP connection established with XXX:443
Mon Apr 19 14:42:16 2010 us=375000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Apr 19 14:42:16 2010 us=375000 TCPv4_CLIENT link local: [undef]
Mon Apr 19 14:42:16 2010 us=375000 TCPv4_CLIENT link remote: XXX:443
Mon Apr 19 14:42:16 2010 us=406000 TLS: Initial packet from XXX:443, sid=045f84e1 e217b36c
Mon Apr 19 14:42:17 2010 us=31000 VERIFY OK: depth=1, /C=FR/ST=Herault/L=Montpellier/O=r26808.ovh.net/CN=r26808.ovh.net_CA/emailAddress=killruana@gmail.com
Mon Apr 19 14:42:17 2010 us=31000 VERIFY OK: depth=0, /C=FR/ST=Herault/L=Montpellier/O=r26808.ovh.net/CN=server/emailAddress=killruana@gmail.com
Mon Apr 19 14:42:18 2010 us=671000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 19 14:42:18 2010 us=671000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 19 14:42:18 2010 us=671000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 19 14:42:18 2010 us=671000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 19 14:42:18 2010 us=671000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Apr 19 14:42:18 2010 us=671000 [server] Peer Connection Initiated with XXX:443
Mon Apr 19 14:42:21 2010 us=46000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Apr 19 14:42:21 2010 us=234000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Apr 19 14:42:21 2010 us=234000 OPTIONS IMPORT: timers and/or timeouts modified
Mon Apr 19 14:42:21 2010 us=234000 OPTIONS IMPORT: --ifconfig/up options modified
Mon Apr 19 14:42:21 2010 us=234000 OPTIONS IMPORT: route options modified
Mon Apr 19 14:42:21 2010 us=234000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Apr 19 14:42:21 2010 us=250000 ROUTE default_gateway=163.187.15.129
Mon Apr 19 14:42:21 2010 us=265000 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{DDE19E05-F0D7-4DBD-AD67-A3FA890EC2F9}.tap
Mon Apr 19 14:42:21 2010 us=281000 TAP-Win32 Driver Version 9.6
Mon Apr 19 14:42:21 2010 us=281000 TAP-Win32 MTU=1500
Mon Apr 19 14:42:21 2010 us=281000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {DDE19E05-F0D7-4DBD-AD67-A3FA890EC2F9} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Apr 19 14:42:21 2010 us=281000 DHCP option string: 06040a08 0001
Mon Apr 19 14:42:21 2010 us=281000 Successful ARP Flush on interface [131075] {DDE19E05-F0D7-4DBD-AD67-A3FA890EC2F9}
Mon Apr 19 14:42:23 2010 us=484000 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Apr 19 14:42:23 2010 us=484000 Route: Waiting for TUN/TAP interface to come up...
Mon Apr 19 14:42:25 2010 us=671000 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Apr 19 14:42:25 2010 us=671000 Route: Waiting for TUN/TAP interface to come up...
Mon Apr 19 14:42:26 2010 us=859000 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Mon Apr 19 14:42:26 2010 us=859000 C:\WINDOWS\system32\route.exe ADD XXX MASK 255.255.255.255 163.187.15.129
Mon Apr 19 14:42:27 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Apr 19 14:42:27 2010 us=109000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Apr 19 14:42:27 2010 us=171000 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Apr 19 14:42:27 2010 us=234000 Initialization Sequence Completed

--ipconfig :
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 163.187.15.210
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Default Gateway . . . . . . . . . : 163.187.15.129

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : 10.8.0.5


--routes :
Network Destination Netmask Gateway Interface Metric
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 1
0.0.0.0 0.0.0.0 163.187.15.129 163.187.15.210 10
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 1
10.8.0.4 255.255.255.252 10.8.0.6 10.8.0.6 30
10.8.0.6 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.8.0.6 10.8.0.6 30
XXX 255.255.255.255 163.187.15.129 163.187.15.210 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 1
163.187.15.128 255.255.255.128 163.187.15.210 163.187.15.210 10
163.187.15.210 255.255.255.255 127.0.0.1 127.0.0.1 10
163.187.255.255 255.255.255.255 163.187.15.210 163.187.15.210 10
224.0.0.0 240.0.0.0 10.8.0.6 10.8.0.6 30
224.0.0.0 240.0.0.0 163.187.15.210 163.187.15.210 10
255.255.255.255 255.255.255.255 10.8.0.6 10.8.0.6 1
255.255.255.255 255.255.255.255 163.187.15.210 163.187.15.210 1
Default Gateway: 10.8.0.5