OpenVPN / Bekomme keine Verbindung
-
Hallo,
ich bekomme einfach keine Verbindung mit dem Server.
Meine Konfiguration:
FritzBox 7390 > Exposed Host zu pfsense (APU1.D4)Mon Jun 20 08:59:05 2016 us=531616 Current Parameter Settings: Mon Jun 20 08:59:05 2016 us=532645 config = '/var/etc/openvpn/client1.conf' Mon Jun 20 08:59:05 2016 us=532703 mode = 0 Mon Jun 20 08:59:05 2016 us=532803 show_ciphers = DISABLED Mon Jun 20 08:59:05 2016 us=532866 show_digests = DISABLED Mon Jun 20 08:59:05 2016 us=532964 show_engines = DISABLED Mon Jun 20 08:59:05 2016 us=533061 genkey = DISABLED Mon Jun 20 08:59:05 2016 us=533158 key_pass_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=533254 show_tls_ciphers = DISABLED Mon Jun 20 08:59:05 2016 us=533336 Connection profiles [default]: Mon Jun 20 08:59:05 2016 us=533433 proto = udp Mon Jun 20 08:59:05 2016 us=533529 local = '192.168.1.1' Mon Jun 20 08:59:05 2016 us=533579 local_port = 0 Mon Jun 20 08:59:05 2016 us=533675 remote = '193.138.222.252' Mon Jun 20 08:59:05 2016 us=533770 remote_port = 1194 Mon Jun 20 08:59:05 2016 us=533820 remote_float = DISABLED Mon Jun 20 08:59:05 2016 us=533871 bind_defined = DISABLED Mon Jun 20 08:59:05 2016 us=533909 bind_local = ENABLED Mon Jun 20 08:59:05 2016 us=533947 connect_retry_seconds = 5 Mon Jun 20 08:59:05 2016 us=533984 connect_timeout = 10 Mon Jun 20 08:59:05 2016 us=534022 connect_retry_max = 0 Mon Jun 20 08:59:05 2016 us=534060 socks_proxy_server = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=534098 socks_proxy_port = 0 Mon Jun 20 08:59:05 2016 us=534136 socks_proxy_retry = DISABLED Mon Jun 20 08:59:05 2016 us=534173 tun_mtu = 1500 Mon Jun 20 08:59:05 2016 us=534210 tun_mtu_defined = ENABLED Mon Jun 20 08:59:05 2016 us=534248 link_mtu = 1500 Mon Jun 20 08:59:05 2016 us=534286 link_mtu_defined = DISABLED Mon Jun 20 08:59:05 2016 us=534323 tun_mtu_extra = 0 Mon Jun 20 08:59:05 2016 us=534360 tun_mtu_extra_defined = DISABLED Mon Jun 20 08:59:05 2016 us=534398 mtu_discover_type = -1 Mon Jun 20 08:59:05 2016 us=534435 fragment = 0 Mon Jun 20 08:59:05 2016 us=534472 mssfix = 1450 Mon Jun 20 08:59:05 2016 us=534509 explicit_exit_notification = 0 Mon Jun 20 08:59:05 2016 us=534546 Connection profiles END Mon Jun 20 08:59:05 2016 us=534583 remote_random = DISABLED Mon Jun 20 08:59:05 2016 us=534621 ipchange = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=534658 dev = 'ovpnc1' Mon Jun 20 08:59:05 2016 us=534694 dev_type = 'tun' Mon Jun 20 08:59:05 2016 us=534732 dev_node = '/dev/tun1' Mon Jun 20 08:59:05 2016 us=534769 lladdr = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=534806 topology = 1 Mon Jun 20 08:59:05 2016 us=534858 tun_ipv6 = ENABLED Mon Jun 20 08:59:05 2016 us=534896 ifconfig_local = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=534934 ifconfig_remote_netmask = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=534971 ifconfig_noexec = DISABLED Mon Jun 20 08:59:05 2016 us=535008 ifconfig_nowarn = DISABLED Mon Jun 20 08:59:05 2016 us=535046 ifconfig_ipv6_local = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=535083 ifconfig_ipv6_netbits = 0 Mon Jun 20 08:59:05 2016 us=535121 ifconfig_ipv6_remote = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=535158 shaper = 0 Mon Jun 20 08:59:05 2016 us=535195 mtu_test = 0 Mon Jun 20 08:59:05 2016 us=535232 mlock = DISABLED Mon Jun 20 08:59:05 2016 us=535270 keepalive_ping = 10 Mon Jun 20 08:59:05 2016 us=535307 keepalive_timeout = 60 Mon Jun 20 08:59:05 2016 us=535343 inactivity_timeout = 0 Mon Jun 20 08:59:05 2016 us=535381 ping_send_timeout = 10 Mon Jun 20 08:59:05 2016 us=535418 ping_rec_timeout = 60 Mon Jun 20 08:59:05 2016 us=535456 ping_rec_timeout_action = 2 Mon Jun 20 08:59:05 2016 us=535493 ping_timer_remote = ENABLED Mon Jun 20 08:59:05 2016 us=535531 remap_sigusr1 = 0 Mon Jun 20 08:59:05 2016 us=535567 persist_tun = ENABLED Mon Jun 20 08:59:05 2016 us=535605 persist_local_ip = DISABLED Mon Jun 20 08:59:05 2016 us=535642 persist_remote_ip = DISABLED Mon Jun 20 08:59:05 2016 us=535679 persist_key = ENABLED Mon Jun 20 08:59:05 2016 us=535716 passtos = DISABLED Mon Jun 20 08:59:05 2016 us=535754 resolve_retry_seconds = 1000000000 Mon Jun 20 08:59:05 2016 us=535791 username = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=535828 groupname = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=535957 chroot_dir = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=535997 cd_dir = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=536035 writepid = '/var/run/openvpn_client1.pid' Mon Jun 20 08:59:05 2016 us=536073 up_script = '/usr/local/sbin/ovpn-linkup' Mon Jun 20 08:59:05 2016 us=536111 down_script = '/usr/local/sbin/ovpn-linkdown' Mon Jun 20 08:59:05 2016 us=536149 down_pre = DISABLED Mon Jun 20 08:59:05 2016 us=536186 up_restart = DISABLED Mon Jun 20 08:59:05 2016 us=536224 up_delay = DISABLED Mon Jun 20 08:59:05 2016 us=536261 daemon = ENABLED Mon Jun 20 08:59:05 2016 us=536298 inetd = 0 Mon Jun 20 08:59:05 2016 us=536335 log = ENABLED Mon Jun 20 08:59:05 2016 us=536373 suppress_timestamps = DISABLED Mon Jun 20 08:59:05 2016 us=536410 nice = 0 Mon Jun 20 08:59:05 2016 us=536447 verbosity = 6 Mon Jun 20 08:59:05 2016 us=536484 mute = 0 Mon Jun 20 08:59:05 2016 us=536522 gremlin = 0 Mon Jun 20 08:59:05 2016 us=536559 status_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=536597 status_file_version = 1 Mon Jun 20 08:59:05 2016 us=536635 status_file_update_freq = 60 Mon Jun 20 08:59:05 2016 us=536672 occ = ENABLED Mon Jun 20 08:59:05 2016 us=536709 rcvbuf = 0 Mon Jun 20 08:59:05 2016 us=536746 sndbuf = 0 Mon Jun 20 08:59:05 2016 us=536783 sockflags = 0 Mon Jun 20 08:59:05 2016 us=536821 fast_io = DISABLED Mon Jun 20 08:59:05 2016 us=536871 lzo = 7 Mon Jun 20 08:59:05 2016 us=536909 route_script = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=536947 route_default_gateway = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=536985 route_default_metric = 0 Mon Jun 20 08:59:05 2016 us=537022 route_noexec = DISABLED Mon Jun 20 08:59:05 2016 us=537060 route_delay = 2 Mon Jun 20 08:59:05 2016 us=537098 route_delay_window = 30 Mon Jun 20 08:59:05 2016 us=537135 route_delay_defined = ENABLED Mon Jun 20 08:59:05 2016 us=537174 route_nopull = DISABLED Mon Jun 20 08:59:05 2016 us=537212 route_gateway_via_dhcp = DISABLED Mon Jun 20 08:59:05 2016 us=537251 max_routes = 100 Mon Jun 20 08:59:05 2016 us=537288 allow_pull_fqdn = DISABLED Mon Jun 20 08:59:05 2016 us=537327 [redirect_default_gateway local=0] Mon Jun 20 08:59:05 2016 us=537367 management_addr = '/var/etc/openvpn/client1.sock' Mon Jun 20 08:59:05 2016 us=537405 management_port = 0 Mon Jun 20 08:59:05 2016 us=537442 management_user_pass = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=537480 management_log_history_cache = 250 Mon Jun 20 08:59:05 2016 us=537518 management_echo_buffer_size = 100 Mon Jun 20 08:59:05 2016 us=537568 management_write_peer_info_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=537607 management_client_user = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=537645 management_client_group = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=537683 management_flags = 256 Mon Jun 20 08:59:05 2016 us=537721 shared_secret_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=537759 key_direction = 2 Mon Jun 20 08:59:05 2016 us=537797 ciphername_defined = ENABLED Mon Jun 20 08:59:05 2016 us=537844 ciphername = 'AES-256-CBC' Mon Jun 20 08:59:05 2016 us=537882 authname_defined = ENABLED Mon Jun 20 08:59:05 2016 us=537920 authname = 'SHA1' Mon Jun 20 08:59:05 2016 us=537958 prng_hash = 'SHA1' Mon Jun 20 08:59:05 2016 us=537996 prng_nonce_secret_len = 16 Mon Jun 20 08:59:05 2016 us=538034 keysize = 0 Mon Jun 20 08:59:05 2016 us=538072 engine = DISABLED Mon Jun 20 08:59:05 2016 us=538110 replay = ENABLED Mon Jun 20 08:59:05 2016 us=538148 mute_replay_warnings = DISABLED Mon Jun 20 08:59:05 2016 us=538186 replay_window = 64 Mon Jun 20 08:59:05 2016 us=538223 replay_time = 15 Mon Jun 20 08:59:05 2016 us=538261 packet_id_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538299 use_iv = ENABLED Mon Jun 20 08:59:05 2016 us=538336 test_crypto = DISABLED Mon Jun 20 08:59:05 2016 us=538374 tls_server = DISABLED Mon Jun 20 08:59:05 2016 us=538412 tls_client = ENABLED Mon Jun 20 08:59:05 2016 us=538450 key_method = 2 Mon Jun 20 08:59:05 2016 us=538488 ca_file = '/var/etc/openvpn/client1.ca' Mon Jun 20 08:59:05 2016 us=538591 ca_path = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538630 dh_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538668 cert_file = '/var/etc/openvpn/client1.cert' Mon Jun 20 08:59:05 2016 us=538707 extra_certs_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538745 priv_key_file = '/var/etc/openvpn/client1.key' Mon Jun 20 08:59:05 2016 us=538784 pkcs12_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538822 cipher_list = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538872 tls_verify = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538910 tls_export_cert = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=538948 verify_x509_type = 0 Mon Jun 20 08:59:05 2016 us=538986 verify_x509_name = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=539024 crl_file = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=539062 ns_cert_type = 1 Mon Jun 20 08:59:05 2016 us=539099 remote_cert_ku[i] = 160 Mon Jun 20 08:59:05 2016 us=539137 remote_cert_ku[i] = 136 Mon Jun 20 08:59:05 2016 us=539174 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539212 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539249 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539287 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539324 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539361 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539399 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539437 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539474 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539512 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539549 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539586 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539623 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539660 remote_cert_ku[i] = 0 Mon Jun 20 08:59:05 2016 us=539698 remote_cert_eku = 'TLS Web Server Authentication' Mon Jun 20 08:59:05 2016 us=539736 ssl_flags = 0 Mon Jun 20 08:59:05 2016 us=539774 tls_timeout = 2 Mon Jun 20 08:59:05 2016 us=539811 renegotiate_bytes = 0 Mon Jun 20 08:59:05 2016 us=539860 renegotiate_packets = 0 Mon Jun 20 08:59:05 2016 us=539898 renegotiate_seconds = 3600 Mon Jun 20 08:59:05 2016 us=539936 handshake_window = 60 Mon Jun 20 08:59:05 2016 us=539974 transition_window = 3600 Mon Jun 20 08:59:05 2016 us=540012 single_session = DISABLED Mon Jun 20 08:59:05 2016 us=540049 push_peer_info = DISABLED Mon Jun 20 08:59:05 2016 us=540087 tls_exit = DISABLED Mon Jun 20 08:59:05 2016 us=540125 tls_auth_file = '/var/etc/openvpn/client1.tls-auth' Mon Jun 20 08:59:05 2016 us=540226 server_network = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=540316 server_netmask = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=540409 server_network_ipv6 = :: Mon Jun 20 08:59:05 2016 us=540449 server_netbits_ipv6 = 0 Mon Jun 20 08:59:05 2016 us=540539 server_bridge_ip = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=540581 server_bridge_netmask = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=540672 server_bridge_pool_start = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=540713 server_bridge_pool_end = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=540752 ifconfig_pool_defined = DISABLED Mon Jun 20 08:59:05 2016 us=540841 ifconfig_pool_start = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=540942 ifconfig_pool_end = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=541031 ifconfig_pool_netmask = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=541071 ifconfig_pool_persist_filename = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=541108 ifconfig_pool_persist_refresh_freq = 600 Mon Jun 20 08:59:05 2016 us=541147 ifconfig_ipv6_pool_defined = DISABLED Mon Jun 20 08:59:05 2016 us=541188 ifconfig_ipv6_pool_base = :: Mon Jun 20 08:59:05 2016 us=541226 ifconfig_ipv6_pool_netbits = 0 Mon Jun 20 08:59:05 2016 us=541263 n_bcast_buf = 256 Mon Jun 20 08:59:05 2016 us=541301 tcp_queue_limit = 64 Mon Jun 20 08:59:05 2016 us=541339 real_hash_size = 256 Mon Jun 20 08:59:05 2016 us=541376 virtual_hash_size = 256 Mon Jun 20 08:59:05 2016 us=541415 client_connect_script = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=541452 learn_address_script = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=541552 client_disconnect_script = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=541593 client_config_dir = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=541630 ccd_exclusive = DISABLED Mon Jun 20 08:59:05 2016 us=541668 tmp_dir = '/tmp' Mon Jun 20 08:59:05 2016 us=541705 push_ifconfig_defined = DISABLED Mon Jun 20 08:59:05 2016 us=541747 push_ifconfig_local = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=541852 push_ifconfig_remote_netmask = 0.0.0.0 Mon Jun 20 08:59:05 2016 us=541892 push_ifconfig_ipv6_defined = DISABLED Mon Jun 20 08:59:05 2016 us=541982 push_ifconfig_ipv6_local = ::/0 Mon Jun 20 08:59:05 2016 us=542023 push_ifconfig_ipv6_remote = :: Mon Jun 20 08:59:05 2016 us=542112 enable_c2c = DISABLED Mon Jun 20 08:59:05 2016 us=542150 duplicate_cn = DISABLED Mon Jun 20 08:59:05 2016 us=542189 cf_max = 0 Mon Jun 20 08:59:05 2016 us=542227 cf_per = 0 Mon Jun 20 08:59:05 2016 us=542264 max_clients = 1024 Mon Jun 20 08:59:05 2016 us=542303 max_routes_per_client = 256 Mon Jun 20 08:59:05 2016 us=542342 auth_user_pass_verify_script = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=542380 auth_user_pass_verify_script_via_file = DISABLED Mon Jun 20 08:59:05 2016 us=542418 port_share_host = '[UNDEF]' Mon Jun 20 08:59:05 2016 us=542456 port_share_port = 0 Mon Jun 20 08:59:05 2016 us=542495 client = ENABLED Mon Jun 20 08:59:05 2016 us=542532 pull = ENABLED Mon Jun 20 08:59:05 2016 us=542571 auth_user_pass_file = '/etc/openvpn-password.txt' Mon Jun 20 08:59:05 2016 us=542672 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016 Mon Jun 20 08:59:05 2016 us=542772 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09 Mon Jun 20 08:59:05 2016 us=542853 WARNING: file '/etc/openvpn-password.txt' is group or others accessible Mon Jun 20 08:59:05 2016 us=545181 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock Mon Jun 20 08:59:05 2016 us=545444 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Jun 20 08:59:05 2016 us=549486 Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file Mon Jun 20 08:59:05 2016 us=549617 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jun 20 08:59:05 2016 us=549684 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jun 20 08:59:05 2016 us=549825 LZO compression initialized Mon Jun 20 08:59:05 2016 us=550210 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ] Mon Jun 20 08:59:05 2016 us=550353 Socket Buffers: R=[42080->42080] S=[57344->57344] Mon Jun 20 08:59:05 2016 us=550469 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Mon Jun 20 08:59:05 2016 us=550604 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Mon Jun 20 08:59:05 2016 us=550701 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Mon Jun 20 08:59:05 2016 us=550844 Local Options hash (VER=V4): '9e7066d2' Mon Jun 20 08:59:05 2016 us=550980 Expected Remote Options hash (VER=V4): '162b04de' Mon Jun 20 08:59:05 2016 us=551133 UDPv4 link local (bound): [AF_INET]192.168.1.1 Mon Jun 20 08:59:05 2016 us=551196 UDPv4 link remote: [AF_INET]193.222.222.222:1194 Mon Jun 20 08:59:05 2016 us=551375 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Mon Jun 20 08:59:07 2016 us=843131 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Mon Jun 20 08:59:10 2016 us=617192 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Mon Jun 20 08:59:10 2016 us=617447 MANAGEMENT: CMD 'state 1' Mon Jun 20 08:59:10 2016 us=617992 MANAGEMENT: Client disconnected Mon Jun 20 08:59:11 2016 us=750093 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Mon Jun 20 08:59:19 2016 us=900037 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 Mon Jun 20 08:59:35 2016 us=411536 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:00:05 2016 us=50084 [UNDEF] Inactivity timeout (--ping-restart), restarting Mon Jun 20 09:00:05 2016 us=50533 TCP/UDP: Closing socket Mon Jun 20 09:00:05 2016 us=50652 SIGUSR1[soft,ping-restart] received, process restarting Mon Jun 20 09:00:05 2016 us=50748 Restart pause, 2 second(s) Mon Jun 20 09:00:07 2016 us=53985 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Jun 20 09:00:07 2016 us=54131 Re-using SSL/TLS context Mon Jun 20 09:00:07 2016 us=54272 LZO compression initialized Mon Jun 20 09:00:07 2016 us=54570 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ] Mon Jun 20 09:00:07 2016 us=54715 Socket Buffers: R=[42080->42080] S=[57344->57344] Mon Jun 20 09:00:07 2016 us=54852 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Mon Jun 20 09:00:07 2016 us=54985 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Mon Jun 20 09:00:07 2016 us=55076 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Mon Jun 20 09:00:07 2016 us=55194 Local Options hash (VER=V4): '9e7066d2' Mon Jun 20 09:00:07 2016 us=55303 Expected Remote Options hash (VER=V4): '162b04de' Mon Jun 20 09:00:07 2016 us=55399 UDPv4 link local (bound): [AF_INET]192.168.1.1 Mon Jun 20 09:00:07 2016 us=55494 UDPv4 link remote: [AF_INET]193.222.222.222:1194 Mon Jun 20 09:00:07 2016 us=55644 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:00:09 2016 us=300112 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:00:13 2016 us=788064 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:00:21 2016 us=972569 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:00:37 2016 us=939435 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:01:07 2016 us=627045 [UNDEF] Inactivity timeout (--ping-restart), restarting Mon Jun 20 09:01:07 2016 us=627340 TCP/UDP: Closing socket Mon Jun 20 09:01:07 2016 us=627498 SIGUSR1[soft,ping-restart] received, process restarting Mon Jun 20 09:01:07 2016 us=627610 Restart pause, 2 second(s) Mon Jun 20 09:01:09 2016 us=630002 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Jun 20 09:01:09 2016 us=630134 Re-using SSL/TLS context Mon Jun 20 09:01:09 2016 us=630274 LZO compression initialized Mon Jun 20 09:01:09 2016 us=630538 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ] Mon Jun 20 09:01:09 2016 us=630682 Socket Buffers: R=[42080->42080] S=[57344->57344] Mon Jun 20 09:01:09 2016 us=630820 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] Mon Jun 20 09:01:09 2016 us=630966 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Mon Jun 20 09:01:09 2016 us=631009 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Mon Jun 20 09:01:09 2016 us=631169 Local Options hash (VER=V4): '9e7066d2' Mon Jun 20 09:01:09 2016 us=631281 Expected Remote Options hash (VER=V4): '162b04de' Mon Jun 20 09:01:09 2016 us=631393 UDPv4 link local (bound): [AF_INET]192.168.1.1 Mon Jun 20 09:01:09 2016 us=631488 UDPv4 link remote: [AF_INET]193.222.222.222:1194 Mon Jun 20 09:01:09 2016 us=631639 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:01:12 2016 us=95103 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:01:17 2016 us=20296 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Mon Jun 20 09:01:25 2016 us=16108 UDPv4 WRITE [42] to [AF_INET]193.222.222.222:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 ![Interfaces.JPG](/public/_imported_attachments_/1/Interfaces.JPG) ![Interfaces.JPG_thumb](/public/_imported_attachments_/1/Interfaces.JPG_thumb) ![Routing.JPG](/public/_imported_attachments_/1/Routing.JPG) ![Routing.JPG_thumb](/public/_imported_attachments_/1/Routing.JPG_thumb) ![Rules_WAN.JPG](/public/_imported_attachments_/1/Rules_WAN.JPG) ![Rules_WAN.JPG_thumb](/public/_imported_attachments_/1/Rules_WAN.JPG_thumb) ![Rules_LAN.JPG](/public/_imported_attachments_/1/Rules_LAN.JPG) ![Rules_LAN.JPG_thumb](/public/_imported_attachments_/1/Rules_LAN.JPG_thumb) ![Nat.JPG](/public/_imported_attachments_/1/Nat.JPG) ![Nat.JPG_thumb](/public/_imported_attachments_/1/Nat.JPG_thumb)[/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
-
Hallo
ich bekomme einfach keine Verbindung mit dem Server.
Das ist keine sinnvolle Fehlerbeschreibung. So kann man einfach nicht helfen. Einfach nur Logs und Screenshots hier reinzuwürgen bringt nichts, wenn man sich nicht einmal 5min Zeit nimmt, das eigene Problem zu schildern. Ich lege ja auch nicht bei einem Problem mit meinem Staubsauger zwei Photos hin wie ich den angeschlossen hab und sag sonst nichts dazu.
Sorry und Gruß
-
Hallo,
Sorry aber ich hatte gedacht das es so am besten ist die Infos über die Verbindung zu Posten.
Ich versuche es halt schon seit Tagen und es will einfach nicht, keine Ahnung woran es liegt.
Anbieter ist StrongVPN, da bekomme ich aber nur den ca.crt und ta.key (tls), keinen Certificate Private Key.
Die Verbindung habe ich mit einem anderen OpenVPN Client getestet, funktioniert.
Im Log steht:UDPv4 link local (bound): [AF_INET]192.168.70.100
UDPv4 link remote: [AF_INET]193.222.222.222:1194
pid=0 DATA len=0Ist doch ein Verbindungsproblem, oder?
Hier mal die conf:
dev ovpnc1 verb 1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_client1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp cipher BF-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown local 192.168.70.100 tls-client client lport 0 management /var/etc/openvpn/client1.sock unix remote 193.222.222.222 1194 (geändert) ca /var/etc/openvpn/client1.ca cert /var/etc/openvpn/client1.cert key /var/etc/openvpn/client1.key tls-auth /var/etc/openvpn/client1.tls-auth 1 comp-lzo adaptive resolv-retry infinite log /var/etc/openvpn/log_vpn.txt ns-cert-type server auth-user-pass /etc/openvpn-password.txt tls-auth /var/etc/openvpn/client1.tls-auth verb 6
-
Anbieter ist StrongVPN, da bekomme ich aber nur den ca.crt und ta.key (tls), keinen Certificate Private Key.
Stop. Meines Wissens nach bekommt man bei StrongVPN ein Bundle als ZIP. Siehe u.a.
http://swimminginthought.com/pfsense-routing-traffic-strongvpn-openvpn/
da ist nicht nur ta.key und ca.crt drin, sondern logischerweise (ohne gehts ja nicht!) das Zertifikat und der Key für deinen eigenen VPN Client. Der muss sich ja mit einem Zertifikat ausweisen. Also wenn du nur die anfangs genannten 2 Files hast, dann fehlt dir für das Setup definitiv (zumindest IMHO) ein Teil der Konfiguration.
-
In der Zip ist er leider nicht enthalten.
Ich habe den Support mal angeschrieben, melde mich dann wieder.Gruß
-
Hallo,
ich bekomme nur ca.crt, ta.key und die conf Datei für die Verbindung,
damit funktioniert es ja auch auf der Dreambox über dem OpenVPN Plugin.Gruß
-
StrongVPN selbst verweist unter
https://strongvpn.com/setup.html
auf
https://forum.pfsense.org/index.php?topic=29944.0
diesen Forenbeitrag und dort wird ganz klar ein Client Cert installiert. Vielleicht hat sich da auf Seiten StrongVPN was geändert, aber ohne kann ich mir nicht wirklich vorstellen, wie das via Client/Server VPN funktionieren soll. Oder wird dir ein User/Passwort Login mitgegeben?
-
Danke für die Unterstützung, diese Howto kenne ich und so bin ich auch vorgegangen (soweit es geht)
Also da hat sich doch etwas geändert:
- User mit Passwort
- ca.cert
- ta.key
und die Verbindungseinstellungen
-
So, habe nun neue conf-Dateien bekommen.
Zitat vom StrongVPN:This account would not work on pfsense, you'd need to upgrade account to old type package (openvpn with static IP)
In der account.ovpn sind 4 unterschiedliche Ports mit der selben Remote-IP, außerdem liegen in dem Ordner noch ca.crt, open….crt, open...key und ta.key.
VPN-Verbindung kommt zustande, nur wie lenke ich es jetzt auf mein Lokales Netz?
Nat ist deaktiviert, wenn ich VPN aktiviere komme ich auf die FritzBox aber nicht weiter.Ich komme jetzt einfach nicht weiter, bin für jede Hilfe Dankbar!
![vpn rules.JPG](/public/imported_attachments/1/vpn rules.JPG)
![vpn rules.JPG_thumb](/public/imported_attachments/1/vpn rules.JPG_thumb)
![wan rules.JPG](/public/imported_attachments/1/wan rules.JPG)
![wan rules.JPG_thumb](/public/imported_attachments/1/wan rules.JPG_thumb) -
Du musst die Verbindung vom VPN Provider natürlich noch auf dein LAN Natten, damit auch alleine deine Rechner die VPN Verbindung nutzen können.
Die ganzen Pass Rules würde ich erst mal rausnehmen. (Außer beim LAN natürlich.)
Dann schaust du dir mal das an : https://www.infotechwerx.com/blog/Creating-Policy-Route-to-Send-All-Traffic-Host-Through-OpenVPN
Dort siehst du, dass du noch die Outbound NAT Regel für das VPN erstellen musst. Sobald getan sollte eigentlich alles glatt laufen.
Grüße