Openvpn Client : Authenticate/Decrypt packet error: packet HMAC authentication f

tocks

Bonjour,

Je suis nouveau sur pfsense et je souhaite vous faire partager un problème que j'ai avec openvpn en mode client

Contexte : milieu perso, surfer anonymement de chez moi

Besoin : Je souhaite monter une interface Openvpn client sur FrootVpn pour après par la suite redirigé tous le trafic Lan vers ce VPN. Je souhaite que si le VPN tombe, le lan n'ai plus accès à internet. Tous le trafic doit donc passé obligatoirement par le VPN

Schéma :

WAN (modem/routeur/box) : 1, Livebox Play, bridge, nombre d'ip publique : 1

LAN : nombre : 1, vlan : non, adressage 192.168.1.0/24, dhcp fourni par pfsence, dns 8.8.8.8, …

Autres interfaces : VPN Openvpn sur FrootVpn,  adressages, dhcp fourni ou non, dns local, ...

Règles NAT :

Règles Firewall :

Packages ajoutés : pas d'ajout

Autres fonctions assignées au pfSense : VPN openvpn client

Question : Problème précis rencontré et questions posées, …
: (section importante : ne peut être vide)

J'ai donc 2 question :

Ma première : le Vpn ce monte bien, par contre il ne reste pas connecté. J'ai des messages d'erreur dans les logs openvpn : Authenticate/Decrypt packet error: packet HMAC authentication f

Jun 16 13:52:12 	openvpn 	43155 	Re-using SSL/TLS context
Jun 16 13:52:12 	openvpn 	43155 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 16 13:52:10 	openvpn 	43155 	Restart pause, 2 second(s)
Jun 16 13:52:10 	openvpn 	43155 	SIGUSR1[soft,ping-restart] received, process restarting
Jun 16 13:52:10 	openvpn 	43155 	TCP/UDP: Closing socket
Jun 16 13:52:10 	openvpn 	43155 	[server] Inactivity timeout (--ping-restart), restarting
Jun 16 13:52:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:52:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:56 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:56 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:50 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:50 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:43 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:43 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:37 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:37 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:34 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:34 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:32 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:32 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:28 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:28 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:25 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:25 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:14 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:14 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:11 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:11 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:08 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:08 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:01 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:51:01 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:57 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:57 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:53 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:53 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:51 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:51 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:48 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:48 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:38 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:38 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:36 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:36 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:29 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:29 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:26 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:26 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:15 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:15 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:12 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:12 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:09 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:09 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:06 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:06 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:02 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:50:02 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:59 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:59 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:52 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:52 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:39 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:39 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:35 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:35 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 16 13:49:30 	openvpn 	43155 	Initialization Sequence Completed 

Je ne sais pas quoi faire pour ne plus avoir l'erreur : Authenticate/Decrypt packet error: packet HMAC authentication failed  ?

De plus je me rends compte que le VPN ce déconnecte  pour : Inactivity timeout (–ping-restart), restarting

Comment le configurer pour le plus avoir d'inactivité ?

Ma configuration Openvpn avec FrootVpn

Mes Gateway :

Recherches : pour une piste, quelles recherches avec quels résultats

J'ai suivit cette procédure : http://mybroadband.co.za/vb/showthread.php/669041-Mini-Guide-Setup-free-VPN-(Froot-using-OpenVPN)-in-PfSense

Mais je pense que je doit avoir un soucis dans mon NAT ou les Rules du firewal, car un pc client sur le LAN ne passe pas par le VPN

Logs et tests : complément de "Recherches"

Ping de 8.8.8.8 a travers le VPN

Cela ping, mais les paquets sont en double. Je ne comprends pas pourquoi

Merci d'avance pour votre aide

tocks

Je rajoute des info et pense avoir trouvé un soucis mais je ne sais pas le résoudre.

Lorsque je test un ping de 8.8.8.8 avec l'interface du vpn, j'ai cela

PING 8.8.8.8 (8.8.8.8) from 46.246.83.102: 56 data bytes

–- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

Donc si je comprends bien, mon vpn ce monte bien, mais il ne ping rien. Avez vous une idée ?

Merci

fab_d

Salut,

Alors pour le problème de

Authenticate/Decrypt packet error: packet HMAC authentication failed

Je penche pour un "Encryption Algorithm" pas correcte, il doit être identique des 2 côtés (et supporté des 2 côtés) ;-)

Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
sans la configuration de cette partie, ça risque d'être dur :-)

++

chris4916

@fab_d:

Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
sans la configuration de cette partie, ça risque d'être dur :-)

"Redirect gateway" se configure coté serveur et permet de forcer les clients à utiliser le tunnel, autrement dit, de ne pas permettre à un client qui a activé le tunnel VPN de communiquer en dehors du tunnel.

Coté client, il n'y a normalement rien à faire, AMHA  8)

jdh

(tocks débute par une présentation impeccable de son problème : bravo ! Personne ne peut plus écrire que ce n'est pas possible d'utiliser le formulaire !)

Je voudrais préciser un point de méthode :

• en 1, pfSense doit être client OpenVPN,
• en 2, le trafic doit être redirigé via ce tunnel OpenVPN.
  La bonne méthode est donc
• en 1, s'assurer que le tunnel OpenVPN est correct
• en 2, rediriger via OpenVPN.

De mon point de vue,

• le tunnel est incorrect : les erreurs HMAC sont liées au tunnel OpenVPN : cf https://openvpn.net/index.php/open-source/documentation/security-overview.html
• la redirection du flux ne devrait pas reposer sur NAT outbound mais sur un choix de gateway (policy routing).

Le fait qu'il y ait duplication de paquets (même ping = icmp request) est un indice que la redirection ne fonctionne pas.

fab_d

@chris4916:

@fab_d:

Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
sans la configuration de cette partie, ça risque d'être dur :-)

"Redirect gateway" se configure coté serveur et permet de forcer les clients à utiliser le tunnel, autrement dit, de ne pas permettre à un client qui a activé le tunnel VPN de communiquer en dehors du tunnel.

Coté client, il n'y a normalement rien à faire, AMHA  8)

oups, j'ai lu un peu trop vite entre les lignes hier et ne me suis pas rendu compte qu'il était mode "client"
désolé pour l'erreur ! et merci à chris4916 de m'avoir repris sur cette erreur :)

chris4916

@jdh:

(tocks débute par une présentation impeccable de son problème : bravo ! Personne ne peut plus écrire que ce n'est pas possible d'utiliser le formulaire !)

je ne crois pas que quiconque ait jamais écrit que c'était impossible  ::)

• la redirection du flux ne devrait pas reposer sur NAT outbound mais sur un choix de gateway (policy routing).

je le pense aussi mais ce n'est utile, dans ma compréhension, que pour dire "si le tunnel tombe, je ne veux pas avoir d'accès internet" car le type de service VPN choisi est justement configuré, au niveau du serveur, pour forcer la default gateway du client, et donc tout le flux sortant, vers le tunnel.

tocks

Merci pour tous vos retours.

J'ai donc bien avancé grâce à vous, nous avons deja trouvé un problème de configuration sur le vpn client.

Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA384'
Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1585'

J'ai donc modifier pour que les cryptage soit en concordance.

Maintenant un pc du lan passe bien par le vpn client : testé ip avec site monip.com

Mais maintenant le log openvpn est toujours très verbeux

Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #86 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #85 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #84 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #83 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #82 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:23 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #81 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #80 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #79 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:20 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #78 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:17 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #77 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:14 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #76 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: Client disconnected
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: CMD 'status 2'
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: CMD 'state 1'
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jun 17 14:19:11 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #75 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:09 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #74 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #73 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #72 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #71 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #70 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #69 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #68 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #67 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #66 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #65 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #64 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #63 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #62 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #61 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #60 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #59 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #58 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #57 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:05 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #56 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #55 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #54 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #53 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #52 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #51 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #50 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #49 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #48 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #47 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #46 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #45 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #44 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #43 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #42 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #41 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #40 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #39 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #38 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #37 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #36 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #35 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #34 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #33 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #32 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #31 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #30 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #29 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #27 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #26 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #25 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #24 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:59 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #23 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:56 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #22 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:53 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:50 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #20 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:47 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:44 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:41 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:37 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #16 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:34 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #15 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:31 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #14 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:28 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #13 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:25 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #12 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:19 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:16 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #9 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:13 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #8 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:10 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #6 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #5 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:00 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:59 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:57 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:54 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:54 	openvpn 	7387 	Initialization Sequence Completed
Jun 17 14:17:54 	openvpn 	7387 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1585 46.246.83.111 255.255.255.224 init
Jun 17 14:17:54 	openvpn 	7387 	/sbin/ifconfig ovpnc1 inet6 2a00:1a28:1558:11::100d/64
Jun 17 14:17:54 	openvpn 	7387 	/sbin/route add -net 46.246.83.96 46.246.83.111 255.255.255.224
Jun 17 14:17:54 	openvpn 	7387 	/sbin/ifconfig ovpnc1 46.246.83.111 46.246.83.97 mtu 1500 netmask 255.255.255.224 up
Jun 17 14:17:54 	openvpn 	7387 	do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Jun 17 14:17:54 	openvpn 	7387 	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Jun 17 14:17:54 	openvpn 	7387 	TUN/TAP device /dev/tun1 opened
Jun 17 14:17:54 	openvpn 	7387 	TUN/TAP device ovpnc1 exists previously, keep at program end
Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: route-related options modified
Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: --ifconfig/up options modified
Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: timers and/or timeouts modified
Jun 17 14:17:54 	openvpn 	7387 	Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.3.11)
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a00:1a28:1558:11::100d/64 2a00:1a28:1558:11::1,dhcp-option DNS 46.246.83.97,redirect-gateway def1,redirect-gateway ipv6,redirect-gateway def1,route-ipv6 2000::/3,block-outside-dns,tun-ipv6,route-gateway 46.246.83.97,topology subnet,ping 10,ping-restart 160,ifconfig 46.246.83.111 255.255.255.224'
Jun 17 14:17:54 	openvpn 	7387 	SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jun 17 14:17:52 	openvpn 	7387 	[server] Peer Connection Initiated with [AF_INET]178.73.195.106:1205
Jun 17 14:17:52 	openvpn 	7387 	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Decrypt: Using 384 bit message hash 'SHA384' for HMAC authentication
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Encrypt: Using 384 bit message hash 'SHA384' for HMAC authentication
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: depth=0, C=SE, ST=QQ, L=FrootTown, O=FrootOrg, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: nsCertType=SERVER
Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: depth=1, C=SE, ST=QQ, L=FrootTown, O=FrootOrg, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Jun 17 14:17:51 	openvpn 	7387 	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 17 14:17:51 	openvpn 	7387 	TLS: Initial packet from [AF_INET]178.73.195.106:1205, sid=4c635913 030101ec
Jun 17 14:17:51 	openvpn 	7387 	UDPv4 link remote: [AF_INET]178.73.195.106:1205
Jun 17 14:17:51 	openvpn 	7387 	UDPv4 link local (bound): [AF_INET]192.168.0.15
Jun 17 14:17:44 	openvpn 	7387 	Socket Buffers: R=[42080->42080] S=[57344->57344]
Jun 17 14:17:44 	openvpn 	7387 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 17 14:17:44 	openvpn 	7387 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jun 17 14:17:44 	openvpn 	6716 	WARNING: file '/etc/frootvpn-password.txt' is group or others accessible
Jun 17 14:17:44 	openvpn 	6716 	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Jun 17 14:17:44 	openvpn 	6716 	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016 

Je pense que comme vous me l'avez dit, je doit m’assurer que le VPN ce monte bien avant d’allée plus loin.

J'ai donc désactivé les rules et le nat, histoire de partir sur de bonnes bases:

Maintenant, je test un pin a partir du wan, et la j'ai direct des DUP

Il y a donc un problème sur le WAN. Mais je ne sais pas quoi …

Après test d'un ping en passant par le VPN :

Pas de soucis.

Avez vous des idées, pour ces deux problèmes : Authenticate/Decrypt packet error: bad packet ID et les DUP sur l'interface WAN ?

Merci encore pour le temps que vous me consacrez

tocks

Je vais rajouter des information car plus d'info vaut mieux que pas assez.

Les logs que je vous ais posté viennent de ma plateforme de dev

virtualbox, avec la carte wan en pont a pont

Je viens de monter pfsense sur mon esxi qui lui seras ma prod.

Et bien je n'ai pas les erreurs dans les log openvpn et je n'ai pas de dup lorsque je ping du WAN ou du VPN.

Pensez vous que cela peut venir de virtualbox ?

Et pensez vous que tu coup je peux laisser ces erreurs de coté sachant que c'est ma dev et que sur la prod je ne les ais pas ?

chris4916

@tocks:

Les logs que je vous ais posté viennent de ma plateforme de dev
virtualbox, avec la carte wan en pont a pont
Je viens de monter pfsense sur mon esxi qui lui seras ma prod.
Et bien je n'ai pas les erreurs dans les log openvpn et je n'ai pas de dup lorsque je ping du WAN ou du VPN.
Pensez vous que cela peut venir de virtualbox ?
Et pensez vous que tu coup je peux laisser ces erreurs de coté sachant que c'est ma dev et que sur la prod je ne les ais pas ?

Comme quoi même en faisant un topic initial avec tout plein d'informations, on passe parfois à coté de choses potentiellement importantes.

Je n'ai pas d'avis sur l'aspect VM, désolé.
C'est souvent trop compliqué pour moi  ;)

jdh

Le fait de préciser 'pfSense est une VM' est essentiel ! (devrait être toujours indiqué dès le formulaire)

Mais ici, c'est bien pfSense qui envoie ou reçoit 2 paquets (DUP).
Je suspecte d'abord de mauvais réglages d'Outbound NAT …

tocks

Merci pour tous vos retour. Je n'ai pas de soucis de DUP sur ma production. Je vais donc configurer directement sur ma production qui est sur un esxi.

Pour l'instant tous le trafic qui sort du LAN passe bien par mon client VPN.

Je vous propose donc de refaire le point sur ma configuration actuel

subnet WAN : 192.168.0.0 /24
subnet LAN : 192.168.1.0/24
Ip pfsense dans le lan : 192.168.0.77
Ip pfsense dans le wan 192.168.1.254

Configuration du NAT :

Configuration des rules :

1. cela vous semble t'il correct pour continuer la configuration de pfsense ? Vous me proposez plutôt d'utiliser des routes static au lieu de nat outbound, mais je ne sais pas comment le configurer.

2. Cela fait plusieurs jours que je lis de la documentation sur pfsense, et tous n'est pas très claire poour moi. On est bien d'accord que pfsense applique le NAT Avant les Rules ? Ne vaut il donc pas lausser tous passer dans les rules pour être sur qu ele NAT est bien configurer et après remettre le blocage sur les RULES et affiner ?  Car la je passe mon temps a essayer de chôses des deux coté et je pense que c'est pas la bonne technique.

Après pour les rules, Elle sont appliqué de haut en bas ou de bas en haut. J'ai trouvé les deux réponses sur le net ?

3. J'ai essayé de configurer les rules pour pouvoir accéder à l'interface de configuration de pfsense du WAN, mais sans y arriver. Cela serait quand même beaucoup plus pratique pour moi.

4. Je souhaite que le LAN puisse accéder a toutes les machines du WAN, j'ai également essayer plusieurs règles sans succès ?

5. Je souhaite que le WAN puisse accéder a toutes les machines du LAN.

Merci pour votre aide