Bonsoir a tous, j'essaie d'installer open vpn, je sens que je suis pas loin. Mais il y a tjrs un bug... J'ai essayer pas mal de trucs. Sans réussir à le résoudre.
Ci dessous l'erreur sortie du log "openvpnas"
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 TLS: Initial packet from 78.193.18.42:51271, sid=71322587 639a7698'
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 Authenticate/Decrypt packet error: packet HMAC authentication failed'
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 TLS Error: incoming packet authentication failed from 78.193.18.42:512$
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 Fatal TLS error (check_tls_errors_co), restarting'
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 SIGUSR1[soft,tls-error] received, client-instance restarting'
et l'erreur d'openvpn sous windows 7 x64
Sun Dec 08 21:50:47 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Sun Dec 08 21:50:47 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Dec 08 21:50:47 2013 Need hold release from management interface, waiting...
Sun Dec 08 21:50:47 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'state on'
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'log all on'
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'hold off'
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'hold release'
Sun Dec 08 21:50:47 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Dec 08 21:50:47 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sun Dec 08 21:50:47 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 08 21:50:47 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 08 21:50:47 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Dec 08 21:50:47 2013 Attempting to establish TCP connection with [AF_INET]37.187.88.93:1194
Sun Dec 08 21:50:47 2013 MANAGEMENT: >STATE:1386535847,TCP_CONNECT,,,
Sun Dec 08 21:50:47 2013 TCP connection established with [AF_INET]37.187.88.93:1194
Sun Dec 08 21:50:47 2013 TCPv4_CLIENT link local: [undef]
Sun Dec 08 21:50:47 2013 TCPv4_CLIENT link remote: [AF_INET]37.187.88.93:1194
Sun Dec 08 21:50:47 2013 MANAGEMENT: >STATE:1386535847,WAIT,,,
Sun Dec 08 21:50:47 2013 Connection reset, restarting [0]
Sun Dec 08 21:50:47 2013 SIGUSR1[soft,connection-reset] received, process restarting
Sun Dec 08 21:50:47 2013 MANAGEMENT: >STATE:1386535847,RECONNECTING,connection-reset,,
Sun Dec 08 21:50:47 2013 Restart pause, 5 second(s)
Une erreur hmac tls.... bref en cherchant un peu j'ai vu qu'il y avait peut être moyen de la résoudre en touchant au tls-auth ta.key et key-direction. j'ai essayer un peu toute les possibilitée de 0 et 1 pour ces 2 lignes dans server.conf et client.conf mais toujours rien...
Je vous colle ci dessous mes config openvpn
serveur.conf
Serveur TCP/1194
#mode server
proto tcp
port 1194
dev tun
# Cles et certificats
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
# Reseau
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
# Securite
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo
# Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log
client.conf
Client
#client
dev tun
proto tcp-client
remote (mon ip) 1194
resolv-retry infinite
cipher AES-256-CBC
; client-config-dir ccd
# Cles
ca ca.crt
cert hugo.crt
key hugo.key
tls-auth ta.key 1
key-direction 0
# Securite
nobind
persist-key
persist-tun
comp-lzo
verb 3
Pour info j'ai suivit ce tuto, qui me semblait plutôt très clair.
http://blog.nicolargo.com/2010/10/installation-dun-serveur-openvpn-sous-debianubuntu.html
Voila en espérant que quelqu'un puisse me donner la main, car j'en ai marre de free qui galère a aller sur youtube et autre^^
Merci
Ci dessous l'erreur sortie du log "openvpnas"
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 TLS: Initial packet from 78.193.18.42:51271, sid=71322587 639a7698'
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 Authenticate/Decrypt packet error: packet HMAC authentication failed'
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 TLS Error: incoming packet authentication failed from 78.193.18.42:512$
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 Fatal TLS error (check_tls_errors_co), restarting'
2013-12-08 21:37:01+0100 [-] OVPN 1 OUT: 'Sun Dec 8 20:37:01 2013 78.193.18.42:51271 SIGUSR1[soft,tls-error] received, client-instance restarting'
et l'erreur d'openvpn sous windows 7 x64
Sun Dec 08 21:50:47 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Sun Dec 08 21:50:47 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Dec 08 21:50:47 2013 Need hold release from management interface, waiting...
Sun Dec 08 21:50:47 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'state on'
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'log all on'
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'hold off'
Sun Dec 08 21:50:47 2013 MANAGEMENT: CMD 'hold release'
Sun Dec 08 21:50:47 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Dec 08 21:50:47 2013 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sun Dec 08 21:50:47 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 08 21:50:47 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 08 21:50:47 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Dec 08 21:50:47 2013 Attempting to establish TCP connection with [AF_INET]37.187.88.93:1194
Sun Dec 08 21:50:47 2013 MANAGEMENT: >STATE:1386535847,TCP_CONNECT,,,
Sun Dec 08 21:50:47 2013 TCP connection established with [AF_INET]37.187.88.93:1194
Sun Dec 08 21:50:47 2013 TCPv4_CLIENT link local: [undef]
Sun Dec 08 21:50:47 2013 TCPv4_CLIENT link remote: [AF_INET]37.187.88.93:1194
Sun Dec 08 21:50:47 2013 MANAGEMENT: >STATE:1386535847,WAIT,,,
Sun Dec 08 21:50:47 2013 Connection reset, restarting [0]
Sun Dec 08 21:50:47 2013 SIGUSR1[soft,connection-reset] received, process restarting
Sun Dec 08 21:50:47 2013 MANAGEMENT: >STATE:1386535847,RECONNECTING,connection-reset,,
Sun Dec 08 21:50:47 2013 Restart pause, 5 second(s)
Une erreur hmac tls.... bref en cherchant un peu j'ai vu qu'il y avait peut être moyen de la résoudre en touchant au tls-auth ta.key et key-direction. j'ai essayer un peu toute les possibilitée de 0 et 1 pour ces 2 lignes dans server.conf et client.conf mais toujours rien...
Je vous colle ci dessous mes config openvpn
serveur.conf
Serveur TCP/1194
#mode server
proto tcp
port 1194
dev tun
# Cles et certificats
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
# Reseau
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
# Securite
user nobody
group nogroup
chroot /etc/openvpn/jail
persist-key
persist-tun
comp-lzo
# Log
verb 3
mute 20
status openvpn-status.log
log-append /var/log/openvpn.log
client.conf
Client
#client
dev tun
proto tcp-client
remote (mon ip) 1194
resolv-retry infinite
cipher AES-256-CBC
; client-config-dir ccd
# Cles
ca ca.crt
cert hugo.crt
key hugo.key
tls-auth ta.key 1
key-direction 0
# Securite
nobind
persist-key
persist-tun
comp-lzo
verb 3
Pour info j'ai suivit ce tuto, qui me semblait plutôt très clair.
http://blog.nicolargo.com/2010/10/installation-dun-serveur-openvpn-sous-debianubuntu.html
Voila en espérant que quelqu'un puisse me donner la main, car j'en ai marre de free qui galère a aller sur youtube et autre^^
Merci