OpenVPN / Bekomme keine Verbindung



  • Hallo,
    ich bekomme einfach keine Verbindung mit dem Server.
    Meine Konfiguration:
    FritzBox 7390 > Exposed Host zu pfsense (APU1.D4)

    Mon Jun 20 08:59:05 2016 us=531616 Current Parameter Settings:
    Mon Jun 20 08:59:05 2016 us=532645   config = '/var/etc/openvpn/client1.conf'
    Mon Jun 20 08:59:05 2016 us=532703   mode = 0
    Mon Jun 20 08:59:05 2016 us=532803   show_ciphers = DISABLED
    Mon Jun 20 08:59:05 2016 us=532866   show_digests = DISABLED
    Mon Jun 20 08:59:05 2016 us=532964   show_engines = DISABLED
    Mon Jun 20 08:59:05 2016 us=533061   genkey = DISABLED
    Mon Jun 20 08:59:05 2016 us=533158   key_pass_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=533254   show_tls_ciphers = DISABLED
    Mon Jun 20 08:59:05 2016 us=533336 Connection profiles [default]:
    Mon Jun 20 08:59:05 2016 us=533433   proto = udp
    Mon Jun 20 08:59:05 2016 us=533529   local = '192.168.1.1'
    Mon Jun 20 08:59:05 2016 us=533579   local_port = 0
    Mon Jun 20 08:59:05 2016 us=533675   remote = '193.138.222.252'
    Mon Jun 20 08:59:05 2016 us=533770   remote_port = 1194
    Mon Jun 20 08:59:05 2016 us=533820   remote_float = DISABLED
    Mon Jun 20 08:59:05 2016 us=533871   bind_defined = DISABLED
    Mon Jun 20 08:59:05 2016 us=533909   bind_local = ENABLED
    Mon Jun 20 08:59:05 2016 us=533947   connect_retry_seconds = 5
    Mon Jun 20 08:59:05 2016 us=533984   connect_timeout = 10
    Mon Jun 20 08:59:05 2016 us=534022   connect_retry_max = 0
    Mon Jun 20 08:59:05 2016 us=534060   socks_proxy_server = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=534098   socks_proxy_port = 0
    Mon Jun 20 08:59:05 2016 us=534136   socks_proxy_retry = DISABLED
    Mon Jun 20 08:59:05 2016 us=534173   tun_mtu = 1500
    Mon Jun 20 08:59:05 2016 us=534210   tun_mtu_defined = ENABLED
    Mon Jun 20 08:59:05 2016 us=534248   link_mtu = 1500
    Mon Jun 20 08:59:05 2016 us=534286   link_mtu_defined = DISABLED
    Mon Jun 20 08:59:05 2016 us=534323   tun_mtu_extra = 0
    Mon Jun 20 08:59:05 2016 us=534360   tun_mtu_extra_defined = DISABLED
    Mon Jun 20 08:59:05 2016 us=534398   mtu_discover_type = -1
    Mon Jun 20 08:59:05 2016 us=534435   fragment = 0
    Mon Jun 20 08:59:05 2016 us=534472   mssfix = 1450
    Mon Jun 20 08:59:05 2016 us=534509   explicit_exit_notification = 0
    Mon Jun 20 08:59:05 2016 us=534546 Connection profiles END
    Mon Jun 20 08:59:05 2016 us=534583   remote_random = DISABLED
    Mon Jun 20 08:59:05 2016 us=534621   ipchange = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=534658   dev = 'ovpnc1'
    Mon Jun 20 08:59:05 2016 us=534694   dev_type = 'tun'
    Mon Jun 20 08:59:05 2016 us=534732   dev_node = '/dev/tun1'
    Mon Jun 20 08:59:05 2016 us=534769   lladdr = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=534806   topology = 1
    Mon Jun 20 08:59:05 2016 us=534858   tun_ipv6 = ENABLED
    Mon Jun 20 08:59:05 2016 us=534896   ifconfig_local = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=534934   ifconfig_remote_netmask = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=534971   ifconfig_noexec = DISABLED
    Mon Jun 20 08:59:05 2016 us=535008   ifconfig_nowarn = DISABLED
    Mon Jun 20 08:59:05 2016 us=535046   ifconfig_ipv6_local = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=535083   ifconfig_ipv6_netbits = 0
    Mon Jun 20 08:59:05 2016 us=535121   ifconfig_ipv6_remote = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=535158   shaper = 0
    Mon Jun 20 08:59:05 2016 us=535195   mtu_test = 0
    Mon Jun 20 08:59:05 2016 us=535232   mlock = DISABLED
    Mon Jun 20 08:59:05 2016 us=535270   keepalive_ping = 10
    Mon Jun 20 08:59:05 2016 us=535307   keepalive_timeout = 60
    Mon Jun 20 08:59:05 2016 us=535343   inactivity_timeout = 0
    Mon Jun 20 08:59:05 2016 us=535381   ping_send_timeout = 10
    Mon Jun 20 08:59:05 2016 us=535418   ping_rec_timeout = 60
    Mon Jun 20 08:59:05 2016 us=535456   ping_rec_timeout_action = 2
    Mon Jun 20 08:59:05 2016 us=535493   ping_timer_remote = ENABLED
    Mon Jun 20 08:59:05 2016 us=535531   remap_sigusr1 = 0
    Mon Jun 20 08:59:05 2016 us=535567   persist_tun = ENABLED
    Mon Jun 20 08:59:05 2016 us=535605   persist_local_ip = DISABLED
    Mon Jun 20 08:59:05 2016 us=535642   persist_remote_ip = DISABLED
    Mon Jun 20 08:59:05 2016 us=535679   persist_key = ENABLED
    Mon Jun 20 08:59:05 2016 us=535716   passtos = DISABLED
    Mon Jun 20 08:59:05 2016 us=535754   resolve_retry_seconds = 1000000000
    Mon Jun 20 08:59:05 2016 us=535791   username = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=535828   groupname = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=535957   chroot_dir = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=535997   cd_dir = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=536035   writepid = '/var/run/openvpn_client1.pid'
    Mon Jun 20 08:59:05 2016 us=536073   up_script = '/usr/local/sbin/ovpn-linkup'
    Mon Jun 20 08:59:05 2016 us=536111   down_script = '/usr/local/sbin/ovpn-linkdown'
    Mon Jun 20 08:59:05 2016 us=536149   down_pre = DISABLED
    Mon Jun 20 08:59:05 2016 us=536186   up_restart = DISABLED
    Mon Jun 20 08:59:05 2016 us=536224   up_delay = DISABLED
    Mon Jun 20 08:59:05 2016 us=536261   daemon = ENABLED
    Mon Jun 20 08:59:05 2016 us=536298   inetd = 0
    Mon Jun 20 08:59:05 2016 us=536335   log = ENABLED
    Mon Jun 20 08:59:05 2016 us=536373   suppress_timestamps = DISABLED
    Mon Jun 20 08:59:05 2016 us=536410   nice = 0
    Mon Jun 20 08:59:05 2016 us=536447   verbosity = 6
    Mon Jun 20 08:59:05 2016 us=536484   mute = 0
    Mon Jun 20 08:59:05 2016 us=536522   gremlin = 0
    Mon Jun 20 08:59:05 2016 us=536559   status_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=536597   status_file_version = 1
    Mon Jun 20 08:59:05 2016 us=536635   status_file_update_freq = 60
    Mon Jun 20 08:59:05 2016 us=536672   occ = ENABLED
    Mon Jun 20 08:59:05 2016 us=536709   rcvbuf = 0
    Mon Jun 20 08:59:05 2016 us=536746   sndbuf = 0
    Mon Jun 20 08:59:05 2016 us=536783   sockflags = 0
    Mon Jun 20 08:59:05 2016 us=536821   fast_io = DISABLED
    Mon Jun 20 08:59:05 2016 us=536871   lzo = 7
    Mon Jun 20 08:59:05 2016 us=536909   route_script = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=536947   route_default_gateway = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=536985   route_default_metric = 0
    Mon Jun 20 08:59:05 2016 us=537022   route_noexec = DISABLED
    Mon Jun 20 08:59:05 2016 us=537060   route_delay = 2
    Mon Jun 20 08:59:05 2016 us=537098   route_delay_window = 30
    Mon Jun 20 08:59:05 2016 us=537135   route_delay_defined = ENABLED
    Mon Jun 20 08:59:05 2016 us=537174   route_nopull = DISABLED
    Mon Jun 20 08:59:05 2016 us=537212   route_gateway_via_dhcp = DISABLED
    Mon Jun 20 08:59:05 2016 us=537251   max_routes = 100
    Mon Jun 20 08:59:05 2016 us=537288   allow_pull_fqdn = DISABLED
    Mon Jun 20 08:59:05 2016 us=537327   [redirect_default_gateway local=0]
    Mon Jun 20 08:59:05 2016 us=537367   management_addr = '/var/etc/openvpn/client1.sock'
    Mon Jun 20 08:59:05 2016 us=537405   management_port = 0
    Mon Jun 20 08:59:05 2016 us=537442   management_user_pass = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=537480   management_log_history_cache = 250
    Mon Jun 20 08:59:05 2016 us=537518   management_echo_buffer_size = 100
    Mon Jun 20 08:59:05 2016 us=537568   management_write_peer_info_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=537607   management_client_user = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=537645   management_client_group = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=537683   management_flags = 256
    Mon Jun 20 08:59:05 2016 us=537721   shared_secret_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=537759   key_direction = 2
    Mon Jun 20 08:59:05 2016 us=537797   ciphername_defined = ENABLED
    Mon Jun 20 08:59:05 2016 us=537844   ciphername = 'AES-256-CBC'
    Mon Jun 20 08:59:05 2016 us=537882   authname_defined = ENABLED
    Mon Jun 20 08:59:05 2016 us=537920   authname = 'SHA1'
    Mon Jun 20 08:59:05 2016 us=537958   prng_hash = 'SHA1'
    Mon Jun 20 08:59:05 2016 us=537996   prng_nonce_secret_len = 16
    Mon Jun 20 08:59:05 2016 us=538034   keysize = 0
    Mon Jun 20 08:59:05 2016 us=538072   engine = DISABLED
    Mon Jun 20 08:59:05 2016 us=538110   replay = ENABLED
    Mon Jun 20 08:59:05 2016 us=538148   mute_replay_warnings = DISABLED
    Mon Jun 20 08:59:05 2016 us=538186   replay_window = 64
    Mon Jun 20 08:59:05 2016 us=538223   replay_time = 15
    Mon Jun 20 08:59:05 2016 us=538261   packet_id_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538299   use_iv = ENABLED
    Mon Jun 20 08:59:05 2016 us=538336   test_crypto = DISABLED
    Mon Jun 20 08:59:05 2016 us=538374   tls_server = DISABLED
    Mon Jun 20 08:59:05 2016 us=538412   tls_client = ENABLED
    Mon Jun 20 08:59:05 2016 us=538450   key_method = 2
    Mon Jun 20 08:59:05 2016 us=538488   ca_file = '/var/etc/openvpn/client1.ca'
    Mon Jun 20 08:59:05 2016 us=538591   ca_path = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538630   dh_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538668   cert_file = '/var/etc/openvpn/client1.cert'
    Mon Jun 20 08:59:05 2016 us=538707   extra_certs_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538745   priv_key_file = '/var/etc/openvpn/client1.key'
    Mon Jun 20 08:59:05 2016 us=538784   pkcs12_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538822   cipher_list = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538872   tls_verify = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538910   tls_export_cert = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=538948   verify_x509_type = 0
    Mon Jun 20 08:59:05 2016 us=538986   verify_x509_name = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=539024   crl_file = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=539062   ns_cert_type = 1
    Mon Jun 20 08:59:05 2016 us=539099   remote_cert_ku[i] = 160
    Mon Jun 20 08:59:05 2016 us=539137   remote_cert_ku[i] = 136
    Mon Jun 20 08:59:05 2016 us=539174   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539212   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539249   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539287   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539324   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539361   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539399   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539437   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539474   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539512   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539549   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539586   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539623   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539660   remote_cert_ku[i] = 0
    Mon Jun 20 08:59:05 2016 us=539698   remote_cert_eku = 'TLS Web Server Authentication'
    Mon Jun 20 08:59:05 2016 us=539736   ssl_flags = 0
    Mon Jun 20 08:59:05 2016 us=539774   tls_timeout = 2
    Mon Jun 20 08:59:05 2016 us=539811   renegotiate_bytes = 0
    Mon Jun 20 08:59:05 2016 us=539860   renegotiate_packets = 0
    Mon Jun 20 08:59:05 2016 us=539898   renegotiate_seconds = 3600
    Mon Jun 20 08:59:05 2016 us=539936   handshake_window = 60
    Mon Jun 20 08:59:05 2016 us=539974   transition_window = 3600
    Mon Jun 20 08:59:05 2016 us=540012   single_session = DISABLED
    Mon Jun 20 08:59:05 2016 us=540049   push_peer_info = DISABLED
    Mon Jun 20 08:59:05 2016 us=540087   tls_exit = DISABLED
    Mon Jun 20 08:59:05 2016 us=540125   tls_auth_file = '/var/etc/openvpn/client1.tls-auth'
    Mon Jun 20 08:59:05 2016 us=540226   server_network = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=540316   server_netmask = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=540409   server_network_ipv6 = ::
    Mon Jun 20 08:59:05 2016 us=540449   server_netbits_ipv6 = 0
    Mon Jun 20 08:59:05 2016 us=540539   server_bridge_ip = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=540581   server_bridge_netmask = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=540672   server_bridge_pool_start = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=540713   server_bridge_pool_end = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=540752   ifconfig_pool_defined = DISABLED
    Mon Jun 20 08:59:05 2016 us=540841   ifconfig_pool_start = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=540942   ifconfig_pool_end = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=541031   ifconfig_pool_netmask = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=541071   ifconfig_pool_persist_filename = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=541108   ifconfig_pool_persist_refresh_freq = 600
    Mon Jun 20 08:59:05 2016 us=541147   ifconfig_ipv6_pool_defined = DISABLED
    Mon Jun 20 08:59:05 2016 us=541188   ifconfig_ipv6_pool_base = ::
    Mon Jun 20 08:59:05 2016 us=541226   ifconfig_ipv6_pool_netbits = 0
    Mon Jun 20 08:59:05 2016 us=541263   n_bcast_buf = 256
    Mon Jun 20 08:59:05 2016 us=541301   tcp_queue_limit = 64
    Mon Jun 20 08:59:05 2016 us=541339   real_hash_size = 256
    Mon Jun 20 08:59:05 2016 us=541376   virtual_hash_size = 256
    Mon Jun 20 08:59:05 2016 us=541415   client_connect_script = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=541452   learn_address_script = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=541552   client_disconnect_script = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=541593   client_config_dir = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=541630   ccd_exclusive = DISABLED
    Mon Jun 20 08:59:05 2016 us=541668   tmp_dir = '/tmp'
    Mon Jun 20 08:59:05 2016 us=541705   push_ifconfig_defined = DISABLED
    Mon Jun 20 08:59:05 2016 us=541747   push_ifconfig_local = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=541852   push_ifconfig_remote_netmask = 0.0.0.0
    Mon Jun 20 08:59:05 2016 us=541892   push_ifconfig_ipv6_defined = DISABLED
    Mon Jun 20 08:59:05 2016 us=541982   push_ifconfig_ipv6_local = ::/0
    Mon Jun 20 08:59:05 2016 us=542023   push_ifconfig_ipv6_remote = ::
    Mon Jun 20 08:59:05 2016 us=542112   enable_c2c = DISABLED
    Mon Jun 20 08:59:05 2016 us=542150   duplicate_cn = DISABLED
    Mon Jun 20 08:59:05 2016 us=542189   cf_max = 0
    Mon Jun 20 08:59:05 2016 us=542227   cf_per = 0
    Mon Jun 20 08:59:05 2016 us=542264   max_clients = 1024
    Mon Jun 20 08:59:05 2016 us=542303   max_routes_per_client = 256
    Mon Jun 20 08:59:05 2016 us=542342   auth_user_pass_verify_script = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=542380   auth_user_pass_verify_script_via_file = DISABLED
    Mon Jun 20 08:59:05 2016 us=542418   port_share_host = '[UNDEF]'
    Mon Jun 20 08:59:05 2016 us=542456   port_share_port = 0
    Mon Jun 20 08:59:05 2016 us=542495   client = ENABLED
    Mon Jun 20 08:59:05 2016 us=542532   pull = ENABLED
    Mon Jun 20 08:59:05 2016 us=542571   auth_user_pass_file = '/etc/openvpn-password.txt'
    Mon Jun 20 08:59:05 2016 us=542672 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Mon Jun 20 08:59:05 2016 us=542772 library versions: OpenSSL 1.0.1s-freebsd  1 Mar 2016, LZO 2.09
    Mon Jun 20 08:59:05 2016 us=542853 WARNING: file '/etc/openvpn-password.txt' is group or others accessible
    Mon Jun 20 08:59:05 2016 us=545181 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Mon Jun 20 08:59:05 2016 us=545444 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mon Jun 20 08:59:05 2016 us=549486 Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
    Mon Jun 20 08:59:05 2016 us=549617 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Jun 20 08:59:05 2016 us=549684 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Jun 20 08:59:05 2016 us=549825 LZO compression initialized
    Mon Jun 20 08:59:05 2016 us=550210 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
    Mon Jun 20 08:59:05 2016 us=550353 Socket Buffers: R=[42080->42080] S=[57344->57344]
    Mon Jun 20 08:59:05 2016 us=550469 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    Mon Jun 20 08:59:05 2016 us=550604 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Mon Jun 20 08:59:05 2016 us=550701 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Mon Jun 20 08:59:05 2016 us=550844 Local Options hash (VER=V4): '9e7066d2'
    Mon Jun 20 08:59:05 2016 us=550980 Expected Remote Options hash (VER=V4): '162b04de'
    Mon Jun 20 08:59:05 2016 us=551133 UDPv4 link local (bound): [AF_INET]192.168.1.1
    Mon Jun 20 08:59:05 2016 us=551196 UDPv4 link remote: [AF_INET]193.222.222.222:1194
    Mon Jun 20 08:59:05 2016 us=551375 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
    Mon Jun 20 08:59:07 2016 us=843131 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
    Mon Jun 20 08:59:10 2016 us=617192 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    Mon Jun 20 08:59:10 2016 us=617447 MANAGEMENT: CMD 'state 1'
    Mon Jun 20 08:59:10 2016 us=617992 MANAGEMENT: Client disconnected
    Mon Jun 20 08:59:11 2016 us=750093 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
    Mon Jun 20 08:59:19 2016 us=900037 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
    Mon Jun 20 08:59:35 2016 us=411536 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:00:05 2016 us=50084 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Mon Jun 20 09:00:05 2016 us=50533 TCP/UDP: Closing socket
    Mon Jun 20 09:00:05 2016 us=50652 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Jun 20 09:00:05 2016 us=50748 Restart pause, 2 second(s)
    Mon Jun 20 09:00:07 2016 us=53985 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mon Jun 20 09:00:07 2016 us=54131 Re-using SSL/TLS context
    Mon Jun 20 09:00:07 2016 us=54272 LZO compression initialized
    Mon Jun 20 09:00:07 2016 us=54570 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
    Mon Jun 20 09:00:07 2016 us=54715 Socket Buffers: R=[42080->42080] S=[57344->57344]
    Mon Jun 20 09:00:07 2016 us=54852 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    Mon Jun 20 09:00:07 2016 us=54985 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Mon Jun 20 09:00:07 2016 us=55076 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Mon Jun 20 09:00:07 2016 us=55194 Local Options hash (VER=V4): '9e7066d2'
    Mon Jun 20 09:00:07 2016 us=55303 Expected Remote Options hash (VER=V4): '162b04de'
    Mon Jun 20 09:00:07 2016 us=55399 UDPv4 link local (bound): [AF_INET]192.168.1.1
    Mon Jun 20 09:00:07 2016 us=55494 UDPv4 link remote: [AF_INET]193.222.222.222:1194
    Mon Jun 20 09:00:07 2016 us=55644 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:00:09 2016 us=300112 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:00:13 2016 us=788064 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:00:21 2016 us=972569 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:00:37 2016 us=939435 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:01:07 2016 us=627045 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Mon Jun 20 09:01:07 2016 us=627340 TCP/UDP: Closing socket
    Mon Jun 20 09:01:07 2016 us=627498 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Jun 20 09:01:07 2016 us=627610 Restart pause, 2 second(s)
    Mon Jun 20 09:01:09 2016 us=630002 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mon Jun 20 09:01:09 2016 us=630134 Re-using SSL/TLS context
    Mon Jun 20 09:01:09 2016 us=630274 LZO compression initialized
    Mon Jun 20 09:01:09 2016 us=630538 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
    Mon Jun 20 09:01:09 2016 us=630682 Socket Buffers: R=[42080->42080] S=[57344->57344]
    Mon Jun 20 09:01:09 2016 us=630820 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
    Mon Jun 20 09:01:09 2016 us=630966 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Mon Jun 20 09:01:09 2016 us=631009 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Mon Jun 20 09:01:09 2016 us=631169 Local Options hash (VER=V4): '9e7066d2'
    Mon Jun 20 09:01:09 2016 us=631281 Expected Remote Options hash (VER=V4): '162b04de'
    Mon Jun 20 09:01:09 2016 us=631393 UDPv4 link local (bound): [AF_INET]192.168.1.1
    Mon Jun 20 09:01:09 2016 us=631488 UDPv4 link remote: [AF_INET]193.222.222.222:1194
    Mon Jun 20 09:01:09 2016 us=631639 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:01:12 2016 us=95103 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:01:17 2016 us=20296 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
    Mon Jun 20 09:01:25 2016 us=16108 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
    
    ![Interfaces.JPG](/public/_imported_attachments_/1/Interfaces.JPG)
    ![Interfaces.JPG_thumb](/public/_imported_attachments_/1/Interfaces.JPG_thumb)
    ![Routing.JPG](/public/_imported_attachments_/1/Routing.JPG)
    ![Routing.JPG_thumb](/public/_imported_attachments_/1/Routing.JPG_thumb)
    ![Rules_WAN.JPG](/public/_imported_attachments_/1/Rules_WAN.JPG)
    ![Rules_WAN.JPG_thumb](/public/_imported_attachments_/1/Rules_WAN.JPG_thumb)
    ![Rules_LAN.JPG](/public/_imported_attachments_/1/Rules_LAN.JPG)
    ![Rules_LAN.JPG_thumb](/public/_imported_attachments_/1/Rules_LAN.JPG_thumb)
    ![Nat.JPG](/public/_imported_attachments_/1/Nat.JPG)
    ![Nat.JPG_thumb](/public/_imported_attachments_/1/Nat.JPG_thumb)[/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
    

  • Moderator

    Hallo

    ich bekomme einfach keine Verbindung mit dem Server.

    Das ist keine sinnvolle Fehlerbeschreibung. So kann man einfach nicht helfen. Einfach nur Logs und Screenshots hier reinzuwürgen bringt nichts, wenn man sich nicht einmal 5min Zeit nimmt, das eigene Problem zu schildern. Ich lege ja auch nicht bei einem Problem mit meinem Staubsauger zwei Photos hin wie ich den angeschlossen hab und sag sonst nichts dazu.

    Sorry und Gruß



  • Hallo,
    Sorry aber ich hatte gedacht das es so am besten ist die Infos über die Verbindung zu Posten.
    Ich versuche es halt schon seit Tagen und es will einfach nicht, keine Ahnung woran es liegt.
    Anbieter ist StrongVPN, da bekomme ich aber nur den ca.crt und ta.key (tls), keinen Certificate Private Key.
    Die Verbindung habe ich mit einem anderen OpenVPN Client getestet, funktioniert.
    Im Log steht:

    UDPv4 link local (bound): [AF_INET]192.168.70.100
    UDPv4 link remote: [AF_INET]193.222.222.222:1194

    Ist doch ein Verbindungsproblem, oder?

    Hier mal die conf:

    dev ovpnc1
    verb 1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.70.100
    tls-client
    client
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote 193.222.222.222 1194 (geändert)
    ca /var/etc/openvpn/client1.ca 
    cert /var/etc/openvpn/client1.cert 
    key /var/etc/openvpn/client1.key 
    tls-auth /var/etc/openvpn/client1.tls-auth 1
    comp-lzo adaptive
    resolv-retry infinite
    log /var/etc/openvpn/log_vpn.txt
    ns-cert-type server
    auth-user-pass /etc/openvpn-password.txt
    tls-auth /var/etc/openvpn/client1.tls-auth
    verb 6
    









  • Moderator

    Anbieter ist StrongVPN, da bekomme ich aber nur den ca.crt und ta.key (tls), keinen Certificate Private Key.

    Stop. Meines Wissens nach bekommt man bei StrongVPN ein Bundle als ZIP. Siehe u.a.

    http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/

    da ist nicht nur ta.key und ca.crt drin, sondern logischerweise (ohne gehts ja nicht!) das Zertifikat und der Key für deinen eigenen VPN Client. Der muss sich ja mit einem Zertifikat ausweisen. Also wenn du nur die anfangs genannten 2 Files hast, dann fehlt dir für das Setup definitiv (zumindest IMHO) ein Teil der Konfiguration.



  • In der Zip ist er leider nicht enthalten.
    Ich habe den Support mal angeschrieben, melde mich dann wieder.

    Gruß



  • Hallo,
    ich bekomme nur ca.crt, ta.key und die conf Datei für die Verbindung,
    damit funktioniert es ja auch auf der Dreambox über dem OpenVPN Plugin.

    Gruß


  • Moderator

    StrongVPN selbst verweist unter

    https://strongvpn.com/setup.html

    auf

    https://forum.pfsense.org/index.php?topic=29944.0

    diesen Forenbeitrag und dort wird ganz klar ein Client Cert installiert. Vielleicht hat sich da auf Seiten StrongVPN was geändert, aber ohne kann ich mir nicht wirklich vorstellen, wie das via Client/Server VPN funktionieren soll. Oder wird dir ein User/Passwort Login mitgegeben?



  • Danke für die Unterstützung, diese Howto kenne ich und so bin ich auch vorgegangen (soweit es geht)

    Also da hat sich doch etwas geändert:

    • User mit Passwort
    • ca.cert
    • ta.key

    und die Verbindungseinstellungen



  • So, habe nun neue conf-Dateien bekommen.
    Zitat vom StrongVPN:

    This account would not work on pfsense, you'd need to upgrade account to old type package (openvpn with static IP)

    In der account.ovpn sind 4 unterschiedliche Ports mit der selben Remote-IP, außerdem liegen in dem Ordner noch ca.crt, open….crt, open...key und ta.key.

    VPN-Verbindung kommt zustande, nur wie lenke ich es jetzt auf mein Lokales Netz?
    Nat ist deaktiviert, wenn ich VPN aktiviere komme ich auf die FritzBox aber nicht weiter.

    Ich komme jetzt einfach nicht weiter, bin für jede Hilfe Dankbar!







    ![vpn rules.JPG](/public/imported_attachments/1/vpn rules.JPG)
    ![vpn rules.JPG_thumb](/public/imported_attachments/1/vpn rules.JPG_thumb)
    ![wan rules.JPG](/public/imported_attachments/1/wan rules.JPG)
    ![wan rules.JPG_thumb](/public/imported_attachments/1/wan rules.JPG_thumb)



  • Du musst die Verbindung vom VPN Provider natürlich noch auf dein LAN Natten, damit auch alleine deine Rechner die VPN Verbindung nutzen können.

    Die ganzen Pass Rules würde ich erst mal rausnehmen. (Außer beim LAN natürlich.)

    Dann schaust du dir mal das an : https://www.infotechwerx.com/blog/Creating-Policy-Route-to-Send-All-Traffic-Host-Through-OpenVPN

    Dort siehst du, dass du noch die Outbound NAT Regel für das VPN erstellen musst. Sobald getan sollte eigentlich alles glatt laufen.

    Grüße