Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problème tunnel OPENVPN

    Scheduled Pinned Locked Moved Français
    8 Posts 4 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Astina
      last edited by

      Bonjour,

      j'essaies de mettre en place un simple tunnel VPN sur mon PFsense....
      J'ai suivis plusieurs tuto mais sans succès!

      Les infos:

      • pfsense 2.4.5-RELEASE-p1
      • NAT sur routeur UDP1194, TCP443 vers WAN Pfsense
      • Lien DDNS OVH ping 100% OK
      • App officielle OpenVpn sur Android (testé également sur Iphone)
      • Suivit Wizard Pfsense pour création du tunnel

      Je précises que le AAA.AAA.AAA.AA est ma bonne IP publique et XXXXXX est mon nom de domaine qui ping à 100%

      2020-09-26 12:17:08 version officielle 0.7.21 fonctionnant sur samsung SM-G985F (exynos990), Android 10 (QP1A.190711.020) API 29, ABI arm64-v8a, (samsung/y2seea/y2s:10/QP1A.190711.020/G985FXXS4BTHH:user/release-keys)
2020-09-26 12:17:08 Création de la configuration…
2020-09-26 12:17:08 started Socket Thread
2020-09-26 12:17:08 État du réseau : CONNECTED LTE to MOBILE internet.proximus.be
2020-09-26 12:17:08 Debug state info: CONNECTED LTE to MOBILE internet.proximus.be, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2020-09-26 12:17:08 Debug state info: CONNECTED LTE to MOBILE internet.proximus.be, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2020-09-26 12:17:08 P:WARNING: linker: Warning: "/data/app/de.blinkt.openvpn-iFoiza3w5PqK99_7eZBeGQ==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
2020-09-26 12:17:08 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2020-09-26 12:17:08 Current Parameter Settings:
2020-09-26 12:17:08   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2020-09-26 12:17:08   mode = 0
2020-09-26 12:17:08   show_ciphers = DISABLED
2020-09-26 12:17:08   show_digests = DISABLED
2020-09-26 12:17:08   show_engines = DISABLED
2020-09-26 12:17:08   genkey = DISABLED
2020-09-26 12:17:08   genkey_filename = '[UNDEF]'
2020-09-26 12:17:08   key_pass_file = '[UNDEF]'
2020-09-26 12:17:08   show_tls_ciphers = DISABLED
2020-09-26 12:17:08   connect_retry_max = 0
2020-09-26 12:17:08 Connection profiles [0]:
2020-09-26 12:17:08   proto = udp
2020-09-26 12:17:08   local = '[UNDEF]'
2020-09-26 12:17:08   local_port = '[UNDEF]'
2020-09-26 12:17:08   remote = 'XXXXXXXXXXXXXX'
2020-09-26 12:17:08   remote_port = '1194'
2020-09-26 12:17:08   remote_float = DISABLED
2020-09-26 12:17:08   bind_defined = DISABLED
2020-09-26 12:17:08   bind_local = DISABLED
2020-09-26 12:17:08   bind_ipv6_only = DISABLED
2020-09-26 12:17:08   connect_retry_seconds = 2
2020-09-26 12:17:08   connect_timeout = 120
2020-09-26 12:17:08   socks_proxy_server = '[UNDEF]'
2020-09-26 12:17:08   socks_proxy_port = '[UNDEF]'
2020-09-26 12:17:08   tun_mtu = 1500
2020-09-26 12:17:08   tun_mtu_defined = ENABLED
2020-09-26 12:17:08   link_mtu = 1500
2020-09-26 12:17:08   link_mtu_defined = DISABLED
2020-09-26 12:17:08   tun_mtu_extra = 0
2020-09-26 12:17:08   tun_mtu_extra_defined = DISABLED
2020-09-26 12:17:08   mtu_discover_type = -1
2020-09-26 12:17:08   fragment = 0
2020-09-26 12:17:08   mssfix = 1450
2020-09-26 12:17:08   explicit_exit_notification = 0
2020-09-26 12:17:08   tls_auth_file = '[INLINE]'
2020-09-26 12:17:08   key_direction = 1
2020-09-26 12:17:08   tls_crypt_file = '[UNDEF]'
2020-09-26 12:17:08   tls_crypt_v2_file = '[UNDEF]'
2020-09-26 12:17:08 Connection profiles END
2020-09-26 12:17:08   remote_random = DISABLED
2020-09-26 12:17:08   ipchange = '[UNDEF]'
2020-09-26 12:17:08   dev = 'tun'
2020-09-26 12:17:08   dev_type = '[UNDEF]'
2020-09-26 12:17:08   dev_node = '[UNDEF]'
2020-09-26 12:17:08   lladdr = '[UNDEF]'
2020-09-26 12:17:08   topology = 1
2020-09-26 12:17:08   ifconfig_local = '[UNDEF]'
2020-09-26 12:17:08   ifconfig_remote_netmask = '[UNDEF]'
2020-09-26 12:17:08   ifconfig_noexec = DISABLED
2020-09-26 12:17:08   ifconfig_nowarn = ENABLED
2020-09-26 12:17:08   ifconfig_ipv6_local = '[UNDEF]'
2020-09-26 12:17:08   ifconfig_ipv6_netbits = 0
2020-09-26 12:17:08   ifconfig_ipv6_remote = '[UNDEF]'
2020-09-26 12:17:08   shaper = 0
2020-09-26 12:17:08   mtu_test = 0
2020-09-26 12:17:08   mlock = DISABLED
2020-09-26 12:17:08   keepalive_ping = 0
2020-09-26 12:17:08   keepalive_timeout = 0
2020-09-26 12:17:08   inactivity_timeout = 0
2020-09-26 12:17:08   ping_send_timeout = 0
2020-09-26 12:17:08   ping_rec_timeout = 0
2020-09-26 12:17:08   ping_rec_timeout_action = 0
2020-09-26 12:17:08   ping_timer_remote = DISABLED
2020-09-26 12:17:08   remap_sigusr1 = 0
2020-09-26 12:17:08   persist_tun = ENABLED
2020-09-26 12:17:08   persist_local_ip = DISABLED
2020-09-26 12:17:08   persist_remote_ip = DISABLED
2020-09-26 12:17:08   persist_key = DISABLED
2020-09-26 12:17:08   passtos = DISABLED
2020-09-26 12:17:08   resolve_retry_seconds = 1000000000
2020-09-26 12:17:08   resolve_in_advance = ENABLED
2020-09-26 12:17:08   username = '[UNDEF]'
2020-09-26 12:17:08   groupname = '[UNDEF]'
2020-09-26 12:17:08   chroot_dir = '[UNDEF]'
2020-09-26 12:17:08   cd_dir = '[UNDEF]'
2020-09-26 12:17:08   writepid = '[UNDEF]'
2020-09-26 12:17:08   up_script = '[UNDEF]'
2020-09-26 12:17:08   down_script = '[UNDEF]'
2020-09-26 12:17:08   down_pre = DISABLED
2020-09-26 12:17:08   up_restart = DISABLED
2020-09-26 12:17:08   up_delay = DISABLED
2020-09-26 12:17:08   daemon = DISABLED
2020-09-26 12:17:08   inetd = 0
2020-09-26 12:17:08   log = DISABLED
2020-09-26 12:17:08   suppress_timestamps = DISABLED
2020-09-26 12:17:08   machine_readable_output = ENABLED
2020-09-26 12:17:08   nice = 0
2020-09-26 12:17:08   verbosity = 4
2020-09-26 12:17:08   mute = 0
2020-09-26 12:17:08   gremlin = 0
2020-09-26 12:17:08   status_file = '[UNDEF]'
2020-09-26 12:17:08   status_file_version = 1
2020-09-26 12:17:08   status_file_update_freq = 60
2020-09-26 12:17:08   occ = ENABLED
2020-09-26 12:17:08   rcvbuf = 0
2020-09-26 12:17:08   sndbuf = 0
2020-09-26 12:17:08   sockflags = 0
2020-09-26 12:17:08   fast_io = DISABLED
2020-09-26 12:17:08   comp.alg = 2
2020-09-26 12:17:08   comp.flags = 1
2020-09-26 12:17:08   route_script = '[UNDEF]'
2020-09-26 12:17:08   route_default_gateway = '[UNDEF]'
2020-09-26 12:17:08   route_default_metric = 0
2020-09-26 12:17:08   route_noexec = DISABLED
2020-09-26 12:17:08   route_delay = 0
2020-09-26 12:17:08   route_delay_window = 30
2020-09-26 12:17:08   route_delay_defined = DISABLED
2020-09-26 12:17:08   route_nopull = DISABLED
2020-09-26 12:17:08   route_gateway_via_dhcp = DISABLED
2020-09-26 12:17:08   allow_pull_fqdn = DISABLED
2020-09-26 12:17:08   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2020-09-26 12:17:08   management_port = 'unix'
2020-09-26 12:17:08   management_user_pass = '[UNDEF]'
2020-09-26 12:17:08   management_log_history_cache = 250
2020-09-26 12:17:08   management_echo_buffer_size = 100
2020-09-26 12:17:08   management_write_peer_info_file = '[UNDEF]'
2020-09-26 12:17:08   management_client_user = '[UNDEF]'
2020-09-26 12:17:08   management_client_group = '[UNDEF]'
2020-09-26 12:17:08   management_flags = 16678
2020-09-26 12:17:08   shared_secret_file = '[UNDEF]'
2020-09-26 12:17:08   key_direction = 1
2020-09-26 12:17:08   ciphername = 'BF-CBC'
2020-09-26 12:17:08   ncp_enabled = ENABLED
2020-09-26 12:17:08   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2020-09-26 12:17:08   authname = 'SHA256'
2020-09-26 12:17:08   prng_hash = 'SHA1'
2020-09-26 12:17:08   prng_nonce_secret_len = 16
2020-09-26 12:17:08   keysize = 0
2020-09-26 12:17:08   engine = DISABLED
2020-09-26 12:17:08   replay = ENABLED
2020-09-26 12:17:08   mute_replay_warnings = DISABLED
2020-09-26 12:17:08   replay_window = 64
2020-09-26 12:17:08   replay_time = 15
2020-09-26 12:17:08   packet_id_file = '[UNDEF]'
2020-09-26 12:17:08   test_crypto = DISABLED
2020-09-26 12:17:08   tls_server = DISABLED
2020-09-26 12:17:08   tls_client = ENABLED
2020-09-26 12:17:08   ca_file = '[INLINE]'
2020-09-26 12:17:08   ca_path = '[UNDEF]'
2020-09-26 12:17:08   dh_file = '[UNDEF]'
2020-09-26 12:17:08   cert_file = '[INLINE]'
2020-09-26 12:17:08   extra_certs_file = '[UNDEF]'
2020-09-26 12:17:08   priv_key_file = '[INLINE]'
2020-09-26 12:17:08   pkcs12_file = '[UNDEF]'
2020-09-26 12:17:08   cipher_list = '[UNDEF]'
2020-09-26 12:17:08   cipher_list_tls13 = '[UNDEF]'
2020-09-26 12:17:08   tls_cert_profile = '[UNDEF]'
2020-09-26 12:17:08   tls_verify = '[UNDEF]'
2020-09-26 12:17:08   tls_export_cert = '[UNDEF]'
2020-09-26 12:17:08   verify_x509_type = 2
2020-09-26 12:17:08   verify_x509_name = 'XXXXXXXXXXXXXXXXXXXXXXXXX'
2020-09-26 12:17:08   crl_file = '[UNDEF]'
2020-09-26 12:17:08   ns_cert_type = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 65535
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_ku[i] = 0
2020-09-26 12:17:08   remote_cert_eku = 'TLS Web Client Authentication'
2020-09-26 12:17:08   ssl_flags = 0
2020-09-26 12:17:08   tls_timeout = 2
2020-09-26 12:17:08   renegotiate_bytes = -1
2020-09-26 12:17:08   renegotiate_packets = 0
2020-09-26 12:17:08   renegotiate_seconds = 3600
2020-09-26 12:17:08   handshake_window = 60
2020-09-26 12:17:08   transition_window = 3600
2020-09-26 12:17:08   single_session = DISABLED
2020-09-26 12:17:08   push_peer_info = DISABLED
2020-09-26 12:17:08   tls_exit = DISABLED
2020-09-26 12:17:08   tls_crypt_v2_metadata = '[UNDEF]'
2020-09-26 12:17:08   server_network = 0.0.0.0
2020-09-26 12:17:08   server_netmask = 0.0.0.0
2020-09-26 12:17:08   server_network_ipv6 = ::
2020-09-26 12:17:08   server_netbits_ipv6 = 0
2020-09-26 12:17:08   server_bridge_ip = 0.0.0.0
2020-09-26 12:17:08   server_bridge_netmask = 0.0.0.0
2020-09-26 12:17:08   server_bridge_pool_start = 0.0.0.0
2020-09-26 12:17:08   server_bridge_pool_end = 0.0.0.0
2020-09-26 12:17:08 0 secondes avant la prochaine tentative de connexion
2020-09-26 12:17:08   ifconfig_pool_defined = DISABLED
2020-09-26 12:17:08   ifconfig_pool_start = 0.0.0.0
2020-09-26 12:17:08   ifconfig_pool_end = 0.0.0.0
2020-09-26 12:17:08   ifconfig_pool_netmask = 0.0.0.0
2020-09-26 12:17:08   ifconfig_pool_persist_filename = '[UNDEF]'
2020-09-26 12:17:08   ifconfig_pool_persist_refresh_freq = 600
2020-09-26 12:17:08   ifconfig_ipv6_pool_defined = DISABLED
2020-09-26 12:17:08   ifconfig_ipv6_pool_base = ::
2020-09-26 12:17:08   ifconfig_ipv6_pool_netbits = 0
2020-09-26 12:17:08   n_bcast_buf = 256
2020-09-26 12:17:08   tcp_queue_limit = 64
2020-09-26 12:17:08   real_hash_size = 256
2020-09-26 12:17:08   virtual_hash_size = 256
2020-09-26 12:17:08   client_connect_script = '[UNDEF]'
2020-09-26 12:17:08   learn_address_script = '[UNDEF]'
2020-09-26 12:17:08   client_disconnect_script = '[UNDEF]'
2020-09-26 12:17:08   client_config_dir = '[UNDEF]'
2020-09-26 12:17:08   ccd_exclusive = DISABLED
2020-09-26 12:17:08   tmp_dir = '/data/data/de.blinkt.openvpn/cache'
2020-09-26 12:17:08   push_ifconfig_defined = DISABLED
2020-09-26 12:17:08   push_ifconfig_local = 0.0.0.0
2020-09-26 12:17:08   push_ifconfig_remote_netmask = 0.0.0.0
2020-09-26 12:17:08   push_ifconfig_ipv6_defined = DISABLED
2020-09-26 12:17:08   push_ifconfig_ipv6_local = ::/0
2020-09-26 12:17:08   push_ifconfig_ipv6_remote = ::
2020-09-26 12:17:08   enable_c2c = DISABLED
2020-09-26 12:17:08   duplicate_cn = DISABLED
2020-09-26 12:17:08   cf_max = 0
2020-09-26 12:17:08   cf_per = 0
2020-09-26 12:17:08   max_clients = 1024
2020-09-26 12:17:08   max_routes_per_client = 256
2020-09-26 12:17:08   auth_user_pass_verify_script = '[UNDEF]'
2020-09-26 12:17:08   auth_user_pass_verify_script_via_file = DISABLED
2020-09-26 12:17:08   auth_token_generate = DISABLED
2020-09-26 12:17:08   auth_token_lifetime = 0
2020-09-26 12:17:08   auth_token_secret_file = '[UNDEF]'
2020-09-26 12:17:08   port_share_host = '[UNDEF]'
2020-09-26 12:17:08   port_share_port = '[UNDEF]'
2020-09-26 12:17:08   vlan_tagging = DISABLED
2020-09-26 12:17:08   vlan_accept = all
2020-09-26 12:17:08   vlan_pvid = 1
2020-09-26 12:17:08   client = ENABLED
2020-09-26 12:17:08   pull = ENABLED
2020-09-26 12:17:08   auth_user_pass_file = 'stdin'
2020-09-26 12:17:08 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.20-0-g46ce6652] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 24 2020
2020-09-26 12:17:08 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
2020-09-26 12:17:08 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2020-09-26 12:17:08 MANAGEMENT: CMD 'version 3'
2020-09-26 12:17:08 MANAGEMENT: CMD 'hold release'
2020-09-26 12:17:08 MANAGEMENT: CMD 'username 'Auth' XXXXXXXXXXX'
2020-09-26 12:17:08 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:17:08 MANAGEMENT: CMD 'password [...]'
2020-09-26 12:17:08 MANAGEMENT: CMD 'state on'
2020-09-26 12:17:08 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:17:09 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:17:09 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:17:09 LZO compression initializing
2020-09-26 12:17:09 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:17:09 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:17:09 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:17:09 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:17:09 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:17:09 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:17:09 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:17:09 UDP link local: (not bound)
2020-09-26 12:17:09 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:17:09 MANAGEMENT: >STATE:1601115429,WAIT,,,,,,
2020-09-26 12:18:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:18:09 TLS Error: TLS handshake failed
2020-09-26 12:18:09 TCP/UDP: Closing socket
2020-09-26 12:18:09 SIGUSR1[soft,tls-error] received, process restarting
2020-09-26 12:18:09 MANAGEMENT: >STATE:1601115489,RECONNECTING,tls-error,,,,,
2020-09-26 12:18:09 2 secondes avant la prochaine tentative de connexion
2020-09-26 12:18:11 MANAGEMENT: CMD 'hold release'
2020-09-26 12:18:11 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:18:11 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:18:11 MANAGEMENT: CMD 'state on'
2020-09-26 12:18:12 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:18:12 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:18:12 LZO compression initializing
2020-09-26 12:18:12 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:18:12 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:18:12 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:18:12 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:18:12 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:18:12 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:18:12 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:18:12 UDP link local: (not bound)
2020-09-26 12:18:12 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:18:12 MANAGEMENT: >STATE:1601115492,WAIT,,,,,,
2020-09-26 12:19:13 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:19:13 TLS Error: TLS handshake failed
2020-09-26 12:19:13 TCP/UDP: Closing socket
2020-09-26 12:19:13 SIGUSR1[soft,tls-error] received, process restarting
2020-09-26 12:19:13 2 secondes avant la prochaine tentative de connexion
2020-09-26 12:19:13 MANAGEMENT: >STATE:1601115553,RECONNECTING,tls-error,,,,,
2020-09-26 12:19:15 MANAGEMENT: CMD 'hold release'
2020-09-26 12:19:15 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:19:15 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:19:15 MANAGEMENT: CMD 'state on'
2020-09-26 12:19:16 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:19:16 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:19:16 LZO compression initializing
2020-09-26 12:19:16 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:19:16 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:19:16 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:19:16 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:19:16 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:19:16 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:19:16 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:19:16 UDP link local: (not bound)
2020-09-26 12:19:16 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:19:16 MANAGEMENT: >STATE:1601115556,WAIT,,,,,,
2020-09-26 12:20:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:20:16 TLS Error: TLS handshake failed
2020-09-26 12:20:16 TCP/UDP: Closing socket
2020-09-26 12:20:16 SIGUSR1[soft,tls-error] received, process restarting
2020-09-26 12:20:16 MANAGEMENT: >STATE:1601115616,RECONNECTING,tls-error,,,,,
2020-09-26 12:20:16 2 secondes avant la prochaine tentative de connexion
2020-09-26 12:20:18 MANAGEMENT: CMD 'hold release'
2020-09-26 12:20:18 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:20:18 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:20:18 MANAGEMENT: CMD 'state on'
2020-09-26 12:20:19 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:20:19 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:20:19 LZO compression initializing
2020-09-26 12:20:19 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:20:19 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:20:19 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:20:19 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:20:19 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:20:19 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:20:19 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:20:19 UDP link local: (not bound)
2020-09-26 12:20:19 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:20:19 MANAGEMENT: >STATE:1601115619,WAIT,,,,,,
2020-09-26 12:21:19 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:21:19 TLS Error: TLS handshake failed
2020-09-26 12:21:19 TCP/UDP: Closing socket
2020-09-26 12:21:19 SIGUSR1[soft,tls-error] received, process restarting
2020-09-26 12:21:19 MANAGEMENT: >STATE:1601115679,RECONNECTING,tls-error,,,,,
2020-09-26 12:21:19 2 secondes avant la prochaine tentative de connexion
2020-09-26 12:21:21 MANAGEMENT: CMD 'hold release'
2020-09-26 12:21:21 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:21:21 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:21:21 MANAGEMENT: CMD 'state on'
2020-09-26 12:21:22 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:21:22 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:21:22 LZO compression initializing
2020-09-26 12:21:22 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:21:22 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:21:22 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:21:22 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:21:22 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:21:22 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:21:22 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:21:22 UDP link local: (not bound)
2020-09-26 12:21:22 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:21:22 MANAGEMENT: >STATE:1601115682,WAIT,,,,,,
2020-09-26 12:22:22 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:22:22 TLS Error: TLS handshake failed
2020-09-26 12:22:22 TCP/UDP: Closing socket
2020-09-26 12:22:22 SIGUSR1[soft,tls-error] received, process restarting
2020-09-26 12:22:22 MANAGEMENT: >STATE:1601115742,RECONNECTING,tls-error,,,,,
2020-09-26 12:22:22 4 secondes avant la prochaine tentative de connexion
2020-09-26 12:22:26 MANAGEMENT: CMD 'hold release'
2020-09-26 12:22:26 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:22:26 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:22:26 MANAGEMENT: CMD 'state on'
2020-09-26 12:22:27 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:22:27 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:22:27 LZO compression initializing
2020-09-26 12:22:27 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:22:27 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:22:27 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:22:27 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:22:27 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:22:27 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:22:28 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:22:28 UDP link local: (not bound)
2020-09-26 12:22:28 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:22:28 MANAGEMENT: >STATE:1601115748,WAIT,,,,,,
2020-09-26 12:23:28 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:23:28 TLS Error: TLS handshake failed
2020-09-26 12:23:28 TCP/UDP: Closing socket
2020-09-26 12:23:28 SIGUSR1[soft,tls-error] received, process restarting
2020-09-26 12:23:28 MANAGEMENT: >STATE:1601115808,RECONNECTING,tls-error,,,,,
2020-09-26 12:23:28 8 secondes avant la prochaine tentative de connexion
2020-09-26 12:23:36 MANAGEMENT: CMD 'hold release'
2020-09-26 12:23:36 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:23:36 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:23:36 MANAGEMENT: CMD 'state on'
2020-09-26 12:23:37 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:23:37 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:23:37 LZO compression initializing
2020-09-26 12:23:37 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:23:37 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:23:37 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:23:37 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:23:37 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:23:37 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:23:37 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:23:37 UDP link local: (not bound)
2020-09-26 12:23:37 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:23:37 MANAGEMENT: >STATE:1601115817,WAIT,,,,,,
2020-09-26 12:24:37 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:24:37 TLS Error: TLS handshake failed
2020-09-26 12:24:37 TCP/UDP: Closing socket
2020-09-26 12:24:37 SIGUSR1[soft,tls-error] received, process restarting
2020-09-26 12:24:37 MANAGEMENT: >STATE:1601115877,RECONNECTING,tls-error,,,,,
2020-09-26 12:24:37 16 secondes avant la prochaine tentative de connexion
2020-09-26 12:24:53 MANAGEMENT: CMD 'hold release'
2020-09-26 12:24:53 MANAGEMENT: CMD 'proxy NONE'
2020-09-26 12:24:53 MANAGEMENT: CMD 'bytecount 2'
2020-09-26 12:24:53 MANAGEMENT: CMD 'state on'
2020-09-26 12:24:54 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:24:54 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-09-26 12:24:54 LZO compression initializing
2020-09-26 12:24:54 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2020-09-26 12:24:54 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
2020-09-26 12:24:54 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
2020-09-26 12:24:54 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
2020-09-26 12:24:54 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:24:54 Socket Buffers: R=[245760->245760] S=[245760->245760]
2020-09-26 12:24:54 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2020-09-26 12:24:54 UDP link local: (not bound)
2020-09-26 12:24:54 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:24:54 MANAGEMENT: >STATE:1601115894,WAIT

      Je tournes en rond depuis une semaine, si une bonne âme pouvait m'aider ce serait super.

      @++

      A 1 Reply Last reply Reply Quote 0
      • A
        Astina @Astina
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • J
          jdh
          last edited by jdh

          NB : si vous masquez l'ip publique, pensez à masquer les certificats !!
          ----- BEGIN CERTIFICATE
          ........
          -----END CERTIFICATE

          Vous ne décrivez pas complètement votre infra ...

          Vous indiquez 'NAT sur routeur UDP1194' : je traduis : vous avez configuré le routeur pour faire un renvoi du trafic vers le WAN de pfSense (qui est donc en adressage privé).

          Etes vous certain que les config soient bien coordonnées : exemple LZO est-il activé des 2 côtés ?

          Avez vous une règle dans Firewall > Rules > onglet WAN pour accepter le flux udp/1194 ? C'est nécessaire et donc obligatoire.

          Les logs sont un peu trop verbeux (verb 3 serait suffisant).
          La seule info utile des logs est :
          2020-09-26 12:17:09 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
          2020-09-26 12:17:09 MANAGEMENT: >STATE:1601115429,WAIT,,,,,,
          2020-09-26 12:18:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
          2020-09-26 12:18:09 TLS Error: TLS handshake failed
          2020-09-26 12:18:09 TCP/UDP: Closing socket

          (Le 'check your network connectivity' est typique !)
          Ce que j'écris plus haut peut occasionner ce message.

          Perso, je commencerai par tester depuis un simple PC avant de passer à un smartphone, une fois opérationnel.

          Albert EINSTEIN : Si vous ne pouvez pas l'exprimer simplement, c'est que vous ne le comprenez pas assez bien. (If you can’t explain it simply, you don’t understand it well enough.)

          1 Reply Last reply Reply Quote 0
          • A
            Astina
            last edited by

            J'ai supprimé les certificats... (ici bien entendu...)

            la traduction de ma ligne NAT faites par vos soins est bonne.

            Comme je le disais dans le message, j'ai suivit le wizard donc bien entendu que la règle PFsense est ajoutée et en UDP

            Concernant le LZO non ce n'était pas configuré du côté serveur donc j'ai supprimé la ligne, merci.

            Mais le problème reste le même...

            PS: je n'ai pas d'autres pc hors LAN pour faire les premiers tests....

            1 Reply Last reply Reply Quote 0
            • kiokomanK
              kiokoman LAYER 8
              last edited by

              Vérifiez ici
              c'est tout ce que vous avez besoin
              https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 1
              • A
                Astina
                last edited by

                Merci pour la réponse, mais je suis déjà passé sur cette page.....

                Il doit y avoir une subtilité quelque part car je n'y arrive pas!

                Donc pour résumer les tâches faite:

                sur mon routeur règle NAT UDP1194 vers IP de PFsense

                sur PFsense:

                • règle firewall:
                  IPV4 UDP * * WAN address 1194(openVPN) * aucun

                • serveurs OpenVPN:
                  WAN UDP4/1194 10.20.30.0/24 Crypto:AES-128 CBC/SHA256 D-H Params: 2048 bits

                • certificat actif

                Si je PING mon domaine, j'obtiens bien mon IP publique

                1 Reply Last reply Reply Quote 0
                • J
                  jdh
                  last edited by jdh

                  Le wizard créé normalement ce qu'il faut, en effet (j'ai pu tester il y a peu, avant je faisais tout moi-même ...).
                  Vous avez vérifié, c'est bien.

                  Bien qu'il serait difficilement compréhensible que le renvoi fait depuis le routeur ne fonctionne pas, il faut maintenant tester avec un pc (portable ?) connecté au WAN (et avec l'adresse ip WAN au lieu du dns public !).

                  Si le pc fait monter OpenVPN, cela signifie que le pfSense est OK.
                  Il faudra ensuite tester depuis l'extérieur, pour finir par tester avec un smartphone.

                  Albert EINSTEIN : Si vous ne pouvez pas l'exprimer simplement, c'est que vous ne le comprenez pas assez bien. (If you can’t explain it simply, you don’t understand it well enough.)

                  1 Reply Last reply Reply Quote 0
                  • G
                    geds3169
                    last edited by

                    Question bête Astina,

                    Avez-vous regardé les .log quand le client essaye de se connecter au pfsense.

                    Je vous balance, ce que personnellement j'ai checké pour trouver ma panne.

                    Pour ma part l'adresse IP publique n'était pas a jour.

                    Dans un autre contexte, j'avais l'IP de mon réseau local à la place de la publique.

                    Je n'avais pas ouvert les ports sur la Livebox vers l'adresse du pfsense.

                    Cordialement

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.