Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN / Bekomme keine Verbindung

    Scheduled Pinned Locked Moved Deutsch
    10 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      S_Bobber
      last edited by

      Hallo,
      ich bekomme einfach keine Verbindung mit dem Server.
      Meine Konfiguration:
      FritzBox 7390 > Exposed Host zu pfsense (APU1.D4)

      Mon Jun 20 08:59:05 2016 us=531616 Current Parameter Settings:
Mon Jun 20 08:59:05 2016 us=532645   config = '/var/etc/openvpn/client1.conf'
Mon Jun 20 08:59:05 2016 us=532703   mode = 0
Mon Jun 20 08:59:05 2016 us=532803   show_ciphers = DISABLED
Mon Jun 20 08:59:05 2016 us=532866   show_digests = DISABLED
Mon Jun 20 08:59:05 2016 us=532964   show_engines = DISABLED
Mon Jun 20 08:59:05 2016 us=533061   genkey = DISABLED
Mon Jun 20 08:59:05 2016 us=533158   key_pass_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=533254   show_tls_ciphers = DISABLED
Mon Jun 20 08:59:05 2016 us=533336 Connection profiles [default]:
Mon Jun 20 08:59:05 2016 us=533433   proto = udp
Mon Jun 20 08:59:05 2016 us=533529   local = '192.168.1.1'
Mon Jun 20 08:59:05 2016 us=533579   local_port = 0
Mon Jun 20 08:59:05 2016 us=533675   remote = '193.138.222.252'
Mon Jun 20 08:59:05 2016 us=533770   remote_port = 1194
Mon Jun 20 08:59:05 2016 us=533820   remote_float = DISABLED
Mon Jun 20 08:59:05 2016 us=533871   bind_defined = DISABLED
Mon Jun 20 08:59:05 2016 us=533909   bind_local = ENABLED
Mon Jun 20 08:59:05 2016 us=533947   connect_retry_seconds = 5
Mon Jun 20 08:59:05 2016 us=533984   connect_timeout = 10
Mon Jun 20 08:59:05 2016 us=534022   connect_retry_max = 0
Mon Jun 20 08:59:05 2016 us=534060   socks_proxy_server = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=534098   socks_proxy_port = 0
Mon Jun 20 08:59:05 2016 us=534136   socks_proxy_retry = DISABLED
Mon Jun 20 08:59:05 2016 us=534173   tun_mtu = 1500
Mon Jun 20 08:59:05 2016 us=534210   tun_mtu_defined = ENABLED
Mon Jun 20 08:59:05 2016 us=534248   link_mtu = 1500
Mon Jun 20 08:59:05 2016 us=534286   link_mtu_defined = DISABLED
Mon Jun 20 08:59:05 2016 us=534323   tun_mtu_extra = 0
Mon Jun 20 08:59:05 2016 us=534360   tun_mtu_extra_defined = DISABLED
Mon Jun 20 08:59:05 2016 us=534398   mtu_discover_type = -1
Mon Jun 20 08:59:05 2016 us=534435   fragment = 0
Mon Jun 20 08:59:05 2016 us=534472   mssfix = 1450
Mon Jun 20 08:59:05 2016 us=534509   explicit_exit_notification = 0
Mon Jun 20 08:59:05 2016 us=534546 Connection profiles END
Mon Jun 20 08:59:05 2016 us=534583   remote_random = DISABLED
Mon Jun 20 08:59:05 2016 us=534621   ipchange = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=534658   dev = 'ovpnc1'
Mon Jun 20 08:59:05 2016 us=534694   dev_type = 'tun'
Mon Jun 20 08:59:05 2016 us=534732   dev_node = '/dev/tun1'
Mon Jun 20 08:59:05 2016 us=534769   lladdr = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=534806   topology = 1
Mon Jun 20 08:59:05 2016 us=534858   tun_ipv6 = ENABLED
Mon Jun 20 08:59:05 2016 us=534896   ifconfig_local = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=534934   ifconfig_remote_netmask = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=534971   ifconfig_noexec = DISABLED
Mon Jun 20 08:59:05 2016 us=535008   ifconfig_nowarn = DISABLED
Mon Jun 20 08:59:05 2016 us=535046   ifconfig_ipv6_local = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=535083   ifconfig_ipv6_netbits = 0
Mon Jun 20 08:59:05 2016 us=535121   ifconfig_ipv6_remote = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=535158   shaper = 0
Mon Jun 20 08:59:05 2016 us=535195   mtu_test = 0
Mon Jun 20 08:59:05 2016 us=535232   mlock = DISABLED
Mon Jun 20 08:59:05 2016 us=535270   keepalive_ping = 10
Mon Jun 20 08:59:05 2016 us=535307   keepalive_timeout = 60
Mon Jun 20 08:59:05 2016 us=535343   inactivity_timeout = 0
Mon Jun 20 08:59:05 2016 us=535381   ping_send_timeout = 10
Mon Jun 20 08:59:05 2016 us=535418   ping_rec_timeout = 60
Mon Jun 20 08:59:05 2016 us=535456   ping_rec_timeout_action = 2
Mon Jun 20 08:59:05 2016 us=535493   ping_timer_remote = ENABLED
Mon Jun 20 08:59:05 2016 us=535531   remap_sigusr1 = 0
Mon Jun 20 08:59:05 2016 us=535567   persist_tun = ENABLED
Mon Jun 20 08:59:05 2016 us=535605   persist_local_ip = DISABLED
Mon Jun 20 08:59:05 2016 us=535642   persist_remote_ip = DISABLED
Mon Jun 20 08:59:05 2016 us=535679   persist_key = ENABLED
Mon Jun 20 08:59:05 2016 us=535716   passtos = DISABLED
Mon Jun 20 08:59:05 2016 us=535754   resolve_retry_seconds = 1000000000
Mon Jun 20 08:59:05 2016 us=535791   username = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=535828   groupname = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=535957   chroot_dir = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=535997   cd_dir = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=536035   writepid = '/var/run/openvpn_client1.pid'
Mon Jun 20 08:59:05 2016 us=536073   up_script = '/usr/local/sbin/ovpn-linkup'
Mon Jun 20 08:59:05 2016 us=536111   down_script = '/usr/local/sbin/ovpn-linkdown'
Mon Jun 20 08:59:05 2016 us=536149   down_pre = DISABLED
Mon Jun 20 08:59:05 2016 us=536186   up_restart = DISABLED
Mon Jun 20 08:59:05 2016 us=536224   up_delay = DISABLED
Mon Jun 20 08:59:05 2016 us=536261   daemon = ENABLED
Mon Jun 20 08:59:05 2016 us=536298   inetd = 0
Mon Jun 20 08:59:05 2016 us=536335   log = ENABLED
Mon Jun 20 08:59:05 2016 us=536373   suppress_timestamps = DISABLED
Mon Jun 20 08:59:05 2016 us=536410   nice = 0
Mon Jun 20 08:59:05 2016 us=536447   verbosity = 6
Mon Jun 20 08:59:05 2016 us=536484   mute = 0
Mon Jun 20 08:59:05 2016 us=536522   gremlin = 0
Mon Jun 20 08:59:05 2016 us=536559   status_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=536597   status_file_version = 1
Mon Jun 20 08:59:05 2016 us=536635   status_file_update_freq = 60
Mon Jun 20 08:59:05 2016 us=536672   occ = ENABLED
Mon Jun 20 08:59:05 2016 us=536709   rcvbuf = 0
Mon Jun 20 08:59:05 2016 us=536746   sndbuf = 0
Mon Jun 20 08:59:05 2016 us=536783   sockflags = 0
Mon Jun 20 08:59:05 2016 us=536821   fast_io = DISABLED
Mon Jun 20 08:59:05 2016 us=536871   lzo = 7
Mon Jun 20 08:59:05 2016 us=536909   route_script = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=536947   route_default_gateway = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=536985   route_default_metric = 0
Mon Jun 20 08:59:05 2016 us=537022   route_noexec = DISABLED
Mon Jun 20 08:59:05 2016 us=537060   route_delay = 2
Mon Jun 20 08:59:05 2016 us=537098   route_delay_window = 30
Mon Jun 20 08:59:05 2016 us=537135   route_delay_defined = ENABLED
Mon Jun 20 08:59:05 2016 us=537174   route_nopull = DISABLED
Mon Jun 20 08:59:05 2016 us=537212   route_gateway_via_dhcp = DISABLED
Mon Jun 20 08:59:05 2016 us=537251   max_routes = 100
Mon Jun 20 08:59:05 2016 us=537288   allow_pull_fqdn = DISABLED
Mon Jun 20 08:59:05 2016 us=537327   [redirect_default_gateway local=0]
Mon Jun 20 08:59:05 2016 us=537367   management_addr = '/var/etc/openvpn/client1.sock'
Mon Jun 20 08:59:05 2016 us=537405   management_port = 0
Mon Jun 20 08:59:05 2016 us=537442   management_user_pass = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=537480   management_log_history_cache = 250
Mon Jun 20 08:59:05 2016 us=537518   management_echo_buffer_size = 100
Mon Jun 20 08:59:05 2016 us=537568   management_write_peer_info_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=537607   management_client_user = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=537645   management_client_group = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=537683   management_flags = 256
Mon Jun 20 08:59:05 2016 us=537721   shared_secret_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=537759   key_direction = 2
Mon Jun 20 08:59:05 2016 us=537797   ciphername_defined = ENABLED
Mon Jun 20 08:59:05 2016 us=537844   ciphername = 'AES-256-CBC'
Mon Jun 20 08:59:05 2016 us=537882   authname_defined = ENABLED
Mon Jun 20 08:59:05 2016 us=537920   authname = 'SHA1'
Mon Jun 20 08:59:05 2016 us=537958   prng_hash = 'SHA1'
Mon Jun 20 08:59:05 2016 us=537996   prng_nonce_secret_len = 16
Mon Jun 20 08:59:05 2016 us=538034   keysize = 0
Mon Jun 20 08:59:05 2016 us=538072   engine = DISABLED
Mon Jun 20 08:59:05 2016 us=538110   replay = ENABLED
Mon Jun 20 08:59:05 2016 us=538148   mute_replay_warnings = DISABLED
Mon Jun 20 08:59:05 2016 us=538186   replay_window = 64
Mon Jun 20 08:59:05 2016 us=538223   replay_time = 15
Mon Jun 20 08:59:05 2016 us=538261   packet_id_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538299   use_iv = ENABLED
Mon Jun 20 08:59:05 2016 us=538336   test_crypto = DISABLED
Mon Jun 20 08:59:05 2016 us=538374   tls_server = DISABLED
Mon Jun 20 08:59:05 2016 us=538412   tls_client = ENABLED
Mon Jun 20 08:59:05 2016 us=538450   key_method = 2
Mon Jun 20 08:59:05 2016 us=538488   ca_file = '/var/etc/openvpn/client1.ca'
Mon Jun 20 08:59:05 2016 us=538591   ca_path = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538630   dh_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538668   cert_file = '/var/etc/openvpn/client1.cert'
Mon Jun 20 08:59:05 2016 us=538707   extra_certs_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538745   priv_key_file = '/var/etc/openvpn/client1.key'
Mon Jun 20 08:59:05 2016 us=538784   pkcs12_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538822   cipher_list = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538872   tls_verify = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538910   tls_export_cert = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=538948   verify_x509_type = 0
Mon Jun 20 08:59:05 2016 us=538986   verify_x509_name = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=539024   crl_file = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=539062   ns_cert_type = 1
Mon Jun 20 08:59:05 2016 us=539099   remote_cert_ku[i] = 160
Mon Jun 20 08:59:05 2016 us=539137   remote_cert_ku[i] = 136
Mon Jun 20 08:59:05 2016 us=539174   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539212   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539249   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539287   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539324   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539361   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539399   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539437   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539474   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539512   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539549   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539586   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539623   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539660   remote_cert_ku[i] = 0
Mon Jun 20 08:59:05 2016 us=539698   remote_cert_eku = 'TLS Web Server Authentication'
Mon Jun 20 08:59:05 2016 us=539736   ssl_flags = 0
Mon Jun 20 08:59:05 2016 us=539774   tls_timeout = 2
Mon Jun 20 08:59:05 2016 us=539811   renegotiate_bytes = 0
Mon Jun 20 08:59:05 2016 us=539860   renegotiate_packets = 0
Mon Jun 20 08:59:05 2016 us=539898   renegotiate_seconds = 3600
Mon Jun 20 08:59:05 2016 us=539936   handshake_window = 60
Mon Jun 20 08:59:05 2016 us=539974   transition_window = 3600
Mon Jun 20 08:59:05 2016 us=540012   single_session = DISABLED
Mon Jun 20 08:59:05 2016 us=540049   push_peer_info = DISABLED
Mon Jun 20 08:59:05 2016 us=540087   tls_exit = DISABLED
Mon Jun 20 08:59:05 2016 us=540125   tls_auth_file = '/var/etc/openvpn/client1.tls-auth'
Mon Jun 20 08:59:05 2016 us=540226   server_network = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=540316   server_netmask = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=540409   server_network_ipv6 = ::
Mon Jun 20 08:59:05 2016 us=540449   server_netbits_ipv6 = 0
Mon Jun 20 08:59:05 2016 us=540539   server_bridge_ip = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=540581   server_bridge_netmask = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=540672   server_bridge_pool_start = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=540713   server_bridge_pool_end = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=540752   ifconfig_pool_defined = DISABLED
Mon Jun 20 08:59:05 2016 us=540841   ifconfig_pool_start = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=540942   ifconfig_pool_end = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=541031   ifconfig_pool_netmask = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=541071   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=541108   ifconfig_pool_persist_refresh_freq = 600
Mon Jun 20 08:59:05 2016 us=541147   ifconfig_ipv6_pool_defined = DISABLED
Mon Jun 20 08:59:05 2016 us=541188   ifconfig_ipv6_pool_base = ::
Mon Jun 20 08:59:05 2016 us=541226   ifconfig_ipv6_pool_netbits = 0
Mon Jun 20 08:59:05 2016 us=541263   n_bcast_buf = 256
Mon Jun 20 08:59:05 2016 us=541301   tcp_queue_limit = 64
Mon Jun 20 08:59:05 2016 us=541339   real_hash_size = 256
Mon Jun 20 08:59:05 2016 us=541376   virtual_hash_size = 256
Mon Jun 20 08:59:05 2016 us=541415   client_connect_script = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=541452   learn_address_script = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=541552   client_disconnect_script = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=541593   client_config_dir = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=541630   ccd_exclusive = DISABLED
Mon Jun 20 08:59:05 2016 us=541668   tmp_dir = '/tmp'
Mon Jun 20 08:59:05 2016 us=541705   push_ifconfig_defined = DISABLED
Mon Jun 20 08:59:05 2016 us=541747   push_ifconfig_local = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=541852   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jun 20 08:59:05 2016 us=541892   push_ifconfig_ipv6_defined = DISABLED
Mon Jun 20 08:59:05 2016 us=541982   push_ifconfig_ipv6_local = ::/0
Mon Jun 20 08:59:05 2016 us=542023   push_ifconfig_ipv6_remote = ::
Mon Jun 20 08:59:05 2016 us=542112   enable_c2c = DISABLED
Mon Jun 20 08:59:05 2016 us=542150   duplicate_cn = DISABLED
Mon Jun 20 08:59:05 2016 us=542189   cf_max = 0
Mon Jun 20 08:59:05 2016 us=542227   cf_per = 0
Mon Jun 20 08:59:05 2016 us=542264   max_clients = 1024
Mon Jun 20 08:59:05 2016 us=542303   max_routes_per_client = 256
Mon Jun 20 08:59:05 2016 us=542342   auth_user_pass_verify_script = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=542380   auth_user_pass_verify_script_via_file = DISABLED
Mon Jun 20 08:59:05 2016 us=542418   port_share_host = '[UNDEF]'
Mon Jun 20 08:59:05 2016 us=542456   port_share_port = 0
Mon Jun 20 08:59:05 2016 us=542495   client = ENABLED
Mon Jun 20 08:59:05 2016 us=542532   pull = ENABLED
Mon Jun 20 08:59:05 2016 us=542571   auth_user_pass_file = '/etc/openvpn-password.txt'
Mon Jun 20 08:59:05 2016 us=542672 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Mon Jun 20 08:59:05 2016 us=542772 library versions: OpenSSL 1.0.1s-freebsd  1 Mar 2016, LZO 2.09
Mon Jun 20 08:59:05 2016 us=542853 WARNING: file '/etc/openvpn-password.txt' is group or others accessible
Mon Jun 20 08:59:05 2016 us=545181 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Mon Jun 20 08:59:05 2016 us=545444 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jun 20 08:59:05 2016 us=549486 Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
Mon Jun 20 08:59:05 2016 us=549617 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 20 08:59:05 2016 us=549684 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 20 08:59:05 2016 us=549825 LZO compression initialized
Mon Jun 20 08:59:05 2016 us=550210 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Mon Jun 20 08:59:05 2016 us=550353 Socket Buffers: R=[42080->42080] S=[57344->57344]
Mon Jun 20 08:59:05 2016 us=550469 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Mon Jun 20 08:59:05 2016 us=550604 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jun 20 08:59:05 2016 us=550701 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jun 20 08:59:05 2016 us=550844 Local Options hash (VER=V4): '9e7066d2'
Mon Jun 20 08:59:05 2016 us=550980 Expected Remote Options hash (VER=V4): '162b04de'
Mon Jun 20 08:59:05 2016 us=551133 UDPv4 link local (bound): [AF_INET]192.168.1.1
Mon Jun 20 08:59:05 2016 us=551196 UDPv4 link remote: [AF_INET]193.222.222.222:1194
Mon Jun 20 08:59:05 2016 us=551375 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Mon Jun 20 08:59:07 2016 us=843131 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Mon Jun 20 08:59:10 2016 us=617192 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Mon Jun 20 08:59:10 2016 us=617447 MANAGEMENT: CMD 'state 1'
Mon Jun 20 08:59:10 2016 us=617992 MANAGEMENT: Client disconnected
Mon Jun 20 08:59:11 2016 us=750093 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Mon Jun 20 08:59:19 2016 us=900037 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Mon Jun 20 08:59:35 2016 us=411536 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:00:05 2016 us=50084 [UNDEF] Inactivity timeout (--ping-restart), restarting
Mon Jun 20 09:00:05 2016 us=50533 TCP/UDP: Closing socket
Mon Jun 20 09:00:05 2016 us=50652 SIGUSR1[soft,ping-restart] received, process restarting
Mon Jun 20 09:00:05 2016 us=50748 Restart pause, 2 second(s)
Mon Jun 20 09:00:07 2016 us=53985 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jun 20 09:00:07 2016 us=54131 Re-using SSL/TLS context
Mon Jun 20 09:00:07 2016 us=54272 LZO compression initialized
Mon Jun 20 09:00:07 2016 us=54570 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Mon Jun 20 09:00:07 2016 us=54715 Socket Buffers: R=[42080->42080] S=[57344->57344]
Mon Jun 20 09:00:07 2016 us=54852 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Mon Jun 20 09:00:07 2016 us=54985 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jun 20 09:00:07 2016 us=55076 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jun 20 09:00:07 2016 us=55194 Local Options hash (VER=V4): '9e7066d2'
Mon Jun 20 09:00:07 2016 us=55303 Expected Remote Options hash (VER=V4): '162b04de'
Mon Jun 20 09:00:07 2016 us=55399 UDPv4 link local (bound): [AF_INET]192.168.1.1
Mon Jun 20 09:00:07 2016 us=55494 UDPv4 link remote: [AF_INET]193.222.222.222:1194
Mon Jun 20 09:00:07 2016 us=55644 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:00:09 2016 us=300112 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:00:13 2016 us=788064 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:00:21 2016 us=972569 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:00:37 2016 us=939435 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:01:07 2016 us=627045 [UNDEF] Inactivity timeout (--ping-restart), restarting
Mon Jun 20 09:01:07 2016 us=627340 TCP/UDP: Closing socket
Mon Jun 20 09:01:07 2016 us=627498 SIGUSR1[soft,ping-restart] received, process restarting
Mon Jun 20 09:01:07 2016 us=627610 Restart pause, 2 second(s)
Mon Jun 20 09:01:09 2016 us=630002 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jun 20 09:01:09 2016 us=630134 Re-using SSL/TLS context
Mon Jun 20 09:01:09 2016 us=630274 LZO compression initialized
Mon Jun 20 09:01:09 2016 us=630538 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Mon Jun 20 09:01:09 2016 us=630682 Socket Buffers: R=[42080->42080] S=[57344->57344]
Mon Jun 20 09:01:09 2016 us=630820 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Mon Jun 20 09:01:09 2016 us=630966 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jun 20 09:01:09 2016 us=631009 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jun 20 09:01:09 2016 us=631169 Local Options hash (VER=V4): '9e7066d2'
Mon Jun 20 09:01:09 2016 us=631281 Expected Remote Options hash (VER=V4): '162b04de'
Mon Jun 20 09:01:09 2016 us=631393 UDPv4 link local (bound): [AF_INET]192.168.1.1
Mon Jun 20 09:01:09 2016 us=631488 UDPv4 link remote: [AF_INET]193.222.222.222:1194
Mon Jun 20 09:01:09 2016 us=631639 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:01:12 2016 us=95103 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:01:17 2016 us=20296 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Mon Jun 20 09:01:25 2016 us=16108 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0

![Interfaces.JPG](/public/_imported_attachments_/1/Interfaces.JPG)
![Interfaces.JPG_thumb](/public/_imported_attachments_/1/Interfaces.JPG_thumb)
![Routing.JPG](/public/_imported_attachments_/1/Routing.JPG)
![Routing.JPG_thumb](/public/_imported_attachments_/1/Routing.JPG_thumb)
![Rules_WAN.JPG](/public/_imported_attachments_/1/Rules_WAN.JPG)
![Rules_WAN.JPG_thumb](/public/_imported_attachments_/1/Rules_WAN.JPG_thumb)
![Rules_LAN.JPG](/public/_imported_attachments_/1/Rules_LAN.JPG)
![Rules_LAN.JPG_thumb](/public/_imported_attachments_/1/Rules_LAN.JPG_thumb)
![Nat.JPG](/public/_imported_attachments_/1/Nat.JPG)
![Nat.JPG_thumb](/public/_imported_attachments_/1/Nat.JPG_thumb)[/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        Hallo

        ich bekomme einfach keine Verbindung mit dem Server.

        Das ist keine sinnvolle Fehlerbeschreibung. So kann man einfach nicht helfen. Einfach nur Logs und Screenshots hier reinzuwürgen bringt nichts, wenn man sich nicht einmal 5min Zeit nimmt, das eigene Problem zu schildern. Ich lege ja auch nicht bei einem Problem mit meinem Staubsauger zwei Photos hin wie ich den angeschlossen hab und sag sonst nichts dazu.

        Sorry und Gruß

        Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • S
          S_Bobber
          last edited by

          Hallo,
          Sorry aber ich hatte gedacht das es so am besten ist die Infos über die Verbindung zu Posten.
          Ich versuche es halt schon seit Tagen und es will einfach nicht, keine Ahnung woran es liegt.
          Anbieter ist StrongVPN, da bekomme ich aber nur den ca.crt und ta.key (tls), keinen Certificate Private Key.
          Die Verbindung habe ich mit einem anderen OpenVPN Client getestet, funktioniert.
          Im Log steht:

          UDPv4 link local (bound): [AF_INET]192.168.70.100
          UDPv4 link remote: [AF_INET]193.222.222.222:1194

          pid=0 DATA len=0

          Ist doch ein Verbindungsproblem, oder?

          Hier mal die conf:

          dev ovpnc1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.70.100
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote 193.222.222.222 1194 (geändert)
ca /var/etc/openvpn/client1.ca 
cert /var/etc/openvpn/client1.cert 
key /var/etc/openvpn/client1.key 
tls-auth /var/etc/openvpn/client1.tls-auth 1
comp-lzo adaptive
resolv-retry infinite
log /var/etc/openvpn/log_vpn.txt
ns-cert-type server
auth-user-pass /etc/openvpn-password.txt
tls-auth /var/etc/openvpn/client1.tls-auth
verb 6

          openvpn_client1.JPG
          openvpn_client1.JPG_thumb
          openvpn_client2.JPG
          openvpn_client2.JPG_thumb
          openvpn_client3.JPG
          openvpn_client3.JPG_thumb
          strong_ca.JPG
          strong_ca.JPG_thumb

          1 Reply Last reply Reply Quote 0
          • JeGrJ
            JeGr LAYER 8 Moderator
            last edited by

            Anbieter ist StrongVPN, da bekomme ich aber nur den ca.crt und ta.key (tls), keinen Certificate Private Key.

            Stop. Meines Wissens nach bekommt man bei StrongVPN ein Bundle als ZIP. Siehe u.a.

            http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/

            da ist nicht nur ta.key und ca.crt drin, sondern logischerweise (ohne gehts ja nicht!) das Zertifikat und der Key für deinen eigenen VPN Client. Der muss sich ja mit einem Zertifikat ausweisen. Also wenn du nur die anfangs genannten 2 Files hast, dann fehlt dir für das Setup definitiv (zumindest IMHO) ein Teil der Konfiguration.

            Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 0
            • S
              S_Bobber
              last edited by

              In der Zip ist er leider nicht enthalten.
              Ich habe den Support mal angeschrieben, melde mich dann wieder.

              Gruß

              1 Reply Last reply Reply Quote 0
              • S
                S_Bobber
                last edited by

                Hallo,
                ich bekomme nur ca.crt, ta.key und die conf Datei für die Verbindung,
                damit funktioniert es ja auch auf der Dreambox über dem OpenVPN Plugin.

                Gruß

                1 Reply Last reply Reply Quote 0
                • JeGrJ
                  JeGr LAYER 8 Moderator
                  last edited by

                  StrongVPN selbst verweist unter

                  https://strongvpn.com/setup.html

                  auf

                  https://forum.pfsense.org/index.php?topic=29944.0

                  diesen Forenbeitrag und dort wird ganz klar ein Client Cert installiert. Vielleicht hat sich da auf Seiten StrongVPN was geändert, aber ohne kann ich mir nicht wirklich vorstellen, wie das via Client/Server VPN funktionieren soll. Oder wird dir ein User/Passwort Login mitgegeben?

                  Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                  If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                  1 Reply Last reply Reply Quote 0
                  • S
                    S_Bobber
                    last edited by

                    Danke für die Unterstützung, diese Howto kenne ich und so bin ich auch vorgegangen (soweit es geht)

                    Also da hat sich doch etwas geändert:

                    • User mit Passwort
                    • ca.cert
                    • ta.key

                    und die Verbindungseinstellungen

                    1 Reply Last reply Reply Quote 0
                    • S
                      S_Bobber
                      last edited by

                      So, habe nun neue conf-Dateien bekommen.
                      Zitat vom StrongVPN:

                      This account would not work on pfsense, you'd need to upgrade account to old type package (openvpn with static IP)

                      In der account.ovpn sind 4 unterschiedliche Ports mit der selben Remote-IP, außerdem liegen in dem Ordner noch ca.crt, open….crt, open...key und ta.key.

                      VPN-Verbindung kommt zustande, nur wie lenke ich es jetzt auf mein Lokales Netz?
                      Nat ist deaktiviert, wenn ich VPN aktiviere komme ich auf die FritzBox aber nicht weiter.

                      Ich komme jetzt einfach nicht weiter, bin für jede Hilfe Dankbar!

                      routing.JPG
                      routing.JPG_thumb
                      interfaces.JPG
                      interfaces.JPG_thumb
                      rules.JPG
                      rules.JPG_thumb
                      ![vpn rules.JPG](/public/imported_attachments/1/vpn rules.JPG)
                      ![vpn rules.JPG_thumb](/public/imported_attachments/1/vpn rules.JPG_thumb)
                      ![wan rules.JPG](/public/imported_attachments/1/wan rules.JPG)
                      ![wan rules.JPG_thumb](/public/imported_attachments/1/wan rules.JPG_thumb)

                      1 Reply Last reply Reply Quote 0
                      • M
                        Marvho
                        last edited by

                        Du musst die Verbindung vom VPN Provider natürlich noch auf dein LAN Natten, damit auch alleine deine Rechner die VPN Verbindung nutzen können.

                        Die ganzen Pass Rules würde ich erst mal rausnehmen. (Außer beim LAN natürlich.)

                        Dann schaust du dir mal das an : https://www.infotechwerx.com/blog/Creating-Policy-Route-to-Send-All-Traffic-Host-Through-OpenVPN

                        Dort siehst du, dass du noch die Outbound NAT Regel für das VPN erstellen musst. Sobald getan sollte eigentlich alles glatt laufen.

                        Grüße

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.