Problème tunnel OPENVPN
-
Bonjour,
j'essaies de mettre en place un simple tunnel VPN sur mon PFsense....
J'ai suivis plusieurs tuto mais sans succès!Les infos:
- pfsense 2.4.5-RELEASE-p1
- NAT sur routeur UDP1194, TCP443 vers WAN Pfsense
- Lien DDNS OVH ping 100% OK
- App officielle OpenVpn sur Android (testé également sur Iphone)
- Suivit Wizard Pfsense pour création du tunnel
Je précises que le AAA.AAA.AAA.AA est ma bonne IP publique et XXXXXX est mon nom de domaine qui ping à 100%
2020-09-26 12:17:08 version officielle 0.7.21 fonctionnant sur samsung SM-G985F (exynos990), Android 10 (QP1A.190711.020) API 29, ABI arm64-v8a, (samsung/y2seea/y2s:10/QP1A.190711.020/G985FXXS4BTHH:user/release-keys) 2020-09-26 12:17:08 Création de la configuration… 2020-09-26 12:17:08 started Socket Thread 2020-09-26 12:17:08 État du réseau : CONNECTED LTE to MOBILE internet.proximus.be 2020-09-26 12:17:08 Debug state info: CONNECTED LTE to MOBILE internet.proximus.be, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2020-09-26 12:17:08 Debug state info: CONNECTED LTE to MOBILE internet.proximus.be, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2020-09-26 12:17:08 P:WARNING: linker: Warning: "/data/app/de.blinkt.openvpn-iFoiza3w5PqK99_7eZBeGQ==/lib/arm64/libovpnexec.so" is not a directory (ignoring) 2020-09-26 12:17:08 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2020-09-26 12:17:08 Current Parameter Settings: 2020-09-26 12:17:08 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf' 2020-09-26 12:17:08 mode = 0 2020-09-26 12:17:08 show_ciphers = DISABLED 2020-09-26 12:17:08 show_digests = DISABLED 2020-09-26 12:17:08 show_engines = DISABLED 2020-09-26 12:17:08 genkey = DISABLED 2020-09-26 12:17:08 genkey_filename = '[UNDEF]' 2020-09-26 12:17:08 key_pass_file = '[UNDEF]' 2020-09-26 12:17:08 show_tls_ciphers = DISABLED 2020-09-26 12:17:08 connect_retry_max = 0 2020-09-26 12:17:08 Connection profiles [0]: 2020-09-26 12:17:08 proto = udp 2020-09-26 12:17:08 local = '[UNDEF]' 2020-09-26 12:17:08 local_port = '[UNDEF]' 2020-09-26 12:17:08 remote = 'XXXXXXXXXXXXXX' 2020-09-26 12:17:08 remote_port = '1194' 2020-09-26 12:17:08 remote_float = DISABLED 2020-09-26 12:17:08 bind_defined = DISABLED 2020-09-26 12:17:08 bind_local = DISABLED 2020-09-26 12:17:08 bind_ipv6_only = DISABLED 2020-09-26 12:17:08 connect_retry_seconds = 2 2020-09-26 12:17:08 connect_timeout = 120 2020-09-26 12:17:08 socks_proxy_server = '[UNDEF]' 2020-09-26 12:17:08 socks_proxy_port = '[UNDEF]' 2020-09-26 12:17:08 tun_mtu = 1500 2020-09-26 12:17:08 tun_mtu_defined = ENABLED 2020-09-26 12:17:08 link_mtu = 1500 2020-09-26 12:17:08 link_mtu_defined = DISABLED 2020-09-26 12:17:08 tun_mtu_extra = 0 2020-09-26 12:17:08 tun_mtu_extra_defined = DISABLED 2020-09-26 12:17:08 mtu_discover_type = -1 2020-09-26 12:17:08 fragment = 0 2020-09-26 12:17:08 mssfix = 1450 2020-09-26 12:17:08 explicit_exit_notification = 0 2020-09-26 12:17:08 tls_auth_file = '[INLINE]' 2020-09-26 12:17:08 key_direction = 1 2020-09-26 12:17:08 tls_crypt_file = '[UNDEF]' 2020-09-26 12:17:08 tls_crypt_v2_file = '[UNDEF]' 2020-09-26 12:17:08 Connection profiles END 2020-09-26 12:17:08 remote_random = DISABLED 2020-09-26 12:17:08 ipchange = '[UNDEF]' 2020-09-26 12:17:08 dev = 'tun' 2020-09-26 12:17:08 dev_type = '[UNDEF]' 2020-09-26 12:17:08 dev_node = '[UNDEF]' 2020-09-26 12:17:08 lladdr = '[UNDEF]' 2020-09-26 12:17:08 topology = 1 2020-09-26 12:17:08 ifconfig_local = '[UNDEF]' 2020-09-26 12:17:08 ifconfig_remote_netmask = '[UNDEF]' 2020-09-26 12:17:08 ifconfig_noexec = DISABLED 2020-09-26 12:17:08 ifconfig_nowarn = ENABLED 2020-09-26 12:17:08 ifconfig_ipv6_local = '[UNDEF]' 2020-09-26 12:17:08 ifconfig_ipv6_netbits = 0 2020-09-26 12:17:08 ifconfig_ipv6_remote = '[UNDEF]' 2020-09-26 12:17:08 shaper = 0 2020-09-26 12:17:08 mtu_test = 0 2020-09-26 12:17:08 mlock = DISABLED 2020-09-26 12:17:08 keepalive_ping = 0 2020-09-26 12:17:08 keepalive_timeout = 0 2020-09-26 12:17:08 inactivity_timeout = 0 2020-09-26 12:17:08 ping_send_timeout = 0 2020-09-26 12:17:08 ping_rec_timeout = 0 2020-09-26 12:17:08 ping_rec_timeout_action = 0 2020-09-26 12:17:08 ping_timer_remote = DISABLED 2020-09-26 12:17:08 remap_sigusr1 = 0 2020-09-26 12:17:08 persist_tun = ENABLED 2020-09-26 12:17:08 persist_local_ip = DISABLED 2020-09-26 12:17:08 persist_remote_ip = DISABLED 2020-09-26 12:17:08 persist_key = DISABLED 2020-09-26 12:17:08 passtos = DISABLED 2020-09-26 12:17:08 resolve_retry_seconds = 1000000000 2020-09-26 12:17:08 resolve_in_advance = ENABLED 2020-09-26 12:17:08 username = '[UNDEF]' 2020-09-26 12:17:08 groupname = '[UNDEF]' 2020-09-26 12:17:08 chroot_dir = '[UNDEF]' 2020-09-26 12:17:08 cd_dir = '[UNDEF]' 2020-09-26 12:17:08 writepid = '[UNDEF]' 2020-09-26 12:17:08 up_script = '[UNDEF]' 2020-09-26 12:17:08 down_script = '[UNDEF]' 2020-09-26 12:17:08 down_pre = DISABLED 2020-09-26 12:17:08 up_restart = DISABLED 2020-09-26 12:17:08 up_delay = DISABLED 2020-09-26 12:17:08 daemon = DISABLED 2020-09-26 12:17:08 inetd = 0 2020-09-26 12:17:08 log = DISABLED 2020-09-26 12:17:08 suppress_timestamps = DISABLED 2020-09-26 12:17:08 machine_readable_output = ENABLED 2020-09-26 12:17:08 nice = 0 2020-09-26 12:17:08 verbosity = 4 2020-09-26 12:17:08 mute = 0 2020-09-26 12:17:08 gremlin = 0 2020-09-26 12:17:08 status_file = '[UNDEF]' 2020-09-26 12:17:08 status_file_version = 1 2020-09-26 12:17:08 status_file_update_freq = 60 2020-09-26 12:17:08 occ = ENABLED 2020-09-26 12:17:08 rcvbuf = 0 2020-09-26 12:17:08 sndbuf = 0 2020-09-26 12:17:08 sockflags = 0 2020-09-26 12:17:08 fast_io = DISABLED 2020-09-26 12:17:08 comp.alg = 2 2020-09-26 12:17:08 comp.flags = 1 2020-09-26 12:17:08 route_script = '[UNDEF]' 2020-09-26 12:17:08 route_default_gateway = '[UNDEF]' 2020-09-26 12:17:08 route_default_metric = 0 2020-09-26 12:17:08 route_noexec = DISABLED 2020-09-26 12:17:08 route_delay = 0 2020-09-26 12:17:08 route_delay_window = 30 2020-09-26 12:17:08 route_delay_defined = DISABLED 2020-09-26 12:17:08 route_nopull = DISABLED 2020-09-26 12:17:08 route_gateway_via_dhcp = DISABLED 2020-09-26 12:17:08 allow_pull_fqdn = DISABLED 2020-09-26 12:17:08 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket' 2020-09-26 12:17:08 management_port = 'unix' 2020-09-26 12:17:08 management_user_pass = '[UNDEF]' 2020-09-26 12:17:08 management_log_history_cache = 250 2020-09-26 12:17:08 management_echo_buffer_size = 100 2020-09-26 12:17:08 management_write_peer_info_file = '[UNDEF]' 2020-09-26 12:17:08 management_client_user = '[UNDEF]' 2020-09-26 12:17:08 management_client_group = '[UNDEF]' 2020-09-26 12:17:08 management_flags = 16678 2020-09-26 12:17:08 shared_secret_file = '[UNDEF]' 2020-09-26 12:17:08 key_direction = 1 2020-09-26 12:17:08 ciphername = 'BF-CBC' 2020-09-26 12:17:08 ncp_enabled = ENABLED 2020-09-26 12:17:08 ncp_ciphers = 'AES-256-GCM:AES-128-GCM' 2020-09-26 12:17:08 authname = 'SHA256' 2020-09-26 12:17:08 prng_hash = 'SHA1' 2020-09-26 12:17:08 prng_nonce_secret_len = 16 2020-09-26 12:17:08 keysize = 0 2020-09-26 12:17:08 engine = DISABLED 2020-09-26 12:17:08 replay = ENABLED 2020-09-26 12:17:08 mute_replay_warnings = DISABLED 2020-09-26 12:17:08 replay_window = 64 2020-09-26 12:17:08 replay_time = 15 2020-09-26 12:17:08 packet_id_file = '[UNDEF]' 2020-09-26 12:17:08 test_crypto = DISABLED 2020-09-26 12:17:08 tls_server = DISABLED 2020-09-26 12:17:08 tls_client = ENABLED 2020-09-26 12:17:08 ca_file = '[INLINE]' 2020-09-26 12:17:08 ca_path = '[UNDEF]' 2020-09-26 12:17:08 dh_file = '[UNDEF]' 2020-09-26 12:17:08 cert_file = '[INLINE]' 2020-09-26 12:17:08 extra_certs_file = '[UNDEF]' 2020-09-26 12:17:08 priv_key_file = '[INLINE]' 2020-09-26 12:17:08 pkcs12_file = '[UNDEF]' 2020-09-26 12:17:08 cipher_list = '[UNDEF]' 2020-09-26 12:17:08 cipher_list_tls13 = '[UNDEF]' 2020-09-26 12:17:08 tls_cert_profile = '[UNDEF]' 2020-09-26 12:17:08 tls_verify = '[UNDEF]' 2020-09-26 12:17:08 tls_export_cert = '[UNDEF]' 2020-09-26 12:17:08 verify_x509_type = 2 2020-09-26 12:17:08 verify_x509_name = 'XXXXXXXXXXXXXXXXXXXXXXXXX' 2020-09-26 12:17:08 crl_file = '[UNDEF]' 2020-09-26 12:17:08 ns_cert_type = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 65535 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_ku[i] = 0 2020-09-26 12:17:08 remote_cert_eku = 'TLS Web Client Authentication' 2020-09-26 12:17:08 ssl_flags = 0 2020-09-26 12:17:08 tls_timeout = 2 2020-09-26 12:17:08 renegotiate_bytes = -1 2020-09-26 12:17:08 renegotiate_packets = 0 2020-09-26 12:17:08 renegotiate_seconds = 3600 2020-09-26 12:17:08 handshake_window = 60 2020-09-26 12:17:08 transition_window = 3600 2020-09-26 12:17:08 single_session = DISABLED 2020-09-26 12:17:08 push_peer_info = DISABLED 2020-09-26 12:17:08 tls_exit = DISABLED 2020-09-26 12:17:08 tls_crypt_v2_metadata = '[UNDEF]' 2020-09-26 12:17:08 server_network = 0.0.0.0 2020-09-26 12:17:08 server_netmask = 0.0.0.0 2020-09-26 12:17:08 server_network_ipv6 = :: 2020-09-26 12:17:08 server_netbits_ipv6 = 0 2020-09-26 12:17:08 server_bridge_ip = 0.0.0.0 2020-09-26 12:17:08 server_bridge_netmask = 0.0.0.0 2020-09-26 12:17:08 server_bridge_pool_start = 0.0.0.0 2020-09-26 12:17:08 server_bridge_pool_end = 0.0.0.0 2020-09-26 12:17:08 0 secondes avant la prochaine tentative de connexion 2020-09-26 12:17:08 ifconfig_pool_defined = DISABLED 2020-09-26 12:17:08 ifconfig_pool_start = 0.0.0.0 2020-09-26 12:17:08 ifconfig_pool_end = 0.0.0.0 2020-09-26 12:17:08 ifconfig_pool_netmask = 0.0.0.0 2020-09-26 12:17:08 ifconfig_pool_persist_filename = '[UNDEF]' 2020-09-26 12:17:08 ifconfig_pool_persist_refresh_freq = 600 2020-09-26 12:17:08 ifconfig_ipv6_pool_defined = DISABLED 2020-09-26 12:17:08 ifconfig_ipv6_pool_base = :: 2020-09-26 12:17:08 ifconfig_ipv6_pool_netbits = 0 2020-09-26 12:17:08 n_bcast_buf = 256 2020-09-26 12:17:08 tcp_queue_limit = 64 2020-09-26 12:17:08 real_hash_size = 256 2020-09-26 12:17:08 virtual_hash_size = 256 2020-09-26 12:17:08 client_connect_script = '[UNDEF]' 2020-09-26 12:17:08 learn_address_script = '[UNDEF]' 2020-09-26 12:17:08 client_disconnect_script = '[UNDEF]' 2020-09-26 12:17:08 client_config_dir = '[UNDEF]' 2020-09-26 12:17:08 ccd_exclusive = DISABLED 2020-09-26 12:17:08 tmp_dir = '/data/data/de.blinkt.openvpn/cache' 2020-09-26 12:17:08 push_ifconfig_defined = DISABLED 2020-09-26 12:17:08 push_ifconfig_local = 0.0.0.0 2020-09-26 12:17:08 push_ifconfig_remote_netmask = 0.0.0.0 2020-09-26 12:17:08 push_ifconfig_ipv6_defined = DISABLED 2020-09-26 12:17:08 push_ifconfig_ipv6_local = ::/0 2020-09-26 12:17:08 push_ifconfig_ipv6_remote = :: 2020-09-26 12:17:08 enable_c2c = DISABLED 2020-09-26 12:17:08 duplicate_cn = DISABLED 2020-09-26 12:17:08 cf_max = 0 2020-09-26 12:17:08 cf_per = 0 2020-09-26 12:17:08 max_clients = 1024 2020-09-26 12:17:08 max_routes_per_client = 256 2020-09-26 12:17:08 auth_user_pass_verify_script = '[UNDEF]' 2020-09-26 12:17:08 auth_user_pass_verify_script_via_file = DISABLED 2020-09-26 12:17:08 auth_token_generate = DISABLED 2020-09-26 12:17:08 auth_token_lifetime = 0 2020-09-26 12:17:08 auth_token_secret_file = '[UNDEF]' 2020-09-26 12:17:08 port_share_host = '[UNDEF]' 2020-09-26 12:17:08 port_share_port = '[UNDEF]' 2020-09-26 12:17:08 vlan_tagging = DISABLED 2020-09-26 12:17:08 vlan_accept = all 2020-09-26 12:17:08 vlan_pvid = 1 2020-09-26 12:17:08 client = ENABLED 2020-09-26 12:17:08 pull = ENABLED 2020-09-26 12:17:08 auth_user_pass_file = 'stdin' 2020-09-26 12:17:08 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.20-0-g46ce6652] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 24 2020 2020-09-26 12:17:08 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10 2020-09-26 12:17:08 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket 2020-09-26 12:17:08 MANAGEMENT: CMD 'version 3' 2020-09-26 12:17:08 MANAGEMENT: CMD 'hold release' 2020-09-26 12:17:08 MANAGEMENT: CMD 'username 'Auth' XXXXXXXXXXX' 2020-09-26 12:17:08 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:17:08 MANAGEMENT: CMD 'password [...]' 2020-09-26 12:17:08 MANAGEMENT: CMD 'state on' 2020-09-26 12:17:08 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:17:09 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:17:09 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:17:09 LZO compression initializing 2020-09-26 12:17:09 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:17:09 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:17:09 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:17:09 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:17:09 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:17:09 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:17:09 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:17:09 UDP link local: (not bound) 2020-09-26 12:17:09 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:17:09 MANAGEMENT: >STATE:1601115429,WAIT,,,,,, 2020-09-26 12:18:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2020-09-26 12:18:09 TLS Error: TLS handshake failed 2020-09-26 12:18:09 TCP/UDP: Closing socket 2020-09-26 12:18:09 SIGUSR1[soft,tls-error] received, process restarting 2020-09-26 12:18:09 MANAGEMENT: >STATE:1601115489,RECONNECTING,tls-error,,,,, 2020-09-26 12:18:09 2 secondes avant la prochaine tentative de connexion 2020-09-26 12:18:11 MANAGEMENT: CMD 'hold release' 2020-09-26 12:18:11 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:18:11 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:18:11 MANAGEMENT: CMD 'state on' 2020-09-26 12:18:12 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:18:12 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:18:12 LZO compression initializing 2020-09-26 12:18:12 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:18:12 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:18:12 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:18:12 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:18:12 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:18:12 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:18:12 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:18:12 UDP link local: (not bound) 2020-09-26 12:18:12 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:18:12 MANAGEMENT: >STATE:1601115492,WAIT,,,,,, 2020-09-26 12:19:13 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2020-09-26 12:19:13 TLS Error: TLS handshake failed 2020-09-26 12:19:13 TCP/UDP: Closing socket 2020-09-26 12:19:13 SIGUSR1[soft,tls-error] received, process restarting 2020-09-26 12:19:13 2 secondes avant la prochaine tentative de connexion 2020-09-26 12:19:13 MANAGEMENT: >STATE:1601115553,RECONNECTING,tls-error,,,,, 2020-09-26 12:19:15 MANAGEMENT: CMD 'hold release' 2020-09-26 12:19:15 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:19:15 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:19:15 MANAGEMENT: CMD 'state on' 2020-09-26 12:19:16 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:19:16 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:19:16 LZO compression initializing 2020-09-26 12:19:16 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:19:16 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:19:16 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:19:16 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:19:16 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:19:16 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:19:16 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:19:16 UDP link local: (not bound) 2020-09-26 12:19:16 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:19:16 MANAGEMENT: >STATE:1601115556,WAIT,,,,,, 2020-09-26 12:20:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2020-09-26 12:20:16 TLS Error: TLS handshake failed 2020-09-26 12:20:16 TCP/UDP: Closing socket 2020-09-26 12:20:16 SIGUSR1[soft,tls-error] received, process restarting 2020-09-26 12:20:16 MANAGEMENT: >STATE:1601115616,RECONNECTING,tls-error,,,,, 2020-09-26 12:20:16 2 secondes avant la prochaine tentative de connexion 2020-09-26 12:20:18 MANAGEMENT: CMD 'hold release' 2020-09-26 12:20:18 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:20:18 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:20:18 MANAGEMENT: CMD 'state on' 2020-09-26 12:20:19 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:20:19 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:20:19 LZO compression initializing 2020-09-26 12:20:19 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:20:19 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:20:19 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:20:19 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:20:19 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:20:19 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:20:19 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:20:19 UDP link local: (not bound) 2020-09-26 12:20:19 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:20:19 MANAGEMENT: >STATE:1601115619,WAIT,,,,,, 2020-09-26 12:21:19 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2020-09-26 12:21:19 TLS Error: TLS handshake failed 2020-09-26 12:21:19 TCP/UDP: Closing socket 2020-09-26 12:21:19 SIGUSR1[soft,tls-error] received, process restarting 2020-09-26 12:21:19 MANAGEMENT: >STATE:1601115679,RECONNECTING,tls-error,,,,, 2020-09-26 12:21:19 2 secondes avant la prochaine tentative de connexion 2020-09-26 12:21:21 MANAGEMENT: CMD 'hold release' 2020-09-26 12:21:21 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:21:21 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:21:21 MANAGEMENT: CMD 'state on' 2020-09-26 12:21:22 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:21:22 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:21:22 LZO compression initializing 2020-09-26 12:21:22 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:21:22 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:21:22 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:21:22 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:21:22 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:21:22 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:21:22 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:21:22 UDP link local: (not bound) 2020-09-26 12:21:22 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:21:22 MANAGEMENT: >STATE:1601115682,WAIT,,,,,, 2020-09-26 12:22:22 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2020-09-26 12:22:22 TLS Error: TLS handshake failed 2020-09-26 12:22:22 TCP/UDP: Closing socket 2020-09-26 12:22:22 SIGUSR1[soft,tls-error] received, process restarting 2020-09-26 12:22:22 MANAGEMENT: >STATE:1601115742,RECONNECTING,tls-error,,,,, 2020-09-26 12:22:22 4 secondes avant la prochaine tentative de connexion 2020-09-26 12:22:26 MANAGEMENT: CMD 'hold release' 2020-09-26 12:22:26 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:22:26 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:22:26 MANAGEMENT: CMD 'state on' 2020-09-26 12:22:27 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:22:27 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:22:27 LZO compression initializing 2020-09-26 12:22:27 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:22:27 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:22:27 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:22:27 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:22:27 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:22:27 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:22:28 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:22:28 UDP link local: (not bound) 2020-09-26 12:22:28 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:22:28 MANAGEMENT: >STATE:1601115748,WAIT,,,,,, 2020-09-26 12:23:28 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2020-09-26 12:23:28 TLS Error: TLS handshake failed 2020-09-26 12:23:28 TCP/UDP: Closing socket 2020-09-26 12:23:28 SIGUSR1[soft,tls-error] received, process restarting 2020-09-26 12:23:28 MANAGEMENT: >STATE:1601115808,RECONNECTING,tls-error,,,,, 2020-09-26 12:23:28 8 secondes avant la prochaine tentative de connexion 2020-09-26 12:23:36 MANAGEMENT: CMD 'hold release' 2020-09-26 12:23:36 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:23:36 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:23:36 MANAGEMENT: CMD 'state on' 2020-09-26 12:23:37 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:23:37 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:23:37 LZO compression initializing 2020-09-26 12:23:37 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:23:37 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:23:37 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:23:37 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:23:37 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:23:37 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:23:37 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:23:37 UDP link local: (not bound) 2020-09-26 12:23:37 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:23:37 MANAGEMENT: >STATE:1601115817,WAIT,,,,,, 2020-09-26 12:24:37 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2020-09-26 12:24:37 TLS Error: TLS handshake failed 2020-09-26 12:24:37 TCP/UDP: Closing socket 2020-09-26 12:24:37 SIGUSR1[soft,tls-error] received, process restarting 2020-09-26 12:24:37 MANAGEMENT: >STATE:1601115877,RECONNECTING,tls-error,,,,, 2020-09-26 12:24:37 16 secondes avant la prochaine tentative de connexion 2020-09-26 12:24:53 MANAGEMENT: CMD 'hold release' 2020-09-26 12:24:53 MANAGEMENT: CMD 'proxy NONE' 2020-09-26 12:24:53 MANAGEMENT: CMD 'bytecount 2' 2020-09-26 12:24:53 MANAGEMENT: CMD 'state on' 2020-09-26 12:24:54 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:24:54 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication 2020-09-26 12:24:54 LZO compression initializing 2020-09-26 12:24:54 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ] 2020-09-26 12:24:54 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] 2020-09-26 12:24:54 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' 2020-09-26 12:24:54 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' 2020-09-26 12:24:54 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:24:54 Socket Buffers: R=[245760->245760] S=[245760->245760] 2020-09-26 12:24:54 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2020-09-26 12:24:54 UDP link local: (not bound) 2020-09-26 12:24:54 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194 2020-09-26 12:24:54 MANAGEMENT: >STATE:1601115894,WAIT
Je tournes en rond depuis une semaine, si une bonne âme pouvait m'aider ce serait super.
@++
-
This post is deleted! -
NB : si vous masquez l'ip publique, pensez à masquer les certificats !!
----- BEGIN CERTIFICATE
........
-----END CERTIFICATEVous ne décrivez pas complètement votre infra ...
Vous indiquez 'NAT sur routeur UDP1194' : je traduis : vous avez configuré le routeur pour faire un renvoi du trafic vers le WAN de pfSense (qui est donc en adressage privé).
Etes vous certain que les config soient bien coordonnées : exemple LZO est-il activé des 2 côtés ?
Avez vous une règle dans Firewall > Rules > onglet WAN pour accepter le flux udp/1194 ? C'est nécessaire et donc obligatoire.
Les logs sont un peu trop verbeux (verb 3 serait suffisant).
La seule info utile des logs est :
2020-09-26 12:17:09 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
2020-09-26 12:17:09 MANAGEMENT: >STATE:1601115429,WAIT,,,,,,
2020-09-26 12:18:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-09-26 12:18:09 TLS Error: TLS handshake failed
2020-09-26 12:18:09 TCP/UDP: Closing socket(Le 'check your network connectivity' est typique !)
Ce que j'écris plus haut peut occasionner ce message.Perso, je commencerai par tester depuis un simple PC avant de passer à un smartphone, une fois opérationnel.
-
J'ai supprimé les certificats... (ici bien entendu...)
la traduction de ma ligne NAT faites par vos soins est bonne.
Comme je le disais dans le message, j'ai suivit le wizard donc bien entendu que la règle PFsense est ajoutée et en UDP
Concernant le LZO non ce n'était pas configuré du côté serveur donc j'ai supprimé la ligne, merci.
Mais le problème reste le même...
PS: je n'ai pas d'autres pc hors LAN pour faire les premiers tests....
-
Vérifiez ici
c'est tout ce que vous avez besoin
https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/ -
Merci pour la réponse, mais je suis déjà passé sur cette page.....
Il doit y avoir une subtilité quelque part car je n'y arrive pas!
Donc pour résumer les tâches faite:
sur mon routeur règle NAT UDP1194 vers IP de PFsense
sur PFsense:
-
règle firewall:
IPV4 UDP * * WAN address 1194(openVPN) * aucun -
serveurs OpenVPN:
WAN UDP4/1194 10.20.30.0/24 Crypto:AES-128 CBC/SHA256 D-H Params: 2048 bits -
certificat actif
Si je PING mon domaine, j'obtiens bien mon IP publique
-
-
Le wizard créé normalement ce qu'il faut, en effet (j'ai pu tester il y a peu, avant je faisais tout moi-même ...).
Vous avez vérifié, c'est bien.Bien qu'il serait difficilement compréhensible que le renvoi fait depuis le routeur ne fonctionne pas, il faut maintenant tester avec un pc (portable ?) connecté au WAN (et avec l'adresse ip WAN au lieu du dns public !).
Si le pc fait monter OpenVPN, cela signifie que le pfSense est OK.
Il faudra ensuite tester depuis l'extérieur, pour finir par tester avec un smartphone. -
Question bête Astina,
Avez-vous regardé les .log quand le client essaye de se connecter au pfsense.
Je vous balance, ce que personnellement j'ai checké pour trouver ma panne.
Pour ma part l'adresse IP publique n'était pas a jour.
Dans un autre contexte, j'avais l'IP de mon réseau local à la place de la publique.
Je n'avais pas ouvert les ports sur la Livebox vers l'adresse du pfsense.
Cordialement