Sujet Précédent Sujet Suivant

OpenVPN le client ne se connecte pas

Résolu/Fermé
jivef Messages postés 927 Date d'inscription mercredi 11 août 2004 Statut Membre Dernière intervention 12 novembre 2020 - Modifié par jivef le 13/02/2015 à 03:21
jivef Messages postés 927 Date d'inscription mercredi 11 août 2004 Statut Membre Dernière intervention 12 novembre 2020 - 21 févr. 2015 à 06:22
Bonjour,

Je viens de remonter un openVPN sur un serveur CentOS 6 64 bits.

J'ai installé l'application, généré mes clés et j'ai un problème.
Le PC client ne se connecte pas.

J'ai refait mon jeu de certificats plusieurs pensant que cela venait de là, mais finalement je ne crois pas.
J'ai plutôt l'impression que ça provient de l'application openvpn, mais je ne vois pas ce qui bloque.

Pour info, je donne l'adresse 200.100.100.50, mais forcément, elle est trop ronde pour être l'adresse réelle du serveur.

Coté serveur l'interface réseau iptunnel se monte correctement :

(extrait du résultat de ifconfig) 

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


Voici ce que j'ai sur le serveur dans /var/log/messages 

Feb 12 19:16:41 servername openvpn[5050]: I/O WAIT TR|Tw|SR|Sw [10/0]
Feb 12 19:16:51 servername openvpn[5050]:  event_wait returned 0
Feb 12 19:16:51 servername openvpn[5050]: I/O WAIT status=0x0020
Feb 12 19:16:51 servername openvpn[5050]: MULTI: REAP range 176 -> 192
Feb 12 19:16:51 servername openvpn[5050]: SCHEDULE: schedule_find_least NULL
Feb 12 19:16:51 servername openvpn[5050]: PO_CTL rwflags=0x0001 ev=6 arg=0x0069c9e8
Feb 12 19:16:51  servername openvpn[5050]: PO_CTL rwflags=0x0001 ev=7 arg=0x0069c8c8
Feb 12 19:16:51  servername openvpn[5050]: I/O WAIT TR|Tw|SR|Sw [10/0]


Je pense que le problème se situe coté serveur, car avec un fichier client openvpn qui fonctionnait avec un ancien serveur, ça ne fonctionne pas mieux. (configuration cliente équivalente, j'ai pris soin de mettre la bonne addresse du serveur avant d'essayer).


Coté client le journal est un peu long, donc avant de le mettre je vais fournir les fichiers :

/etc/openvpn/server.conf
et
C:\program files\openvpn\config\client.ovpn

/etc/openvpn/server.conf 

port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
#cert /etc/openvpn/easy-rsa/2.0/keys/ovpnsrv1.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
#key /etc/openvpn/easy-rsa/2.0/keys/ovpnsrv1.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
#plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/login
#plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
#plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
#verb 3
verb 9



c:\program files\openvpn\config\client.ovpn 

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote 200.100.100.50 1194   #adresse fictive modifiée.
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
#cert client.crt #Fichier de la config de base.
#key client.key #Fichier de la config de base.
cert vpnhome.crt
key vpnhome.key

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  https://openvpn.net/community-resources/how-to/#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server


# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 9

# Silence repeating messages
;mute 20




Dans le journal coté client (Windows), j'ai beaucoup de lignes comme celles-ci : 

Thu Feb 12 15:27:00 2015 us=150870  event_wait returned 1
Thu Feb 12 15:27:01 2015 us=170768  event_wait returned 0

Mais comme j'ai mis le journal en mode "verbeux" je ne pense pas que ça ait un rapport.

Vers la fin de mon journal coté client (Windows), j'ai ça : 


Thu Feb 12 15:32:02 2015 us=164596 WIN32 I/O: Socket Completion non-queued error: Invalid argument (WSAEINVAL) (errno=10022)
Thu Feb 12 15:32:02 2015 us=164596 UDPv4 read returned -1
Thu Feb 12 15:32:02 2015 us=164596 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Thu Feb 12 15:32:02 2015 us=164596  event_wait returned 1
Thu Feb 12 15:32:02 2015 us=583596  event_wait returned 1
Thu Feb 12 15:32:02 2015 us=583596 UDPv4 read returned 26
Thu Feb 12 15:32:02 2015 us=583596 UDPv4 READ [26] from [AF_INET]200.100.100.50:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=fcadd885 5a0b2941 [ 0 sid=f1a88f1e 5237851b ] pid=0 DATA 
Thu Feb 12 15:32:02 2015 us=583596 MANAGEMENT: >STATE:1423791122,AUTH,,,
Thu Feb 12 15:32:02 2015 us=583596 TLS: Initial packet from [AF_INET]200.100.100.50:1194, sid=fcadd885 5a0b2941
Thu Feb 12 15:32:02 2015 us=583596  event_wait returned 2
Thu Feb 12 15:32:02 2015 us=583596 UDPv4 WRITE [22] to [AF_INET]200.100.00.50:1194: P_ACK_V1 kid=0 sid=f1a88f1e 5237851b [ 0 sid=fcadd885 5a0b2941 ]
Thu Feb 12 15:32:02 2015 us=583596 UDPv4 write returned 22
Thu Feb 12 15:32:02 2015 us=584596  event_wait returned 2
Thu Feb 12 15:32:02 2015 us=584596 UDPv4 WRITE [114] to [AF_INET]200.100.00.50:1194: P_CONTROL_V1 kid=0 sid=f1a88f1e 5237851b [ ] pid=1 DATA 16030100 ce010000 ca030137 957a57c1 03fd70e3 ecce39a1 2e3f48cb 8a3031e[more...]
Thu Feb 12 15:32:02 2015 us=584596 UDPv4 write returned 114
Thu Feb 12 15:32:02 2015 us=584596  event_wait returned 2
Thu Feb 12 15:32:02 2015 us=584596 UDPv4 WRITE [114] to [AF_INET]200.100.00.50:1194: P_CONTROL_V1 kid=0 sid=f1a88f1e 5237851b [ ] pid=2 DATA c0020005 0004c012 c0080016 0013c00d c003000a 00150012 00090014 0011000[more...]
Thu Feb 12 15:32:02 2015 us=584596 UDPv4 write returned 114
Thu Feb 12 15:32:02 2015 us=584596  event_wait returned 2
Thu Feb 12 15:32:02 2015 us=584596 UDPv4 WRITE [25] to [AF_INET]200.100.00.50:1194: P_CONTROL_V1 kid=0 sid=f1a88f1e 5237851b [ ] pid=3 DATA 000f0010 0011000f 000101
Thu Feb 12 15:32:02 2015 us=584596 UDPv4 write returned 25
Thu Feb 12 15:32:02 2015 us=584596  event_wait returned 1
Thu Feb 12 15:32:02 2015 us=642596  event_wait returned 1
Thu Feb 12 15:32:02 2015 us=642596 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=000000000033B020, ptr=0000000000000000, ad=000000000033B078, idx=0, argl=0, argp=00000000645D7DCF
Thu Feb 12 15:32:02 2015 us=642596 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=00000000003A3100, ptr=0000000000000000, ad=00000000003A3158, idx=0, argl=0, argp=00000000645D7DCF
Thu Feb 12 15:32:02 2015 us=642596 TCP/UDP: Closing socket
Thu Feb 12 15:32:02 2015 us=643596 SIGTERM[hard,] received, process exiting
Thu Feb 12 15:32:02 2015 us=643596 MANAGEMENT: >STATE:1423791122,EXITING,SIGTERM,,
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: pkcs11h_terminate entry
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: Terminating openssl
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: _pkcs11h_openssl_terminate
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: Removing providers
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: Releasing sessions
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: Terminating slotevent
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: _pkcs11h_slotevent_terminate entry
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: _pkcs11h_slotevent_terminate return
Thu Feb 12 15:32:02 2015 us=643596 PKCS#11: Marking as uninitialized




Je pense qu'il y a beaucoup de détails dans ce message, peut-être même un peu trop.
Il y a deux jours que je me bagarre avec cette config et j'ai du mal à m'en sortir.
J'ai déjà regardé sur le site "openvpn.net" et j'ai trouvé des messages décrivant le même problème, mais pas de solutions.

Merci par avance pour votre aide.

5 réponses

Réponse 1 / 5
Mykkel Messages postés 157 Date d'inscription dimanche 16 janvier 2011 Statut Membre Dernière intervention 25 février 2016 6
13 févr. 2015 à 16:27
bonjour,
déjà, si tu indiques client-cert-not-required, alors les clés d'authenfication sur le client deviennent inutiles.

lignes à commenter pour le test:
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name


et donnes l'affichage sur le serveur avant de lancer le client

à la fin, tu dois avoir ça: 
MULTI: TCP INIT maxclients=1024 maxevents=1028
   Initialization Sequence Completed
0
jivef Messages postés 927 Date d'inscription mercredi 11 août 2004 Statut Membre Dernière intervention 12 novembre 2020 306
16 févr. 2015 à 09:13
Bonjour,
J'ai fait comme indiqué et j'ai relancé le serveur openvpn.
Dans le fichier /var/log/messages j'ai ça : 

Feb 16 02:10:37 servername openvpn[17176]: I/O WAIT TR|Tw|SR|Sw [10/0]
Feb 16 02:10:48 servername openvpn[17176]:  event_wait returned 0
Feb 16 02:10:48 servername openvpn[17176]: I/O WAIT status=0x0020
Feb 16 02:10:48 servername openvpn[17176]: MULTI: REAP range 128 -> 144
Feb 16 02:10:48 servername openvpn[17176]: SCHEDULE: schedule_find_least NULL
Feb 16 02:10:48 servername openvpn[17176]: PO_CTL rwflags=0x0001 ev=5 arg=0x0069c9e8
Feb 16 02:10:48 servername openvpn[17176]: PO_CTL rwflags=0x0001 ev=6 arg=0x0069c8c8
Feb 16 02:10:48 servername openvpn[17176]: I/O WAIT TR|Tw|SR|Sw [10/0]


Mais je n'ai pas le message que tu as indiqué.
Je ne comprends pas.
En tout cas, merci d'avoir jeté un coup d'oeil.
0
Mykkel Messages postés 157 Date d'inscription dimanche 16 janvier 2011 Statut Membre Dernière intervention 25 février 2016 6 > jivef Messages postés 927 Date d'inscription mercredi 11 août 2004 Statut Membre Dernière intervention 12 novembre 2020
16 févr. 2015 à 12:24
hello, c'est le démarrage du serveur qu'il faudrait voir:
je ne connais pas CentOS, il faut le lancer dans un terminal pour voir les messages indiqués, par exemple sous Debian
stopper le serveur
# /etc/init.d/openvpn stop
et le lancer à la mano dans le terminal et voir les messages indiqués:
# openvpn /etc/openvpn/server.conf
0
jivef Messages postés 927 Date d'inscription mercredi 11 août 2004 Statut Membre Dernière intervention 12 novembre 2020 306 > Mykkel Messages postés 157 Date d'inscription dimanche 16 janvier 2011 Statut Membre Dernière intervention 25 février 2016
18 févr. 2015 à 06:47
Bonjour,
L'arrêt du service s'est bien déroulé et voici les messages au démarrage. 

[root@servername utilisateur]#  openvpn /etc/openvpn/server.conf
Tue Feb 17 23:43:56 2015 us=816713 Current Parameter Settings:
Tue Feb 17 23:43:56 2015 us=816834   config = '/etc/openvpn/server.conf'
Tue Feb 17 23:43:56 2015 us=816860   mode = 1
Tue Feb 17 23:43:56 2015 us=816883   persist_config = DISABLED
Tue Feb 17 23:43:56 2015 us=816906   persist_mode = 1
Tue Feb 17 23:43:56 2015 us=816928   show_ciphers = DISABLED
Tue Feb 17 23:43:56 2015 us=816951   show_digests = DISABLED
Tue Feb 17 23:43:56 2015 us=816973   show_engines = DISABLED
Tue Feb 17 23:43:56 2015 us=816994   genkey = DISABLED
Tue Feb 17 23:43:56 2015 us=817016   key_pass_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817039   show_tls_ciphers = DISABLED
Tue Feb 17 23:43:56 2015 us=817060 Connection profiles [default]:
Tue Feb 17 23:43:56 2015 us=817083   proto = udp
Tue Feb 17 23:43:56 2015 us=817104   local = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817126   local_port = 1194
Tue Feb 17 23:43:56 2015 us=817147   remote = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817169   remote_port = 1194
Tue Feb 17 23:43:56 2015 us=817190   remote_float = DISABLED
Tue Feb 17 23:43:56 2015 us=817212   bind_defined = DISABLED
Tue Feb 17 23:43:56 2015 us=817234   bind_local = ENABLED
Tue Feb 17 23:43:56 2015 us=817255   connect_retry_seconds = 5
Tue Feb 17 23:43:56 2015 us=817276   connect_timeout = 10
Tue Feb 17 23:43:56 2015 us=817298   connect_retry_max = 0
Tue Feb 17 23:43:56 2015 us=817319   socks_proxy_server = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817341   socks_proxy_port = 0
Tue Feb 17 23:43:56 2015 us=817406   socks_proxy_retry = DISABLED
Tue Feb 17 23:43:56 2015 us=817437   tun_mtu = 1500
Tue Feb 17 23:43:56 2015 us=817466   tun_mtu_defined = ENABLED
Tue Feb 17 23:43:56 2015 us=817494   link_mtu = 1500
Tue Feb 17 23:43:56 2015 us=817524   link_mtu_defined = DISABLED
Tue Feb 17 23:43:56 2015 us=817554   tun_mtu_extra = 0
Tue Feb 17 23:43:56 2015 us=817582   tun_mtu_extra_defined = DISABLED
Tue Feb 17 23:43:56 2015 us=817612   mtu_discover_type = -1
Tue Feb 17 23:43:56 2015 us=817641   fragment = 0
Tue Feb 17 23:43:56 2015 us=817670   mssfix = 1450
Tue Feb 17 23:43:56 2015 us=817699   explicit_exit_notification = 0
Tue Feb 17 23:43:56 2015 us=817732 Connection profiles END
Tue Feb 17 23:43:56 2015 us=817761   remote_random = DISABLED
Tue Feb 17 23:43:56 2015 us=817790   ipchange = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817819   dev = 'tun'
Tue Feb 17 23:43:56 2015 us=817847   dev_type = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817875   dev_node = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817905   lladdr = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=817934   topology = 1
Tue Feb 17 23:43:56 2015 us=817963   tun_ipv6 = DISABLED
Tue Feb 17 23:43:56 2015 us=817993   ifconfig_local = '10.8.0.1'
Tue Feb 17 23:43:56 2015 us=818022   ifconfig_remote_netmask = '10.8.0.2'
Tue Feb 17 23:43:56 2015 us=818051   ifconfig_noexec = DISABLED
Tue Feb 17 23:43:56 2015 us=818082   ifconfig_nowarn = DISABLED
Tue Feb 17 23:43:56 2015 us=818112   ifconfig_ipv6_local = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818140   ifconfig_ipv6_netbits = 0
Tue Feb 17 23:43:56 2015 us=818170   ifconfig_ipv6_remote = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818199   shaper = 0
Tue Feb 17 23:43:56 2015 us=818227   mtu_test = 0
Tue Feb 17 23:43:56 2015 us=818256   mlock = DISABLED
Tue Feb 17 23:43:56 2015 us=818285   keepalive_ping = 5
Tue Feb 17 23:43:56 2015 us=818313   keepalive_timeout = 30
Tue Feb 17 23:43:56 2015 us=818342   inactivity_timeout = 0
Tue Feb 17 23:43:56 2015 us=818381   ping_send_timeout = 5
Tue Feb 17 23:43:56 2015 us=818408   ping_rec_timeout = 60
Tue Feb 17 23:43:56 2015 us=818430   ping_rec_timeout_action = 2
Tue Feb 17 23:43:56 2015 us=818451   ping_timer_remote = DISABLED
Tue Feb 17 23:43:56 2015 us=818472   remap_sigusr1 = 0
Tue Feb 17 23:43:56 2015 us=818494   persist_tun = ENABLED
Tue Feb 17 23:43:56 2015 us=818515   persist_local_ip = DISABLED
Tue Feb 17 23:43:56 2015 us=818536   persist_remote_ip = DISABLED
Tue Feb 17 23:43:56 2015 us=818557   persist_key = ENABLED
Tue Feb 17 23:43:56 2015 us=818577   passtos = DISABLED
Tue Feb 17 23:43:56 2015 us=818598   resolve_retry_seconds = 1000000000
Tue Feb 17 23:43:56 2015 us=818620   username = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818641   groupname = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818661   chroot_dir = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818682   cd_dir = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818703   writepid = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818724   up_script = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818744   down_script = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=818765   down_pre = DISABLED
Tue Feb 17 23:43:56 2015 us=818786   up_restart = DISABLED
Tue Feb 17 23:43:56 2015 us=818807   up_delay = DISABLED
Tue Feb 17 23:43:56 2015 us=818828   daemon = DISABLED
Tue Feb 17 23:43:56 2015 us=818850   inetd = 0
Tue Feb 17 23:43:56 2015 us=818871   log = DISABLED
Tue Feb 17 23:43:56 2015 us=818892   suppress_timestamps = DISABLED
Tue Feb 17 23:43:56 2015 us=818914   nice = 0
Tue Feb 17 23:43:56 2015 us=818935   verbosity = 9
Tue Feb 17 23:43:56 2015 us=818955   mute = 0
Tue Feb 17 23:43:56 2015 us=818976   gremlin = 0
Tue Feb 17 23:43:56 2015 us=818997   status_file = '1194.log'
Tue Feb 17 23:43:56 2015 us=819018   status_file_version = 1
Tue Feb 17 23:43:56 2015 us=819040   status_file_update_freq = 60
Tue Feb 17 23:43:56 2015 us=819061   occ = ENABLED
Tue Feb 17 23:43:56 2015 us=819082   rcvbuf = 65536
Tue Feb 17 23:43:56 2015 us=819102   sndbuf = 65536
Tue Feb 17 23:43:56 2015 us=819125   mark = 0
Tue Feb 17 23:43:56 2015 us=819146   sockflags = 0
Tue Feb 17 23:43:56 2015 us=819166   fast_io = DISABLED
Tue Feb 17 23:43:56 2015 us=819188   lzo = 7
Tue Feb 17 23:43:56 2015 us=819209   route_script = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819231   route_default_gateway = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819252   route_default_metric = 0
Tue Feb 17 23:43:56 2015 us=819274   route_noexec = DISABLED
Tue Feb 17 23:43:56 2015 us=819295   route_delay = 0
Tue Feb 17 23:43:56 2015 us=819316   route_delay_window = 30
Tue Feb 17 23:43:56 2015 us=819337   route_delay_defined = DISABLED
Tue Feb 17 23:43:56 2015 us=819408   route_nopull = DISABLED
Tue Feb 17 23:43:56 2015 us=819441   route_gateway_via_dhcp = DISABLED
Tue Feb 17 23:43:56 2015 us=819473   max_routes = 100
Tue Feb 17 23:43:56 2015 us=819502   allow_pull_fqdn = DISABLED
Tue Feb 17 23:43:56 2015 us=819535   route 10.8.0.0/255.255.255.0/nil/nil
Tue Feb 17 23:43:56 2015 us=819568   management_addr = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819591   management_port = 0
Tue Feb 17 23:43:56 2015 us=819614   management_user_pass = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819636   management_log_history_cache = 250
Tue Feb 17 23:43:56 2015 us=819658   management_echo_buffer_size = 100
Tue Feb 17 23:43:56 2015 us=819679   management_write_peer_info_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819701   management_client_user = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819728   management_client_group = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819750   management_flags = 0
Tue Feb 17 23:43:56 2015 us=819772   shared_secret_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=819793   key_direction = 0
Tue Feb 17 23:43:56 2015 us=819814   ciphername_defined = ENABLED
Tue Feb 17 23:43:56 2015 us=819835   ciphername = 'BF-CBC'
Tue Feb 17 23:43:56 2015 us=819857   authname_defined = ENABLED
Tue Feb 17 23:43:56 2015 us=819879   authname = 'SHA1'
Tue Feb 17 23:43:56 2015 us=819900   prng_hash = 'SHA1'
Tue Feb 17 23:43:56 2015 us=819921   prng_nonce_secret_len = 16
Tue Feb 17 23:43:56 2015 us=819942   keysize = 0
Tue Feb 17 23:43:56 2015 us=819963   engine = DISABLED
Tue Feb 17 23:43:56 2015 us=819984   replay = ENABLED
Tue Feb 17 23:43:56 2015 us=820005   mute_replay_warnings = DISABLED
Tue Feb 17 23:43:56 2015 us=820026   replay_window = 64
Tue Feb 17 23:43:56 2015 us=820047   replay_time = 15
Tue Feb 17 23:43:56 2015 us=820068   packet_id_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820089   use_iv = ENABLED
Tue Feb 17 23:43:56 2015 us=820110   test_crypto = DISABLED
Tue Feb 17 23:43:56 2015 us=820138   tls_server = ENABLED
Tue Feb 17 23:43:56 2015 us=820169   tls_client = DISABLED
Tue Feb 17 23:43:56 2015 us=820198   key_method = 2
Tue Feb 17 23:43:56 2015 us=820230   ca_file = '/etc/openvpn/easy-rsa/2.0/keys/ca.crt'
Tue Feb 17 23:43:56 2015 us=820262   ca_path = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820293   dh_file = '/etc/openvpn/easy-rsa/2.0/keys/dh1024.pem'
Tue Feb 17 23:43:56 2015 us=820327   cert_file = '/etc/openvpn/easy-rsa/2.0/keys/server.crt'
Tue Feb 17 23:43:56 2015 us=820423   priv_key_file = '/etc/openvpn/easy-rsa/2.0/keys/server.key'
Tue Feb 17 23:43:56 2015 us=820458   pkcs12_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820488   cipher_list = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820522   tls_verify = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820550   tls_export_cert = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820576   verify_x509_type = 0
Tue Feb 17 23:43:56 2015 us=820605   verify_x509_name = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820636   crl_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=820665   ns_cert_type = 0
Tue Feb 17 23:43:56 2015 us=820695   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820718   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820739   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820760   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820781   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820803   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820824   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820844   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820865   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820885   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820906   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820927   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820947   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820968   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=820988   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=821009   remote_cert_ku[i] = 0
Tue Feb 17 23:43:56 2015 us=821030   remote_cert_eku = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=821051   ssl_flags = 0
Tue Feb 17 23:43:56 2015 us=821073   tls_timeout = 2
Tue Feb 17 23:43:56 2015 us=821094   renegotiate_bytes = 0
Tue Feb 17 23:43:56 2015 us=821116   renegotiate_packets = 0
Tue Feb 17 23:43:56 2015 us=821138   renegotiate_seconds = 3600
Tue Feb 17 23:43:56 2015 us=821159   handshake_window = 60
Tue Feb 17 23:43:56 2015 us=821181   transition_window = 3600
Tue Feb 17 23:43:56 2015 us=821202   single_session = DISABLED
Tue Feb 17 23:43:56 2015 us=821224   push_peer_info = DISABLED
Tue Feb 17 23:43:56 2015 us=821246   tls_exit = DISABLED
Tue Feb 17 23:43:56 2015 us=821268   tls_auth_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=821290   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821312   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821334   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821356   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821424   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821456   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821486   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821515   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821545   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821574   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821603   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821634   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821664   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821692   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821722   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821751   pkcs11_protected_authentication = DISABLED
Tue Feb 17 23:43:56 2015 us=821782   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=821811   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=821840   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=821869   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=821900   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=821929   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=821958   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=821991   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822020   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822043   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822065   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822087   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822108   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822130   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822152   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822173   pkcs11_private_mode = 00000000
Tue Feb 17 23:43:56 2015 us=822194   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822216   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822237   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822258   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822279   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822300   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822321   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822342   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822396   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822425   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822459   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822488   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822522   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822551   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822579   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822607   pkcs11_cert_private = DISABLED
Tue Feb 17 23:43:56 2015 us=822637   pkcs11_pin_cache_period = -1
Tue Feb 17 23:43:56 2015 us=822667   pkcs11_id = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=822696   pkcs11_id_management = DISABLED
Tue Feb 17 23:43:56 2015 us=822729   server_network = 10.8.0.0
Tue Feb 17 23:43:56 2015 us=822762   server_netmask = 255.255.255.0
Tue Feb 17 23:43:56 2015 us=822802   server_network_ipv6 = ::
Tue Feb 17 23:43:56 2015 us=822832   server_netbits_ipv6 = 0
Tue Feb 17 23:43:56 2015 us=822862   server_bridge_ip = 0.0.0.0
Tue Feb 17 23:43:56 2015 us=822894   server_bridge_netmask = 0.0.0.0
Tue Feb 17 23:43:56 2015 us=822925   server_bridge_pool_start = 0.0.0.0
Tue Feb 17 23:43:56 2015 us=822957   server_bridge_pool_end = 0.0.0.0
Tue Feb 17 23:43:56 2015 us=822987   push_entry = 'redirect-gateway def1'
Tue Feb 17 23:43:56 2015 us=823019   push_entry = 'dhcp-option DNS 8.8.8.8'
Tue Feb 17 23:43:56 2015 us=823049   push_entry = 'dhcp-option DNS 8.8.4.4'
Tue Feb 17 23:43:56 2015 us=823080   push_entry = 'route 10.8.0.1'
Tue Feb 17 23:43:56 2015 us=823112   push_entry = 'topology net30'
Tue Feb 17 23:43:56 2015 us=823142   push_entry = 'ping 5'
Tue Feb 17 23:43:56 2015 us=823175   push_entry = 'ping-restart 30'
Tue Feb 17 23:43:56 2015 us=823205   ifconfig_pool_defined = ENABLED
Tue Feb 17 23:43:56 2015 us=823237   ifconfig_pool_start = 10.8.0.4
Tue Feb 17 23:43:56 2015 us=823270   ifconfig_pool_end = 10.8.0.251
Tue Feb 17 23:43:56 2015 us=823296   ifconfig_pool_netmask = 0.0.0.0
Tue Feb 17 23:43:56 2015 us=823318   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=823340   ifconfig_pool_persist_refresh_freq = 600
Tue Feb 17 23:43:56 2015 us=823390   ifconfig_ipv6_pool_defined = DISABLED
Tue Feb 17 23:43:56 2015 us=823421   ifconfig_ipv6_pool_base = ::
Tue Feb 17 23:43:56 2015 us=823451   ifconfig_ipv6_pool_netbits = 0
Tue Feb 17 23:43:56 2015 us=823479   n_bcast_buf = 256
Tue Feb 17 23:43:56 2015 us=823509   tcp_queue_limit = 64
Tue Feb 17 23:43:56 2015 us=823537   real_hash_size = 256
Tue Feb 17 23:43:56 2015 us=823567   virtual_hash_size = 256
Tue Feb 17 23:43:56 2015 us=823596   client_connect_script = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=823624   learn_address_script = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=823652   client_disconnect_script = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=823675   client_config_dir = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=823697   ccd_exclusive = DISABLED
Tue Feb 17 23:43:56 2015 us=823719   tmp_dir = '/tmp'
Tue Feb 17 23:43:56 2015 us=823741   push_ifconfig_defined = DISABLED
Tue Feb 17 23:43:56 2015 us=823765   push_ifconfig_local = 0.0.0.0
Tue Feb 17 23:43:56 2015 us=823789   push_ifconfig_remote_netmask = 0.0.0.0
Tue Feb 17 23:43:56 2015 us=823811   push_ifconfig_ipv6_defined = DISABLED
Tue Feb 17 23:43:56 2015 us=823835   push_ifconfig_ipv6_local = ::/0
Tue Feb 17 23:43:56 2015 us=823858   push_ifconfig_ipv6_remote = ::
Tue Feb 17 23:43:56 2015 us=823880   enable_c2c = DISABLED
Tue Feb 17 23:43:56 2015 us=823902   duplicate_cn = DISABLED
Tue Feb 17 23:43:56 2015 us=823923   cf_max = 0
Tue Feb 17 23:43:56 2015 us=823944   cf_per = 0
Tue Feb 17 23:43:56 2015 us=823965   max_clients = 1024
Tue Feb 17 23:43:56 2015 us=823986   max_routes_per_client = 256
Tue Feb 17 23:43:56 2015 us=824008   auth_user_pass_verify_script = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=824031   auth_user_pass_verify_script_via_file = DISABLED
Tue Feb 17 23:43:56 2015 us=824053   port_share_host = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=824074   port_share_port = 0
Tue Feb 17 23:43:56 2015 us=824095   client = DISABLED
Tue Feb 17 23:43:56 2015 us=824116   pull = DISABLED
Tue Feb 17 23:43:56 2015 us=824137   auth_user_pass_file = '[UNDEF]'
Tue Feb 17 23:43:56 2015 us=824166 OpenVPN 2.3.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  2 2014
Tue Feb 17 23:43:56 2015 us=824197 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Tue Feb 17 23:43:56 2015 us=824293 PKCS#11: pkcs11_initialize - entered
Tue Feb 17 23:43:56 2015 us=824447 PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
Tue Feb 17 23:43:56 2015 us=826499 Diffie-Hellman initialized with 1024 bit key
Tue Feb 17 23:43:56 2015 us=826929 PRNG init md=SHA1 size=36
Tue Feb 17 23:43:56 2015 us=826961 MTU DYNAMIC mtu=0, flags=1, 0 -> 138
Tue Feb 17 23:43:56 2015 us=826975 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Feb 17 23:43:56 2015 us=826986 MTU DYNAMIC mtu=1450, flags=2, 1542 -> 1450
Tue Feb 17 23:43:56 2015 us=827010 Socket Buffers: R=[133120->131072] S=[133120->131072]
Tue Feb 17 23:43:56 2015 us=827131 ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Tue Feb 17 23:43:56 2015 us=827892 TUN/TAP device tun0 opened
Tue Feb 17 23:43:56 2015 us=827914 TUN/TAP TX queue length set to 100
Tue Feb 17 23:43:56 2015 us=827932 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Feb 17 23:43:56 2015 us=827963 /sbin/ip link set dev tun0 up mtu 1500
Tue Feb 17 23:43:56 2015 us=828583 PKCS#11: __pkcs11h_forkFixup entry pid=3902, activate_slotevent=1
Tue Feb 17 23:43:56 2015 us=828665 PKCS#11: __pkcs11h_forkFixup return
Tue Feb 17 23:43:56 2015 us=834446 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Tue Feb 17 23:43:56 2015 us=834863 PKCS#11: __pkcs11h_forkFixup entry pid=3906, activate_slotevent=1
Tue Feb 17 23:43:56 2015 us=834929 PKCS#11: __pkcs11h_forkFixup return
Tue Feb 17 23:43:56 2015 us=836068 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Tue Feb 17 23:43:56 2015 us=836366 PKCS#11: __pkcs11h_forkFixup entry pid=3907, activate_slotevent=1
Tue Feb 17 23:43:56 2015 us=836450 PKCS#11: __pkcs11h_forkFixup return
Tue Feb 17 23:43:56 2015 us=837141 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Feb 17 23:43:56 2015 us=837176 UDPv4 link local (bound): [undef]
Tue Feb 17 23:43:56 2015 us=837192 UDPv4 link remote: [undef]
Tue Feb 17 23:43:56 2015 us=837211 MULTI: multi_init called, r=256 v=256
Tue Feb 17 23:43:56 2015 us=837257 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Feb 17 23:43:56 2015 us=837284 PO_INIT maxevents=4 flags=0x00000002
Tue Feb 17 23:43:56 2015 us=837308 Initialization Sequence Completed
Tue Feb 17 23:43:56 2015 us=837321 SCHEDULE: schedule_find_least NULL
Tue Feb 17 23:43:56 2015 us=837339 PO_CTL rwflags=0x0001 ev=4 arg=0x0069c9e8
Tue Feb 17 23:43:56 2015 us=837352 PO_CTL rwflags=0x0001 ev=5 arg=0x0069c8c8
Tue Feb 17 23:43:56 2015 us=837372 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Feb 17 23:44:06 2015 us=847425  event_wait returned 0
Tue Feb 17 23:44:06 2015 us=847493 I/O WAIT status=0x0020
Tue Feb 17 23:44:06 2015 us=847530 MULTI: REAP range 0 -> 16
Tue Feb 17 23:44:06 2015 us=847733 SCHEDULE: schedule_find_least NULL
Tue Feb 17 23:44:06 2015 us=847759 PO_CTL rwflags=0x0001 ev=4 arg=0x0069c9e8
Tue Feb 17 23:44:06 2015 us=847781 PO_CTL rwflags=0x0001 ev=5 arg=0x0069c8c8
Tue Feb 17 23:44:06 2015 us=847810 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Feb 17 23:44:16 2015 us=857429  event_wait returned 0
Tue Feb 17 23:44:16 2015 us=857497 I/O WAIT status=0x0020
Tue Feb 17 23:44:16 2015 us=857522 MULTI: REAP range 16 -> 32
Tue Feb 17 23:44:16 2015 us=857546 SCHEDULE: schedule_find_least NULL
Tue Feb 17 23:44:16 2015 us=857570 PO_CTL rwflags=0x0001 ev=4 arg=0x0069c9e8
Tue Feb 17 23:44:16 2015 us=857592 PO_CTL rwflags=0x0001 ev=5 arg=0x0069c8c8
Tue Feb 17 23:44:16 2015 us=857620 I/O WAIT TR|Tw|SR|Sw [10/0]


C'est vrai que comme ça on peut plus facilement isoler les informations que dans la syslog.
0

Discussions similaires

Impossible de démarrer openvpn
Deathwing -
Deathwing -

6 réponses
[openvpn] démarrage et connexion automatique
tuxpux -
berrayahkamel -

7 réponses
problème en client openvpn
ikramiaa -
PrinceAlonzo -

5 réponses
[ VPN ] configurer OpenVPN et ROUTAGE Iptables
tom@ -
tom@ -

2 réponses
Echec de connexion de client au serveur openvpn
tamn142 -
brupala -

11 réponses
Acces au lan via OPENVPN
Max -
brupala -

23 réponses