• Bonjour,

    j'essaies de mettre en place un simple tunnel VPN sur mon PFsense....
    J'ai suivis plusieurs tuto mais sans succès!

    Les infos:

    • pfsense 2.4.5-RELEASE-p1
    • NAT sur routeur UDP1194, TCP443 vers WAN Pfsense
    • Lien DDNS OVH ping 100% OK
    • App officielle OpenVpn sur Android (testé également sur Iphone)
    • Suivit Wizard Pfsense pour création du tunnel

    Je précises que le AAA.AAA.AAA.AA est ma bonne IP publique et XXXXXX est mon nom de domaine qui ping à 100%

    2020-09-26 12:17:08 version officielle 0.7.21 fonctionnant sur samsung SM-G985F (exynos990), Android 10 (QP1A.190711.020) API 29, ABI arm64-v8a, (samsung/y2seea/y2s:10/QP1A.190711.020/G985FXXS4BTHH:user/release-keys)
    2020-09-26 12:17:08 Création de la configuration…
    2020-09-26 12:17:08 started Socket Thread
    2020-09-26 12:17:08 État du réseau : CONNECTED LTE to MOBILE internet.proximus.be
    2020-09-26 12:17:08 Debug state info: CONNECTED LTE to MOBILE internet.proximus.be, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
    2020-09-26 12:17:08 Debug state info: CONNECTED LTE to MOBILE internet.proximus.be, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
    2020-09-26 12:17:08 P:WARNING: linker: Warning: "/data/app/de.blinkt.openvpn-iFoiza3w5PqK99_7eZBeGQ==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
    2020-09-26 12:17:08 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
    2020-09-26 12:17:08 Current Parameter Settings:
    2020-09-26 12:17:08   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
    2020-09-26 12:17:08   mode = 0
    2020-09-26 12:17:08   show_ciphers = DISABLED
    2020-09-26 12:17:08   show_digests = DISABLED
    2020-09-26 12:17:08   show_engines = DISABLED
    2020-09-26 12:17:08   genkey = DISABLED
    2020-09-26 12:17:08   genkey_filename = '[UNDEF]'
    2020-09-26 12:17:08   key_pass_file = '[UNDEF]'
    2020-09-26 12:17:08   show_tls_ciphers = DISABLED
    2020-09-26 12:17:08   connect_retry_max = 0
    2020-09-26 12:17:08 Connection profiles [0]:
    2020-09-26 12:17:08   proto = udp
    2020-09-26 12:17:08   local = '[UNDEF]'
    2020-09-26 12:17:08   local_port = '[UNDEF]'
    2020-09-26 12:17:08   remote = 'XXXXXXXXXXXXXX'
    2020-09-26 12:17:08   remote_port = '1194'
    2020-09-26 12:17:08   remote_float = DISABLED
    2020-09-26 12:17:08   bind_defined = DISABLED
    2020-09-26 12:17:08   bind_local = DISABLED
    2020-09-26 12:17:08   bind_ipv6_only = DISABLED
    2020-09-26 12:17:08   connect_retry_seconds = 2
    2020-09-26 12:17:08   connect_timeout = 120
    2020-09-26 12:17:08   socks_proxy_server = '[UNDEF]'
    2020-09-26 12:17:08   socks_proxy_port = '[UNDEF]'
    2020-09-26 12:17:08   tun_mtu = 1500
    2020-09-26 12:17:08   tun_mtu_defined = ENABLED
    2020-09-26 12:17:08   link_mtu = 1500
    2020-09-26 12:17:08   link_mtu_defined = DISABLED
    2020-09-26 12:17:08   tun_mtu_extra = 0
    2020-09-26 12:17:08   tun_mtu_extra_defined = DISABLED
    2020-09-26 12:17:08   mtu_discover_type = -1
    2020-09-26 12:17:08   fragment = 0
    2020-09-26 12:17:08   mssfix = 1450
    2020-09-26 12:17:08   explicit_exit_notification = 0
    2020-09-26 12:17:08   tls_auth_file = '[INLINE]'
    2020-09-26 12:17:08   key_direction = 1
    2020-09-26 12:17:08   tls_crypt_file = '[UNDEF]'
    2020-09-26 12:17:08   tls_crypt_v2_file = '[UNDEF]'
    2020-09-26 12:17:08 Connection profiles END
    2020-09-26 12:17:08   remote_random = DISABLED
    2020-09-26 12:17:08   ipchange = '[UNDEF]'
    2020-09-26 12:17:08   dev = 'tun'
    2020-09-26 12:17:08   dev_type = '[UNDEF]'
    2020-09-26 12:17:08   dev_node = '[UNDEF]'
    2020-09-26 12:17:08   lladdr = '[UNDEF]'
    2020-09-26 12:17:08   topology = 1
    2020-09-26 12:17:08   ifconfig_local = '[UNDEF]'
    2020-09-26 12:17:08   ifconfig_remote_netmask = '[UNDEF]'
    2020-09-26 12:17:08   ifconfig_noexec = DISABLED
    2020-09-26 12:17:08   ifconfig_nowarn = ENABLED
    2020-09-26 12:17:08   ifconfig_ipv6_local = '[UNDEF]'
    2020-09-26 12:17:08   ifconfig_ipv6_netbits = 0
    2020-09-26 12:17:08   ifconfig_ipv6_remote = '[UNDEF]'
    2020-09-26 12:17:08   shaper = 0
    2020-09-26 12:17:08   mtu_test = 0
    2020-09-26 12:17:08   mlock = DISABLED
    2020-09-26 12:17:08   keepalive_ping = 0
    2020-09-26 12:17:08   keepalive_timeout = 0
    2020-09-26 12:17:08   inactivity_timeout = 0
    2020-09-26 12:17:08   ping_send_timeout = 0
    2020-09-26 12:17:08   ping_rec_timeout = 0
    2020-09-26 12:17:08   ping_rec_timeout_action = 0
    2020-09-26 12:17:08   ping_timer_remote = DISABLED
    2020-09-26 12:17:08   remap_sigusr1 = 0
    2020-09-26 12:17:08   persist_tun = ENABLED
    2020-09-26 12:17:08   persist_local_ip = DISABLED
    2020-09-26 12:17:08   persist_remote_ip = DISABLED
    2020-09-26 12:17:08   persist_key = DISABLED
    2020-09-26 12:17:08   passtos = DISABLED
    2020-09-26 12:17:08   resolve_retry_seconds = 1000000000
    2020-09-26 12:17:08   resolve_in_advance = ENABLED
    2020-09-26 12:17:08   username = '[UNDEF]'
    2020-09-26 12:17:08   groupname = '[UNDEF]'
    2020-09-26 12:17:08   chroot_dir = '[UNDEF]'
    2020-09-26 12:17:08   cd_dir = '[UNDEF]'
    2020-09-26 12:17:08   writepid = '[UNDEF]'
    2020-09-26 12:17:08   up_script = '[UNDEF]'
    2020-09-26 12:17:08   down_script = '[UNDEF]'
    2020-09-26 12:17:08   down_pre = DISABLED
    2020-09-26 12:17:08   up_restart = DISABLED
    2020-09-26 12:17:08   up_delay = DISABLED
    2020-09-26 12:17:08   daemon = DISABLED
    2020-09-26 12:17:08   inetd = 0
    2020-09-26 12:17:08   log = DISABLED
    2020-09-26 12:17:08   suppress_timestamps = DISABLED
    2020-09-26 12:17:08   machine_readable_output = ENABLED
    2020-09-26 12:17:08   nice = 0
    2020-09-26 12:17:08   verbosity = 4
    2020-09-26 12:17:08   mute = 0
    2020-09-26 12:17:08   gremlin = 0
    2020-09-26 12:17:08   status_file = '[UNDEF]'
    2020-09-26 12:17:08   status_file_version = 1
    2020-09-26 12:17:08   status_file_update_freq = 60
    2020-09-26 12:17:08   occ = ENABLED
    2020-09-26 12:17:08   rcvbuf = 0
    2020-09-26 12:17:08   sndbuf = 0
    2020-09-26 12:17:08   sockflags = 0
    2020-09-26 12:17:08   fast_io = DISABLED
    2020-09-26 12:17:08   comp.alg = 2
    2020-09-26 12:17:08   comp.flags = 1
    2020-09-26 12:17:08   route_script = '[UNDEF]'
    2020-09-26 12:17:08   route_default_gateway = '[UNDEF]'
    2020-09-26 12:17:08   route_default_metric = 0
    2020-09-26 12:17:08   route_noexec = DISABLED
    2020-09-26 12:17:08   route_delay = 0
    2020-09-26 12:17:08   route_delay_window = 30
    2020-09-26 12:17:08   route_delay_defined = DISABLED
    2020-09-26 12:17:08   route_nopull = DISABLED
    2020-09-26 12:17:08   route_gateway_via_dhcp = DISABLED
    2020-09-26 12:17:08   allow_pull_fqdn = DISABLED
    2020-09-26 12:17:08   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
    2020-09-26 12:17:08   management_port = 'unix'
    2020-09-26 12:17:08   management_user_pass = '[UNDEF]'
    2020-09-26 12:17:08   management_log_history_cache = 250
    2020-09-26 12:17:08   management_echo_buffer_size = 100
    2020-09-26 12:17:08   management_write_peer_info_file = '[UNDEF]'
    2020-09-26 12:17:08   management_client_user = '[UNDEF]'
    2020-09-26 12:17:08   management_client_group = '[UNDEF]'
    2020-09-26 12:17:08   management_flags = 16678
    2020-09-26 12:17:08   shared_secret_file = '[UNDEF]'
    2020-09-26 12:17:08   key_direction = 1
    2020-09-26 12:17:08   ciphername = 'BF-CBC'
    2020-09-26 12:17:08   ncp_enabled = ENABLED
    2020-09-26 12:17:08   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
    2020-09-26 12:17:08   authname = 'SHA256'
    2020-09-26 12:17:08   prng_hash = 'SHA1'
    2020-09-26 12:17:08   prng_nonce_secret_len = 16
    2020-09-26 12:17:08   keysize = 0
    2020-09-26 12:17:08   engine = DISABLED
    2020-09-26 12:17:08   replay = ENABLED
    2020-09-26 12:17:08   mute_replay_warnings = DISABLED
    2020-09-26 12:17:08   replay_window = 64
    2020-09-26 12:17:08   replay_time = 15
    2020-09-26 12:17:08   packet_id_file = '[UNDEF]'
    2020-09-26 12:17:08   test_crypto = DISABLED
    2020-09-26 12:17:08   tls_server = DISABLED
    2020-09-26 12:17:08   tls_client = ENABLED
    2020-09-26 12:17:08   ca_file = '[INLINE]'
    2020-09-26 12:17:08   ca_path = '[UNDEF]'
    2020-09-26 12:17:08   dh_file = '[UNDEF]'
    2020-09-26 12:17:08   cert_file = '[INLINE]'
    2020-09-26 12:17:08   extra_certs_file = '[UNDEF]'
    2020-09-26 12:17:08   priv_key_file = '[INLINE]'
    2020-09-26 12:17:08   pkcs12_file = '[UNDEF]'
    2020-09-26 12:17:08   cipher_list = '[UNDEF]'
    2020-09-26 12:17:08   cipher_list_tls13 = '[UNDEF]'
    2020-09-26 12:17:08   tls_cert_profile = '[UNDEF]'
    2020-09-26 12:17:08   tls_verify = '[UNDEF]'
    2020-09-26 12:17:08   tls_export_cert = '[UNDEF]'
    2020-09-26 12:17:08   verify_x509_type = 2
    2020-09-26 12:17:08   verify_x509_name = 'XXXXXXXXXXXXXXXXXXXXXXXXX'
    2020-09-26 12:17:08   crl_file = '[UNDEF]'
    2020-09-26 12:17:08   ns_cert_type = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 65535
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_ku[i] = 0
    2020-09-26 12:17:08   remote_cert_eku = 'TLS Web Client Authentication'
    2020-09-26 12:17:08   ssl_flags = 0
    2020-09-26 12:17:08   tls_timeout = 2
    2020-09-26 12:17:08   renegotiate_bytes = -1
    2020-09-26 12:17:08   renegotiate_packets = 0
    2020-09-26 12:17:08   renegotiate_seconds = 3600
    2020-09-26 12:17:08   handshake_window = 60
    2020-09-26 12:17:08   transition_window = 3600
    2020-09-26 12:17:08   single_session = DISABLED
    2020-09-26 12:17:08   push_peer_info = DISABLED
    2020-09-26 12:17:08   tls_exit = DISABLED
    2020-09-26 12:17:08   tls_crypt_v2_metadata = '[UNDEF]'
    2020-09-26 12:17:08   server_network = 0.0.0.0
    2020-09-26 12:17:08   server_netmask = 0.0.0.0
    2020-09-26 12:17:08   server_network_ipv6 = ::
    2020-09-26 12:17:08   server_netbits_ipv6 = 0
    2020-09-26 12:17:08   server_bridge_ip = 0.0.0.0
    2020-09-26 12:17:08   server_bridge_netmask = 0.0.0.0
    2020-09-26 12:17:08   server_bridge_pool_start = 0.0.0.0
    2020-09-26 12:17:08   server_bridge_pool_end = 0.0.0.0
    2020-09-26 12:17:08 0 secondes avant la prochaine tentative de connexion
    2020-09-26 12:17:08   ifconfig_pool_defined = DISABLED
    2020-09-26 12:17:08   ifconfig_pool_start = 0.0.0.0
    2020-09-26 12:17:08   ifconfig_pool_end = 0.0.0.0
    2020-09-26 12:17:08   ifconfig_pool_netmask = 0.0.0.0
    2020-09-26 12:17:08   ifconfig_pool_persist_filename = '[UNDEF]'
    2020-09-26 12:17:08   ifconfig_pool_persist_refresh_freq = 600
    2020-09-26 12:17:08   ifconfig_ipv6_pool_defined = DISABLED
    2020-09-26 12:17:08   ifconfig_ipv6_pool_base = ::
    2020-09-26 12:17:08   ifconfig_ipv6_pool_netbits = 0
    2020-09-26 12:17:08   n_bcast_buf = 256
    2020-09-26 12:17:08   tcp_queue_limit = 64
    2020-09-26 12:17:08   real_hash_size = 256
    2020-09-26 12:17:08   virtual_hash_size = 256
    2020-09-26 12:17:08   client_connect_script = '[UNDEF]'
    2020-09-26 12:17:08   learn_address_script = '[UNDEF]'
    2020-09-26 12:17:08   client_disconnect_script = '[UNDEF]'
    2020-09-26 12:17:08   client_config_dir = '[UNDEF]'
    2020-09-26 12:17:08   ccd_exclusive = DISABLED
    2020-09-26 12:17:08   tmp_dir = '/data/data/de.blinkt.openvpn/cache'
    2020-09-26 12:17:08   push_ifconfig_defined = DISABLED
    2020-09-26 12:17:08   push_ifconfig_local = 0.0.0.0
    2020-09-26 12:17:08   push_ifconfig_remote_netmask = 0.0.0.0
    2020-09-26 12:17:08   push_ifconfig_ipv6_defined = DISABLED
    2020-09-26 12:17:08   push_ifconfig_ipv6_local = ::/0
    2020-09-26 12:17:08   push_ifconfig_ipv6_remote = ::
    2020-09-26 12:17:08   enable_c2c = DISABLED
    2020-09-26 12:17:08   duplicate_cn = DISABLED
    2020-09-26 12:17:08   cf_max = 0
    2020-09-26 12:17:08   cf_per = 0
    2020-09-26 12:17:08   max_clients = 1024
    2020-09-26 12:17:08   max_routes_per_client = 256
    2020-09-26 12:17:08   auth_user_pass_verify_script = '[UNDEF]'
    2020-09-26 12:17:08   auth_user_pass_verify_script_via_file = DISABLED
    2020-09-26 12:17:08   auth_token_generate = DISABLED
    2020-09-26 12:17:08   auth_token_lifetime = 0
    2020-09-26 12:17:08   auth_token_secret_file = '[UNDEF]'
    2020-09-26 12:17:08   port_share_host = '[UNDEF]'
    2020-09-26 12:17:08   port_share_port = '[UNDEF]'
    2020-09-26 12:17:08   vlan_tagging = DISABLED
    2020-09-26 12:17:08   vlan_accept = all
    2020-09-26 12:17:08   vlan_pvid = 1
    2020-09-26 12:17:08   client = ENABLED
    2020-09-26 12:17:08   pull = ENABLED
    2020-09-26 12:17:08   auth_user_pass_file = 'stdin'
    2020-09-26 12:17:08 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.20-0-g46ce6652] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 24 2020
    2020-09-26 12:17:08 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
    2020-09-26 12:17:08 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
    2020-09-26 12:17:08 MANAGEMENT: CMD 'version 3'
    2020-09-26 12:17:08 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:17:08 MANAGEMENT: CMD 'username 'Auth' XXXXXXXXXXX'
    2020-09-26 12:17:08 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:17:08 MANAGEMENT: CMD 'password [...]'
    2020-09-26 12:17:08 MANAGEMENT: CMD 'state on'
    2020-09-26 12:17:08 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:17:09 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:17:09 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:17:09 LZO compression initializing
    2020-09-26 12:17:09 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:17:09 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:17:09 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:17:09 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:17:09 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:17:09 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:17:09 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:17:09 UDP link local: (not bound)
    2020-09-26 12:17:09 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:17:09 MANAGEMENT: >STATE:1601115429,WAIT,,,,,,
    2020-09-26 12:18:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:18:09 TLS Error: TLS handshake failed
    2020-09-26 12:18:09 TCP/UDP: Closing socket
    2020-09-26 12:18:09 SIGUSR1[soft,tls-error] received, process restarting
    2020-09-26 12:18:09 MANAGEMENT: >STATE:1601115489,RECONNECTING,tls-error,,,,,
    2020-09-26 12:18:09 2 secondes avant la prochaine tentative de connexion
    2020-09-26 12:18:11 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:18:11 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:18:11 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:18:11 MANAGEMENT: CMD 'state on'
    2020-09-26 12:18:12 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:18:12 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:18:12 LZO compression initializing
    2020-09-26 12:18:12 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:18:12 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:18:12 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:18:12 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:18:12 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:18:12 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:18:12 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:18:12 UDP link local: (not bound)
    2020-09-26 12:18:12 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:18:12 MANAGEMENT: >STATE:1601115492,WAIT,,,,,,
    2020-09-26 12:19:13 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:19:13 TLS Error: TLS handshake failed
    2020-09-26 12:19:13 TCP/UDP: Closing socket
    2020-09-26 12:19:13 SIGUSR1[soft,tls-error] received, process restarting
    2020-09-26 12:19:13 2 secondes avant la prochaine tentative de connexion
    2020-09-26 12:19:13 MANAGEMENT: >STATE:1601115553,RECONNECTING,tls-error,,,,,
    2020-09-26 12:19:15 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:19:15 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:19:15 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:19:15 MANAGEMENT: CMD 'state on'
    2020-09-26 12:19:16 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:19:16 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:19:16 LZO compression initializing
    2020-09-26 12:19:16 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:19:16 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:19:16 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:19:16 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:19:16 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:19:16 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:19:16 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:19:16 UDP link local: (not bound)
    2020-09-26 12:19:16 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:19:16 MANAGEMENT: >STATE:1601115556,WAIT,,,,,,
    2020-09-26 12:20:16 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:20:16 TLS Error: TLS handshake failed
    2020-09-26 12:20:16 TCP/UDP: Closing socket
    2020-09-26 12:20:16 SIGUSR1[soft,tls-error] received, process restarting
    2020-09-26 12:20:16 MANAGEMENT: >STATE:1601115616,RECONNECTING,tls-error,,,,,
    2020-09-26 12:20:16 2 secondes avant la prochaine tentative de connexion
    2020-09-26 12:20:18 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:20:18 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:20:18 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:20:18 MANAGEMENT: CMD 'state on'
    2020-09-26 12:20:19 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:20:19 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:20:19 LZO compression initializing
    2020-09-26 12:20:19 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:20:19 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:20:19 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:20:19 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:20:19 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:20:19 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:20:19 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:20:19 UDP link local: (not bound)
    2020-09-26 12:20:19 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:20:19 MANAGEMENT: >STATE:1601115619,WAIT,,,,,,
    2020-09-26 12:21:19 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:21:19 TLS Error: TLS handshake failed
    2020-09-26 12:21:19 TCP/UDP: Closing socket
    2020-09-26 12:21:19 SIGUSR1[soft,tls-error] received, process restarting
    2020-09-26 12:21:19 MANAGEMENT: >STATE:1601115679,RECONNECTING,tls-error,,,,,
    2020-09-26 12:21:19 2 secondes avant la prochaine tentative de connexion
    2020-09-26 12:21:21 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:21:21 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:21:21 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:21:21 MANAGEMENT: CMD 'state on'
    2020-09-26 12:21:22 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:21:22 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:21:22 LZO compression initializing
    2020-09-26 12:21:22 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:21:22 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:21:22 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:21:22 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:21:22 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:21:22 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:21:22 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:21:22 UDP link local: (not bound)
    2020-09-26 12:21:22 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:21:22 MANAGEMENT: >STATE:1601115682,WAIT,,,,,,
    2020-09-26 12:22:22 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:22:22 TLS Error: TLS handshake failed
    2020-09-26 12:22:22 TCP/UDP: Closing socket
    2020-09-26 12:22:22 SIGUSR1[soft,tls-error] received, process restarting
    2020-09-26 12:22:22 MANAGEMENT: >STATE:1601115742,RECONNECTING,tls-error,,,,,
    2020-09-26 12:22:22 4 secondes avant la prochaine tentative de connexion
    2020-09-26 12:22:26 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:22:26 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:22:26 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:22:26 MANAGEMENT: CMD 'state on'
    2020-09-26 12:22:27 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:22:27 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:22:27 LZO compression initializing
    2020-09-26 12:22:27 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:22:27 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:22:27 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:22:27 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:22:27 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:22:27 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:22:28 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:22:28 UDP link local: (not bound)
    2020-09-26 12:22:28 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:22:28 MANAGEMENT: >STATE:1601115748,WAIT,,,,,,
    2020-09-26 12:23:28 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:23:28 TLS Error: TLS handshake failed
    2020-09-26 12:23:28 TCP/UDP: Closing socket
    2020-09-26 12:23:28 SIGUSR1[soft,tls-error] received, process restarting
    2020-09-26 12:23:28 MANAGEMENT: >STATE:1601115808,RECONNECTING,tls-error,,,,,
    2020-09-26 12:23:28 8 secondes avant la prochaine tentative de connexion
    2020-09-26 12:23:36 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:23:36 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:23:36 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:23:36 MANAGEMENT: CMD 'state on'
    2020-09-26 12:23:37 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:23:37 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:23:37 LZO compression initializing
    2020-09-26 12:23:37 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:23:37 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:23:37 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:23:37 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:23:37 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:23:37 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:23:37 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:23:37 UDP link local: (not bound)
    2020-09-26 12:23:37 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:23:37 MANAGEMENT: >STATE:1601115817,WAIT,,,,,,
    2020-09-26 12:24:37 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:24:37 TLS Error: TLS handshake failed
    2020-09-26 12:24:37 TCP/UDP: Closing socket
    2020-09-26 12:24:37 SIGUSR1[soft,tls-error] received, process restarting
    2020-09-26 12:24:37 MANAGEMENT: >STATE:1601115877,RECONNECTING,tls-error,,,,,
    2020-09-26 12:24:37 16 secondes avant la prochaine tentative de connexion
    2020-09-26 12:24:53 MANAGEMENT: CMD 'hold release'
    2020-09-26 12:24:53 MANAGEMENT: CMD 'proxy NONE'
    2020-09-26 12:24:53 MANAGEMENT: CMD 'bytecount 2'
    2020-09-26 12:24:53 MANAGEMENT: CMD 'state on'
    2020-09-26 12:24:54 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:24:54 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    2020-09-26 12:24:54 LZO compression initializing
    2020-09-26 12:24:54 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
    2020-09-26 12:24:54 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ]
    2020-09-26 12:24:54 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
    2020-09-26 12:24:54 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
    2020-09-26 12:24:54 TCP/UDP: Preserving recently used remote address: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:24:54 Socket Buffers: R=[245760->245760] S=[245760->245760]
    2020-09-26 12:24:54 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2020-09-26 12:24:54 UDP link local: (not bound)
    2020-09-26 12:24:54 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:24:54 MANAGEMENT: >STATE:1601115894,WAIT
    

    Je tournes en rond depuis une semaine, si une bonne âme pouvait m'aider ce serait super.

    @++


  • This post is deleted!

  • NB : si vous masquez l'ip publique, pensez à masquer les certificats !!
    ----- BEGIN CERTIFICATE
    ........
    -----END CERTIFICATE

    Vous ne décrivez pas complètement votre infra ...

    Vous indiquez 'NAT sur routeur UDP1194' : je traduis : vous avez configuré le routeur pour faire un renvoi du trafic vers le WAN de pfSense (qui est donc en adressage privé).

    Etes vous certain que les config soient bien coordonnées : exemple LZO est-il activé des 2 côtés ?

    Avez vous une règle dans Firewall > Rules > onglet WAN pour accepter le flux udp/1194 ? C'est nécessaire et donc obligatoire.

    Les logs sont un peu trop verbeux (verb 3 serait suffisant).
    La seule info utile des logs est :
    2020-09-26 12:17:09 UDP link remote: [AF_INET]AAA.AAA.AAA.AA:1194
    2020-09-26 12:17:09 MANAGEMENT: >STATE:1601115429,WAIT,,,,,,
    2020-09-26 12:18:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    2020-09-26 12:18:09 TLS Error: TLS handshake failed
    2020-09-26 12:18:09 TCP/UDP: Closing socket

    (Le 'check your network connectivity' est typique !)
    Ce que j'écris plus haut peut occasionner ce message.

    Perso, je commencerai par tester depuis un simple PC avant de passer à un smartphone, une fois opérationnel.


  • J'ai supprimé les certificats... (ici bien entendu...)

    la traduction de ma ligne NAT faites par vos soins est bonne.

    Comme je le disais dans le message, j'ai suivit le wizard donc bien entendu que la règle PFsense est ajoutée et en UDP

    Concernant le LZO non ce n'était pas configuré du côté serveur donc j'ai supprimé la ligne, merci.

    Mais le problème reste le même...

    PS: je n'ai pas d'autres pc hors LAN pour faire les premiers tests....

  • LAYER 8


  • Merci pour la réponse, mais je suis déjà passé sur cette page.....

    Il doit y avoir une subtilité quelque part car je n'y arrive pas!

    Donc pour résumer les tâches faite:

    sur mon routeur règle NAT UDP1194 vers IP de PFsense

    sur PFsense:

    • règle firewall:
      IPV4 UDP * * WAN address 1194(openVPN) * aucun

    • serveurs OpenVPN:
      WAN UDP4/1194 10.20.30.0/24 Crypto:AES-128 CBC/SHA256 D-H Params: 2048 bits

    • certificat actif

    Si je PING mon domaine, j'obtiens bien mon IP publique


  • Le wizard créé normalement ce qu'il faut, en effet (j'ai pu tester il y a peu, avant je faisais tout moi-même ...).
    Vous avez vérifié, c'est bien.

    Bien qu'il serait difficilement compréhensible que le renvoi fait depuis le routeur ne fonctionne pas, il faut maintenant tester avec un pc (portable ?) connecté au WAN (et avec l'adresse ip WAN au lieu du dns public !).

    Si le pc fait monter OpenVPN, cela signifie que le pfSense est OK.
    Il faudra ensuite tester depuis l'extérieur, pour finir par tester avec un smartphone.


  • Question bête Astina,

    Avez-vous regardé les .log quand le client essaye de se connecter au pfsense.

    Je vous balance, ce que personnellement j'ai checké pour trouver ma panne.

    Pour ma part l'adresse IP publique n'était pas a jour.

    Dans un autre contexte, j'avais l'IP de mon réseau local à la place de la publique.

    Je n'avais pas ouvert les ports sur la Livebox vers l'adresse du pfsense.

    Cordialement