Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn Client : Authenticate/Decrypt packet error: packet HMAC authentication f

    Scheduled Pinned Locked Moved Français
    12 Posts 4 Posters 8.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tocks
      last edited by

      Bonjour,

      Je suis nouveau sur pfsense et je souhaite vous faire partager un problème que j'ai avec openvpn en mode client

      Contexte : milieu perso, surfer anonymement de chez moi

      Besoin : Je souhaite monter une interface Openvpn client sur FrootVpn pour après par la suite redirigé tous le trafic Lan vers ce VPN. Je souhaite que si le VPN tombe, le lan n'ai plus accès à internet. Tous le trafic doit donc passé obligatoirement par le VPN

      Schéma :

      WAN (modem/routeur/box) : 1, Livebox Play, bridge, nombre d'ip publique : 1

      LAN : nombre : 1, vlan : non, adressage 192.168.1.0/24, dhcp fourni par pfsence, dns 8.8.8.8, …

      Autres interfaces : VPN Openvpn sur FrootVpn,  adressages, dhcp fourni ou non, dns local, ...

      Règles NAT :

      Règles Firewall :

      Packages ajoutés : pas d'ajout

      Autres fonctions assignées au pfSense : VPN openvpn client

      Question : Problème précis rencontré et questions posées, …
      : (section importante : ne peut être vide)

      J'ai donc 2 question :

      Ma première : le Vpn ce monte bien, par contre il ne reste pas connecté. J'ai des messages d'erreur dans les logs openvpn : Authenticate/Decrypt packet error: packet HMAC authentication f

      Jun 16 13:52:12 	openvpn 	43155 	Re-using SSL/TLS context
      Jun 16 13:52:12 	openvpn 	43155 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jun 16 13:52:10 	openvpn 	43155 	Restart pause, 2 second(s)
      Jun 16 13:52:10 	openvpn 	43155 	SIGUSR1[soft,ping-restart] received, process restarting
      Jun 16 13:52:10 	openvpn 	43155 	TCP/UDP: Closing socket
      Jun 16 13:52:10 	openvpn 	43155 	[server] Inactivity timeout (--ping-restart), restarting
      Jun 16 13:52:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:52:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:56 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:56 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:50 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:50 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:43 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:43 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:37 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:37 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:34 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:34 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:32 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:32 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:28 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:28 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:25 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:25 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:14 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:14 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:11 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:11 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:08 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:08 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:04 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:03 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:01 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:51:01 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:57 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:57 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:53 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:53 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:51 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:51 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:48 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:48 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:40 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:38 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:38 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:36 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:36 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:29 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:29 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:26 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:26 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:22 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:18 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:15 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:15 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:12 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:12 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:09 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:09 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:06 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:06 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:02 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:50:02 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:59 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:59 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:55 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:52 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:52 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:49 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:46 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:42 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:39 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:39 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:35 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:35 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:33 	openvpn 	43155 	Authenticate/Decrypt packet error: packet HMAC authentication failed
      Jun 16 13:49:30 	openvpn 	43155 	Initialization Sequence Completed 
      

      Je ne sais pas quoi faire pour ne plus avoir l'erreur : Authenticate/Decrypt packet error: packet HMAC authentication failed  ?

      De plus je me rends compte que le VPN ce déconnecte  pour : Inactivity timeout (–ping-restart), restarting

      Comment le configurer pour le plus avoir d'inactivité ?

      Ma configuration Openvpn avec FrootVpn

      Mes Gateway :

      Recherches : pour une piste, quelles recherches avec quels résultats

      J'ai suivit cette procédure : http://mybroadband.co.za/vb/showthread.php/669041-Mini-Guide-Setup-free-VPN-(Froot-using-OpenVPN)-in-PfSense

      Mais je pense que je doit avoir un soucis dans mon NAT ou les Rules du firewal, car un pc client sur le LAN ne passe pas par le VPN

      Logs et tests : complément de "Recherches"

      Ping de 8.8.8.8 a travers le VPN

      Cela ping, mais les paquets sont en double. Je ne comprends pas pourquoi

      Merci d'avance pour votre aide

      1 Reply Last reply Reply Quote 0
      • T
        tocks
        last edited by

        Je rajoute des info et pense avoir trouvé un soucis mais je ne sais pas le résoudre.

        Lorsque je test un ping de 8.8.8.8 avec l'interface du vpn, j'ai cela

        PING 8.8.8.8 (8.8.8.8) from 46.246.83.102: 56 data bytes

        –- 8.8.8.8 ping statistics ---
        3 packets transmitted, 0 packets received, 100.0% packet loss

        Donc si je comprends bien, mon vpn ce monte bien, mais il ne ping rien. Avez vous une idée ?

        Merci

        1 Reply Last reply Reply Quote 0
        • F
          fab_d
          last edited by

          Salut,

          Alors pour le problème de

          Authenticate/Decrypt packet error: packet HMAC authentication failed

          Je penche pour un "Encryption Algorithm" pas correcte, il doit être identique des 2 côtés (et supporté des 2 côtés) ;-)

          Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
          sans la configuration de cette partie, ça risque d'être dur :-)

          ++

          1 Reply Last reply Reply Quote 0
          • C
            chris4916
            last edited by

            @fab_d:

            Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
            sans la configuration de cette partie, ça risque d'être dur :-)

            "Redirect gateway" se configure coté serveur et permet de forcer les clients à utiliser le tunnel, autrement dit, de ne pas permettre à un client qui a activé le tunnel VPN de communiquer en dehors du tunnel.

            Coté client, il n'y a normalement rien à faire, AMHA  8)

            Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

            1 Reply Last reply Reply Quote 0
            • J
              jdh
              last edited by

              (tocks débute par une présentation impeccable de son problème : bravo ! Personne ne peut plus écrire que ce n'est pas possible d'utiliser le formulaire !)

              Je voudrais préciser un point de méthode :

              • en 1, pfSense doit être client OpenVPN,
              • en 2, le trafic doit être redirigé via ce tunnel OpenVPN.
                La bonne méthode est donc
              • en 1, s'assurer que le tunnel OpenVPN est correct
              • en 2, rediriger via OpenVPN.

              De mon point de vue,

              • le tunnel est incorrect : les erreurs HMAC sont liées au tunnel OpenVPN : cf https://openvpn.net/index.php/open-source/documentation/security-overview.html
              • la redirection du flux ne devrait pas reposer sur NAT outbound mais sur un choix de gateway (policy routing).

              Le fait qu'il y ait duplication de paquets (même ping = icmp request) est un indice que la redirection ne fonctionne pas.

              Albert EINSTEIN : Si vous ne pouvez pas l'exprimer simplement, c'est que vous ne le comprenez pas assez bien. (If you can’t explain it simply, you don’t understand it well enough.)

              1 Reply Last reply Reply Quote 0
              • F
                fab_d
                last edited by

                @chris4916:

                @fab_d:

                Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
                sans la configuration de cette partie, ça risque d'être dur :-)

                "Redirect gateway" se configure coté serveur et permet de forcer les clients à utiliser le tunnel, autrement dit, de ne pas permettre à un client qui a activé le tunnel VPN de communiquer en dehors du tunnel.

                Coté client, il n'y a normalement rien à faire, AMHA  8)

                oups, j'ai lu un peu trop vite entre les lignes hier et ne me suis pas rendu compte qu'il était mode "client"
                désolé pour l'erreur ! et merci à chris4916 de m'avoir repris sur cette erreur :)

                1 Reply Last reply Reply Quote 0
                • C
                  chris4916
                  last edited by

                  @jdh:

                  (tocks débute par une présentation impeccable de son problème : bravo ! Personne ne peut plus écrire que ce n'est pas possible d'utiliser le formulaire !)

                  je ne crois pas que quiconque ait jamais écrit que c'était impossible  ::)

                  • la redirection du flux ne devrait pas reposer sur NAT outbound mais sur un choix de gateway (policy routing).

                  je le pense aussi mais ce n'est utile, dans ma compréhension, que pour dire "si le tunnel tombe, je ne veux pas avoir d'accès internet" car le type de service VPN choisi est justement configuré, au niveau du serveur, pour forcer la default gateway du client, et donc tout le flux sortant, vers le tunnel.

                  Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                  1 Reply Last reply Reply Quote 0
                  • T
                    tocks
                    last edited by

                    Merci pour tous vos retours.

                    J'ai donc bien avancé grâce à vous, nous avons deja trouvé un problème de configuration sur le vpn client.

                    Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
                    Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA384'
                    Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
                    Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1585'
                    

                    J'ai donc modifier pour que les cryptage soit en concordance.

                    Maintenant un pc du lan passe bien par le vpn client : testé ip avec site monip.com

                    Mais maintenant le log openvpn est toujours très verbeux

                    Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #86 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #85 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #84 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #83 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #82 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:23 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #81 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #80 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #79 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:20 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #78 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:17 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #77 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:14 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #76 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: Client disconnected
                    Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: CMD 'status 2'
                    Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: CMD 'state 1'
                    Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
                    Jun 17 14:19:11 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #75 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:09 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #74 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #73 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #72 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #71 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #70 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #69 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #68 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #67 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #66 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #65 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #64 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #63 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #62 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #61 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #60 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #59 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #58 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #57 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:05 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #56 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #55 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #54 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #53 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #52 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #51 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #50 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #49 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #48 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #47 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #46 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #45 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #44 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #43 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #42 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #41 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #40 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #39 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #38 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #37 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #36 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #35 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #34 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #33 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #32 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #31 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #30 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #29 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #27 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #26 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #25 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #24 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:59 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #23 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:56 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #22 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:53 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:50 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #20 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:47 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:44 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:41 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:37 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #16 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:34 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #15 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:31 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #14 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:28 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #13 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:25 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #12 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:19 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:16 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #9 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:13 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #8 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:10 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #6 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #5 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:18:00 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:17:59 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:17:57 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:17:54 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                    Jun 17 14:17:54 	openvpn 	7387 	Initialization Sequence Completed
                    Jun 17 14:17:54 	openvpn 	7387 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1585 46.246.83.111 255.255.255.224 init
                    Jun 17 14:17:54 	openvpn 	7387 	/sbin/ifconfig ovpnc1 inet6 2a00:1a28:1558:11::100d/64
                    Jun 17 14:17:54 	openvpn 	7387 	/sbin/route add -net 46.246.83.96 46.246.83.111 255.255.255.224
                    Jun 17 14:17:54 	openvpn 	7387 	/sbin/ifconfig ovpnc1 46.246.83.111 46.246.83.97 mtu 1500 netmask 255.255.255.224 up
                    Jun 17 14:17:54 	openvpn 	7387 	do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
                    Jun 17 14:17:54 	openvpn 	7387 	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
                    Jun 17 14:17:54 	openvpn 	7387 	TUN/TAP device /dev/tun1 opened
                    Jun 17 14:17:54 	openvpn 	7387 	TUN/TAP device ovpnc1 exists previously, keep at program end
                    Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: route-related options modified
                    Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: --ifconfig/up options modified
                    Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: timers and/or timeouts modified
                    Jun 17 14:17:54 	openvpn 	7387 	Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.3.11)
                    Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
                    Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
                    Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
                    Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
                    Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
                    Jun 17 14:17:54 	openvpn 	7387 	PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a00:1a28:1558:11::100d/64 2a00:1a28:1558:11::1,dhcp-option DNS 46.246.83.97,redirect-gateway def1,redirect-gateway ipv6,redirect-gateway def1,route-ipv6 2000::/3,block-outside-dns,tun-ipv6,route-gateway 46.246.83.97,topology subnet,ping 10,ping-restart 160,ifconfig 46.246.83.111 255.255.255.224'
                    Jun 17 14:17:54 	openvpn 	7387 	SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
                    Jun 17 14:17:52 	openvpn 	7387 	[server] Peer Connection Initiated with [AF_INET]178.73.195.106:1205
                    Jun 17 14:17:52 	openvpn 	7387 	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
                    Jun 17 14:17:52 	openvpn 	7387 	Data Channel Decrypt: Using 384 bit message hash 'SHA384' for HMAC authentication
                    Jun 17 14:17:52 	openvpn 	7387 	Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
                    Jun 17 14:17:52 	openvpn 	7387 	Data Channel Encrypt: Using 384 bit message hash 'SHA384' for HMAC authentication
                    Jun 17 14:17:52 	openvpn 	7387 	Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
                    Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: depth=0, C=SE, ST=QQ, L=FrootTown, O=FrootOrg, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
                    Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: nsCertType=SERVER
                    Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: depth=1, C=SE, ST=QQ, L=FrootTown, O=FrootOrg, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
                    Jun 17 14:17:51 	openvpn 	7387 	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
                    Jun 17 14:17:51 	openvpn 	7387 	TLS: Initial packet from [AF_INET]178.73.195.106:1205, sid=4c635913 030101ec
                    Jun 17 14:17:51 	openvpn 	7387 	UDPv4 link remote: [AF_INET]178.73.195.106:1205
                    Jun 17 14:17:51 	openvpn 	7387 	UDPv4 link local (bound): [AF_INET]192.168.0.15
                    Jun 17 14:17:44 	openvpn 	7387 	Socket Buffers: R=[42080->42080] S=[57344->57344]
                    Jun 17 14:17:44 	openvpn 	7387 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                    Jun 17 14:17:44 	openvpn 	7387 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
                    Jun 17 14:17:44 	openvpn 	6716 	WARNING: file '/etc/frootvpn-password.txt' is group or others accessible
                    Jun 17 14:17:44 	openvpn 	6716 	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
                    Jun 17 14:17:44 	openvpn 	6716 	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016 
                    

                    Je pense que comme vous me l'avez dit, je doit m’assurer que le VPN ce monte bien avant d’allée plus loin.

                    J'ai donc désactivé les rules et le nat, histoire de partir sur de bonnes bases:

                    Maintenant, je test un pin a partir du wan, et la j'ai direct des DUP

                    Il y a donc un problème sur le WAN. Mais je ne sais pas quoi …

                    Après test d'un ping en passant par le VPN :

                    Pas de soucis.

                    Avez vous des idées, pour ces deux problèmes : Authenticate/Decrypt packet error: bad packet ID et les DUP sur l'interface WAN ?

                    Merci encore pour le temps que vous me consacrez

                    1 Reply Last reply Reply Quote 0
                    • T
                      tocks
                      last edited by

                      Je vais rajouter des information car plus d'info vaut mieux que pas assez.

                      Les logs que je vous ais posté viennent de ma plateforme de dev

                      virtualbox, avec la carte wan en pont a pont

                      Je viens de monter pfsense sur mon esxi qui lui seras ma prod.

                      Et bien je n'ai pas les erreurs dans les log openvpn et je n'ai pas de dup lorsque je ping du WAN ou du VPN.

                      Pensez vous que cela peut venir de virtualbox ?

                      Et pensez vous que tu coup je peux laisser ces erreurs de coté sachant que c'est ma dev et que sur la prod je ne les ais pas ?

                      1 Reply Last reply Reply Quote 0
                      • C
                        chris4916
                        last edited by

                        @tocks:

                        Les logs que je vous ais posté viennent de ma plateforme de dev
                        virtualbox, avec la carte wan en pont a pont
                        Je viens de monter pfsense sur mon esxi qui lui seras ma prod.
                        Et bien je n'ai pas les erreurs dans les log openvpn et je n'ai pas de dup lorsque je ping du WAN ou du VPN.
                        Pensez vous que cela peut venir de virtualbox ?
                        Et pensez vous que tu coup je peux laisser ces erreurs de coté sachant que c'est ma dev et que sur la prod je ne les ais pas ?

                        Comme quoi même en faisant un topic initial avec tout plein d'informations, on passe parfois à coté de choses potentiellement importantes.

                        Je n'ai pas d'avis sur l'aspect VM, désolé.
                        C'est souvent trop compliqué pour moi  ;)

                        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                        1 Reply Last reply Reply Quote 0
                        • J
                          jdh
                          last edited by

                          Le fait de préciser 'pfSense est une VM' est essentiel ! (devrait être toujours indiqué dès le formulaire)

                          Mais ici, c'est bien pfSense qui envoie ou reçoit 2 paquets (DUP).
                          Je suspecte d'abord de mauvais réglages d'Outbound NAT …

                          Albert EINSTEIN : Si vous ne pouvez pas l'exprimer simplement, c'est que vous ne le comprenez pas assez bien. (If you can’t explain it simply, you don’t understand it well enough.)

                          1 Reply Last reply Reply Quote 0
                          • T
                            tocks
                            last edited by

                            Merci pour tous vos retour. Je n'ai pas de soucis de DUP sur ma production. Je vais donc configurer directement sur ma production qui est sur un esxi.

                            Pour l'instant tous le trafic qui sort du LAN passe bien par mon client VPN.

                            Je vous propose donc de refaire le point sur ma configuration actuel

                            subnet WAN : 192.168.0.0 /24
                            subnet LAN : 192.168.1.0/24
                            Ip pfsense dans le lan : 192.168.0.77
                            Ip pfsense dans le wan 192.168.1.254

                            Configuration du NAT :

                            Configuration des rules :

                            1. cela vous semble t'il correct pour continuer la configuration de pfsense ? Vous me proposez plutôt d'utiliser des routes static au lieu de nat outbound, mais je ne sais pas comment le configurer.

                            2. Cela fait plusieurs jours que je lis de la documentation sur pfsense, et tous n'est pas très claire poour moi. On est bien d'accord que pfsense applique le NAT Avant les Rules ? Ne vaut il donc pas lausser tous passer dans les rules pour être sur qu ele NAT est bien configurer et après remettre le blocage sur les RULES et affiner ?  Car la je passe mon temps a essayer de chôses des deux coté et je pense que c'est pas la bonne technique.

                            Après pour les rules, Elle sont appliqué de haut en bas ou de bas en haut. J'ai trouvé les deux réponses sur le net ?

                            1. J'ai essayé de configurer les rules pour pouvoir accéder à l'interface de configuration de pfsense du WAN, mais sans y arriver. Cela serait quand même beaucoup plus pratique pour moi.

                            2. Je souhaite que le LAN puisse accéder a toutes les machines du WAN, j'ai également essayer plusieurs règles sans succès ?

                            3. Je souhaite que le WAN puisse accéder a toutes les machines du LAN.

                            Merci pour votre aide

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.