caiusjuliuscaesar
Anmeldungsdatum: 20. Januar 2009
Beiträge: 307
|
Hallo, ich habe meinen OVPN Server aufgesetzt, mit esyrsa3 und nach dem Wiki in in ubuntuusers:. Wenn ich mit von meinem Windows-Client verbinde, stockt der Verbindungsaufbau nach folgenden Zeilen: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30 | Wed Jan 5 18:58:01 2022 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Wed Jan 5 18:58:01 2022 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
Wed Jan 5 18:58:01 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Wed Jan 5 18:58:01 2022 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Wed Jan 5 18:58:01 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25346
Wed Jan 5 18:58:01 2022 Need hold release from management interface, waiting...
Wed Jan 5 18:58:01 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25346
Wed Jan 5 18:58:01 2022 MANAGEMENT: CMD 'state on'
Wed Jan 5 18:58:01 2022 MANAGEMENT: CMD 'log all on'
Wed Jan 5 18:58:01 2022 MANAGEMENT: CMD 'echo all on'
Wed Jan 5 18:58:01 2022 MANAGEMENT: CMD 'bytecount 5'
Wed Jan 5 18:58:01 2022 MANAGEMENT: CMD 'hold off'
Wed Jan 5 18:58:01 2022 MANAGEMENT: CMD 'hold release'
Wed Jan 5 18:58:01 2022 MANAGEMENT: >STATE:1641405481,RESOLVE,,,,,,
Wed Jan 5 18:58:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]83.135.194.4:1194
Wed Jan 5 18:58:03 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 5 18:58:03 2022 UDP link local: (not bound)
Wed Jan 5 18:58:03 2022 UDP link remote: [AF_INET]83.135.194.4:1194
Wed Jan 5 18:58:03 2022 MANAGEMENT: >STATE:1641405483,WAIT,,,,,,
Wed Jan 5 18:59:03 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 5 18:59:03 2022 TLS Error: TLS handshake failed
Wed Jan 5 18:59:03 2022 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 5 18:59:03 2022 MANAGEMENT: >STATE:1641405543,RECONNECTING,tls-error,,,,,
Wed Jan 5 18:59:03 2022 Restart pause, 5 second(s)
Wed Jan 5 18:59:08 2022 MANAGEMENT: >STATE:1641405548,RESOLVE,,,,,,
Wed Jan 5 18:59:09 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]83.135.194.4:1194
Wed Jan 5 18:59:09 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 5 18:59:09 2022 UDP link local: (not bound)
Wed Jan 5 18:59:09 2022 UDP link remote: [AF_INET]83.135.194.4:1194
Wed Jan 5 18:59:09 2022 MANAGEMENT: >STATE:1641405549,WAIT,,,,,,
|
Die Server.conf: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 | ;local a.b.c.d
port 1194
proto udp
dev tun
ca /etc/openvpn/openvpn/pki/ca.crt
cert /etc/openvpn/openvpn/pki/issued/openvpn-server.crt
key /etc/openvpn/openvpn/pki/private/openvpn-server.key # This file should be kept secret
dh /etc/openvpn/openvpn/pki/dh.pem # EASYRSA_KEY_SIZE 8192
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.0.1"
push "route 192.168.0.0 255.255.255.0"
#cipher AES-256-CBC
user openvpn
group openvpn
persist-key
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
keepalive 10 120
mute 20
explicit-exit-notify 1
|
Die Client.conf: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | client
dev tun
proto udp
remote dyndns.adresse.com 1194
remote-cert-tls server
resolv-retry infinite
data-ciphers-fallback 'AES-256-CBC'
nobind
persist-key
persist-tun
ca "./BOca.crt"
cert "./MRvornamenachname.crt"
key "./MRvornamenachname.key"
comp-lzo
verb 3
float
|
Offensichtlich kommt es zu einem "TLS Error: TLS key negotiation failed". Sieht jemand einen offensichtlichen Fehler oder Widerspruch in den Konfigdateien?
Was könnte ich testen, um dem Fehler auf die Spur zu kommen? Gruß, CJC
|
caiusjuliuscaesar
(Themenstarter)
Anmeldungsdatum: 20. Januar 2009
Beiträge: 307
|
Also, ich habe jetzt bei der server.conf und der client.conf
die Zeilen
und
auskommentiert.
Einen Schritt weiter:
Der Windows-Client konnektiert, wird grün, aber ping auf 10.8.0.1 (OVPN Server?), 192.168.0.100 (OVPN-Server) und 192.168.0.1 (Fritzbox-Gateway) schlagen fehl, natürlich auch kein Internet. Client -Log:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128 | Thu Jan 6 21:57:34 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 521 bit EC, curve secp521r1, signature: ecdsa-with-SHA512
Thu Jan 6 21:57:34 2022 [Celsius-Server] Peer Connection Initiated with [AF_INET]83.135.194.4:1194
Thu Jan 6 21:57:34 2022 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM'
Thu Jan 6 21:57:34 2022 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 6 21:57:34 2022 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jan 6 21:57:34 2022 OPTIONS IMPORT: route options modified
Thu Jan 6 21:57:34 2022 OPTIONS IMPORT: peer-id set
Thu Jan 6 21:57:34 2022 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu Jan 6 21:57:34 2022 OPTIONS IMPORT: data channel crypto options modified
Thu Jan 6 21:57:34 2022 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jan 6 21:57:34 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 21:57:34 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 21:57:34 2022 interactive service msg_channel=580
Thu Jan 6 21:57:34 2022 open_tun
Thu Jan 6 21:57:34 2022 tap-windows6 device [LAN-Verbindung] opened
Thu Jan 6 21:57:34 2022 TAP-Windows Driver Version 9.24
Thu Jan 6 21:57:34 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {918D29C5-D19F-40DD-8248-24FC4301DFD8} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Thu Jan 6 21:57:34 2022 Successful ARP Flush on interface [15] {918D29C5-D19F-40DD-8248-24FC4301DFD8}
Thu Jan 6 21:57:34 2022 MANAGEMENT: >STATE:1641502654,ASSIGN_IP,,10.8.0.6,,,,
Thu Jan 6 21:57:34 2022 IPv4 MTU set to 1500 on interface 15 using service
Thu Jan 6 21:57:39 2022 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Jan 6 21:57:39 2022 C:\WINDOWS\system32\route.exe ADD 83.135.194.4 MASK 255.255.255.255 192.168.178.1
Thu Jan 6 21:57:39 2022 Route addition via service succeeded
Thu Jan 6 21:57:39 2022 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Jan 6 21:57:39 2022 Route addition via service succeeded
Thu Jan 6 21:57:39 2022 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Jan 6 21:57:39 2022 Route addition via service succeeded
Thu Jan 6 21:57:39 2022 MANAGEMENT: >STATE:1641502659,ADD_ROUTES,,,,,,
Thu Jan 6 21:57:39 2022 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.8.0.5
Thu Jan 6 21:57:39 2022 Route addition via service succeeded
Thu Jan 6 21:57:39 2022 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Jan 6 21:57:39 2022 Route addition via service succeeded
Thu Jan 6 21:57:39 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jan 6 21:57:39 2022 Initialization Sequence Completed
Thu Jan 6 21:57:39 2022 MANAGEMENT: >STATE:1641502659,CONNECTED,SUCCESS,10.8.0.6,83.135.194.4,1194,,
Thu Jan 6 21:59:34 2022 [Celsius-Server] Inactivity timeout (--ping-restart), restarting
Thu Jan 6 21:59:34 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 6 21:59:34 2022 MANAGEMENT: >STATE:1641502774,RECONNECTING,ping-restart,,,,,
Thu Jan 6 21:59:34 2022 Restart pause, 5 second(s)
Thu Jan 6 21:59:39 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 6 21:59:39 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]83.135.194.4:1194
Thu Jan 6 21:59:39 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 6 21:59:39 2022 UDP link local: (not bound)
Thu Jan 6 21:59:39 2022 UDP link remote: [AF_INET]83.135.194.4:1194
Thu Jan 6 21:59:39 2022 MANAGEMENT: >STATE:1641502779,WAIT,,,,,,
Thu Jan 6 21:59:39 2022 MANAGEMENT: >STATE:1641502779,AUTH,,,,,,
Thu Jan 6 21:59:39 2022 TLS: Initial packet from [AF_INET]83.135.194.4:1194, sid=89c322e5 a6a87627
Thu Jan 6 21:59:39 2022 VERIFY OK: depth=1, C=DE, ST=Berlin, L=Berlin, O=RETIARIA, OU=RETIARIA, CN=Easy-RSA CA, emailAddress=and.alef@gmail.com
Thu Jan 6 21:59:39 2022 VERIFY OK: depth=0, C=DE, ST=Berlin, L=Berlin, O=RETIARIA, OU=RETIARIA, CN=Celsius-Server, emailAddress=and.alef@gmail.com
Thu Jan 6 21:59:39 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Thu Jan 6 21:59:39 2022 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Jan 6 21:59:39 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 521 bit EC, curve secp521r1, signature: ecdsa-with-SHA512
Thu Jan 6 21:59:39 2022 [Celsius-Server] Peer Connection Initiated with [AF_INET]83.135.194.4:1194
Thu Jan 6 21:59:39 2022 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Thu Jan 6 21:59:39 2022 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 6 21:59:39 2022 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jan 6 21:59:39 2022 OPTIONS IMPORT: route options modified
Thu Jan 6 21:59:39 2022 OPTIONS IMPORT: peer-id set
Thu Jan 6 21:59:39 2022 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu Jan 6 21:59:39 2022 OPTIONS IMPORT: data channel crypto options modified
Thu Jan 6 21:59:39 2022 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jan 6 21:59:39 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 21:59:39 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 21:59:39 2022 Preserving previous TUN/TAP instance: LAN-Verbindung
Thu Jan 6 21:59:39 2022 Initialization Sequence Completed
Thu Jan 6 21:59:39 2022 MANAGEMENT: >STATE:1641502779,CONNECTED,SUCCESS,10.8.0.6,83.135.194.4,1194,,
Thu Jan 6 22:01:39 2022 [Celsius-Server] Inactivity timeout (--ping-restart), restarting
Thu Jan 6 22:01:39 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 6 22:01:39 2022 MANAGEMENT: >STATE:1641502899,RECONNECTING,ping-restart,,,,,
Thu Jan 6 22:01:39 2022 Restart pause, 5 second(s)
Thu Jan 6 22:01:44 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 6 22:01:44 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]83.135.194.4:1194
Thu Jan 6 22:01:44 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 6 22:01:44 2022 UDP link local: (not bound)
Thu Jan 6 22:01:44 2022 UDP link remote: [AF_INET]83.135.194.4:1194
Thu Jan 6 22:01:44 2022 MANAGEMENT: >STATE:1641502904,WAIT,,,,,,
Thu Jan 6 22:01:44 2022 MANAGEMENT: >STATE:1641502904,AUTH,,,,,,
Thu Jan 6 22:01:44 2022 TLS: Initial packet from [AF_INET]83.135.194.4:1194, sid=3f1df4f5 1bee43d8
Thu Jan 6 22:01:44 2022 VERIFY OK: depth=1, C=DE, ST=Berlin, L=Berlin, O=RETIARIA, OU=RETIARIA, CN=Easy-RSA CA, emailAddress=and.alef@gmail.com
Thu Jan 6 22:01:44 2022 VERIFY OK: depth=0, C=DE, ST=Berlin, L=Berlin, O=RETIARIA, OU=RETIARIA, CN=Celsius-Server, emailAddress=and.alef@gmail.com
Thu Jan 6 22:01:44 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Thu Jan 6 22:01:44 2022 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Jan 6 22:01:44 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 521 bit EC, curve secp521r1, signature: ecdsa-with-SHA512
Thu Jan 6 22:01:44 2022 [Celsius-Server] Peer Connection Initiated with [AF_INET]83.135.194.4:1194
Thu Jan 6 22:01:44 2022 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM'
Thu Jan 6 22:01:44 2022 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 6 22:01:44 2022 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jan 6 22:01:44 2022 OPTIONS IMPORT: route options modified
Thu Jan 6 22:01:44 2022 OPTIONS IMPORT: peer-id set
Thu Jan 6 22:01:44 2022 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu Jan 6 22:01:44 2022 OPTIONS IMPORT: data channel crypto options modified
Thu Jan 6 22:01:44 2022 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jan 6 22:01:44 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 22:01:44 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 22:01:44 2022 Preserving previous TUN/TAP instance: LAN-Verbindung
Thu Jan 6 22:01:44 2022 Initialization Sequence Completed
Thu Jan 6 22:01:44 2022 MANAGEMENT: >STATE:1641502904,CONNECTED,SUCCESS,10.8.0.6,83.135.194.4,1194,,
Thu Jan 6 22:03:44 2022 [Celsius-Server] Inactivity timeout (--ping-restart), restarting
Thu Jan 6 22:03:44 2022 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jan 6 22:03:44 2022 MANAGEMENT: >STATE:1641503024,RECONNECTING,ping-restart,,,,,
Thu Jan 6 22:03:44 2022 Restart pause, 5 second(s)
Thu Jan 6 22:03:49 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 6 22:03:49 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]83.135.194.4:1194
Thu Jan 6 22:03:49 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 6 22:03:49 2022 UDP link local: (not bound)
Thu Jan 6 22:03:49 2022 UDP link remote: [AF_INET]83.135.194.4:1194
Thu Jan 6 22:03:49 2022 MANAGEMENT: >STATE:1641503029,WAIT,,,,,,
Thu Jan 6 22:03:49 2022 MANAGEMENT: >STATE:1641503029,AUTH,,,,,,
Thu Jan 6 22:03:49 2022 TLS: Initial packet from [AF_INET]83.135.194.4:1194, sid=b3931bd0 091938f5
Thu Jan 6 22:03:49 2022 VERIFY OK: depth=1, C=DE, ST=Berlin, L=Berlin, O=RETIARIA, OU=RETIARIA, CN=Easy-RSA CA, emailAddress=and.alef@gmail.com
Thu Jan 6 22:03:49 2022 VERIFY OK: depth=0, C=DE, ST=Berlin, L=Berlin, O=RETIARIA, OU=RETIARIA, CN=Celsius-Server, emailAddress=and.alef@gmail.com
Thu Jan 6 22:03:49 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Thu Jan 6 22:03:49 2022 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Jan 6 22:03:49 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 521 bit EC, curve secp521r1, signature: ecdsa-with-SHA512
Thu Jan 6 22:03:49 2022 [Celsius-Server] Peer Connection Initiated with [AF_INET]83.135.194.4:1194
Thu Jan 6 22:03:49 2022 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Thu Jan 6 22:03:49 2022 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 6 22:03:49 2022 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jan 6 22:03:49 2022 OPTIONS IMPORT: route options modified
Thu Jan 6 22:03:49 2022 OPTIONS IMPORT: peer-id set
Thu Jan 6 22:03:49 2022 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu Jan 6 22:03:49 2022 OPTIONS IMPORT: data channel crypto options modified
Thu Jan 6 22:03:49 2022 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jan 6 22:03:49 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 22:03:49 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jan 6 22:03:49 2022 Preserving previous TUN/TAP instance: LAN-Verbindung
Thu Jan 6 22:03:49 2022 Initialization Sequence Completed
Thu Jan 6 22:03:49 2022 MANAGEMENT: >STATE:1641503029,CONNECTED,SUCCESS,10.8.0.6,83.135.194.4,1194,,
|
Wo kann ich jetzt weitersuchen? Gruß, CJC
|