Bonjour,
J'ai récemment édité un serveur openvpn sur Fedorea 20en m'inspirant de :
http://fedoraproject.org/wiki/Openvpn (incomplet !)
http://www.unixmen.com/setup-openvpn-server-client-centos-6-5/
http://blog.laimbock.com/2013/09/21/how-to-setup-openvpn-on-fedora-19/
Je précise que je souhaite que mon serveur vpn fasse passerelle pour les clients situés dans un LAN distant avec le port 1196 ouvert en UDP+TCP. Plus précisément, je souhaite que les clients sortent vers l'extérieur depuis la box 192.168.1.1 du côté sous-réseau du serveur.
Infos sur le serveur :
uname -ar
Linux localhost.localdomain 3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Voici mes deux sous-réseaux distants:
Réseau serveur : 192.168.1.0 255.255.255.0
Réseau client : 192.168.0.0 255.255.255.0, que je veux tunneliser à travers le WAN.
Réseau tunnel :
Voici mes fichiers de conf
Serveur :
root@localhost openvpn# cat server.conf
port 1196
dev tun
proto udp
tun-mtu 1500
fragment 1400
mssfix
# Use "local" to set the source address on multi-homed hosts
# Doit-on renseigner ce champ ??
# TLS parms
tls-server
ca /etc/openvpn/keys/keys/ca.crt
cert /etc/openvpn/keys/keys/server.crt
key /etc/openvpn/keys/keys/server.key
dh /etc/openvpn/keys/keys/dh2048.pem
# Tell OpenVPN to be a multi-client udp server
mode server
# The server's virtual endpoints
ifconfig 10.8.0.1 10.8.0.2
# Pool of /30 subnets to be allocated to clients.
# When a client connects, an --ifconfig command
# will be automatically generated and pushed back to
# the client.
ifconfig-pool 10.8.0.4 10.8.0.255
# Push route to client to bind it to our local
# virtual endpoint.
push "route 10.8.0.1 255.255.255.0"
# Push any routes the client needs to get in
# to the local network.
push "route 192.168.1.0 255.255.255.0" => j'y ai renseigné le sous-réseau relatif au LAN du serveur
# Push DHCP options to Windows clients.
push "dhcp-option homz.net"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option WINS 208.67.220.220"
# Client should attempt reconnection on link
# failure.
keepalive 10 60
# Delete client instances after some period
# of inactivity.
inactive 600
# Route the --ifconfig pool range into the
# OpenVPN server.
route 10.8.0.0 255.255.255.0
# The server doesn't need privileges
user client
group client
# Keep TUN devices and keys open across restarts.
persist-tun
persist-key
verb 4
push "redirect-gateway def1 bypass-dhcp"
comp-lzo
Client :
root@localhost openvpn# cat server.conf
port 1196
dev tun
proto udp
tun-mtu 1500
fragment 1400
mssfix
# Use "local" to set the source address on multi-homed hosts
#local IP address ==>???
# TLS parms
tls-server
ca /etc/openvpn/keys/keys/ca.crt
cert /etc/openvpn/keys/keys/server.crt
key /etc/openvpn/keys/keys/server.key
dh /etc/openvpn/keys/keys/dh2048.pem
# Tell OpenVPN to be a multi-client udp server
mode server
# The server's virtual endpoints
ifconfig 10.8.0.1 10.8.0.2
# Pool of /30 subnets to be allocated to clients.
# When a client connects, an --ifconfig command
# will be automatically generated and pushed back to
# the client.
ifconfig-pool 10.8.0.4 10.8.0.255
# Push route to client to bind it to our local
# virtual endpoint.
push "route 10.8.0.1 255.255.255.255" ==> es-ce bien normal d'avoir un masque 255.255.255.255 ??
# Push any routes the client needs to get in
# to the local network.
push "route 192.168.1.0 255.255.255.0" #==> j'y ai renseigné le sous-réseau LAN de mon serveur
# Push DHCP options to Windows clients.
push "dhcp-option homz.net"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option WINS 208.67.220.220"
# Client should attempt reconnection on link
# failure.
keepalive 10 60
# Delete client instances after some period
# of inactivity.
inactive 600
# Route the --ifconfig pool range into the
# OpenVPN server.
route 10.8.0.0 255.255.255.0
# The server doesn't need privileges
user client
group client
# Keep TUN devices and keys open across restarts.
persist-tun
persist-key
verb 4
push "redirect-gateway def1 bypass-dhcp"
comp-lzo
Fichier conf client sur machine cliente :
root@localhost tmp# cat client.ovpn
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote "mon_ip_publique" 1196
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy proxy serve proxy port #
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client.crt
key client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
#
http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
tun-mtu 1500
fragment 1400
mssfix
Routage (forwarding activé : root@localhost openvpn# cat /proc/sys/net/ipv4/ip_forward = 1
J'ai ouvert puis redirigé le port 1196 vers ma machine serveur. J'ai appliqué puis sauvé les règles iptables (inspiré de la documentation redhat : le problème c'est que je renseigne uniquement mon interface LAN. Je sais pas à quoi correspond l'interface WAN ici :
"The following should work (assuming an outside interface is eth1 and an inside interface is eth0)
Voici les règles pour l'interface p2p1 du serveur
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i p2p1 -o tun+ -j ACCEPT
Mais iptables -A INPUT -i eth1 -p udp --dport 1194 -j ACCEPT correspond à la redirection de port qui a été effectuée sur mon routeur
Par contre, je ne comprens pas la syntaxe : iptables -A FORWARD -i eth1 -o tun+ -m state --state ESTABLISHED,RELATED -j ACCEPT : correspond à l'autorisation de router les paquets venant de l'interface WAN ?? Selon moi ma box est bien configurée
Machine serveur :
root@localhost openvpn# ifconfig
Texte tronqué
p2p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.125 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::a00:27ff:fe20:970d prefixlen 64 scopeid 0x20<link>
ether 08:00:27:20:97:0d txqueuelen 1000 (Ethernet)
RX packets 189393 bytes 33291209 (31.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 198259 bytes 41897573 (39.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@localhost openvpn# iptables -L -t nat -v
Chain PREROUTING (policy ACCEPT 1957 packets, 142K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1727 packets, 126K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4928 packets, 339K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 5158 packets, 355K bytes)
pkts bytes target prot opt in out source destination
234 16463 all -- any any 10.8.0.0/24 anywhere
root@localhost openvpn# iptables-save
# Generated by iptables-save v1.4.19.1 on Wed Aug 20 17:11:32 2014
*nat
😛REROUTING ACCEPT 3250:233657
:INPUT ACCEPT 2816:203081]
😮UTPUT ACCEPT 8021:550858]
😛OSTROUTING ACCEPT 8455:581434
-A POSTROUTING -s 10.8.0.0/24
COMMIT
# Completed on Wed Aug 20 17:11:32 2014
# Generated by iptables-save v1.4.19.1 on Wed Aug 20 17:11:32 2014
*filter
:INPUT ACCEPT 274:24944
:FORWARD ACCEPT 0:0
😮UTPUT ACCEPT 228:40117
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i p2p1 -o tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i p2pa -o tun+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i p2p1 -o tun+ -j ACCEPT
COMMIT
# Completed on Wed Aug 20 17:11:32 2014
Voici les messages : machine serveur
root@localhost openvpn]# systemctl stop
openvpn@server.service
root@localhost openvpn]# systemctl restart
openvpn@server.service
root@localhost openvpn]# systemctl status
openvpn@server.service
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: active (running) since mer. 2014-08-20 16:34:38 CEST; 1s ago
Process: 7975 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=0/SUCCESS)
Main PID: 7981 (openvpn)
CGroup: /system.slice/system-openvpn.slice/
openvpn@server.service
└─7981 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --cd /etc/openvpn/ --config server.conf
août 20 16:34:38 localhost.localdomain openvpn7975: ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=p2p1 HWADDR=08:00:27:20:97:0d
août 20 16:34:38 localhost.localdomain openvpn7981]: GID set to client
août 20 16:34:38 localhost.localdomain openvpn7981]: UID set to client
août 20 16:34:38 localhost.localdomain openvpn7981]: UDPv4 link local (bound): undef]
août 20 16:34:38 localhost.localdomain openvpn7981]: UDPv4 link remote: undef]
août 20 16:34:38 localhost.localdomain openvpn7981]: MULTI: multi_init called, r=256 v=256
août 20 16:34:38 localhost.localdomain openvpn7981]: IFCONFIG POOL: base=10.8.0.4 size=63, ipv6=0
août 20 16:34:38 localhost.localdomain openvpn7981]: Initialization Sequence Completed
août 20 16:34:38 localhost.localdomain systemd1]: Failed to read PID from file /var/run/openvpn/server.pid: Invalid argument # est-ce bien grave ?
août 20 16:34:38 localhost.localdomain systemd1]: Started OpenVPN Robust And Highly Flexible Tunneling Application On server
Selon moi le problème se situe sur les lignes :
Wed Aug 20 17:20:03 2014 SENT CONTROL server]: 'PUSH_REQUEST' (status=1)
Wed Aug 20 17:20:03 2014 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 192.168.1.0 255.255.255.0,dhcp-option homz.net,dhcp-option DNS 208.67.222.222,dhcp-option WINS 208.67.220.220,redirect-gateway def1 bypass-dhcp,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
MAchine serveur
Un test simple sur le serveur :
root@localhost openvpn]# openvpn --config server.conf
Wed Aug 20 16:35:35 2014 us=924379 Current Parameter Settings:
Wed Aug 20 16:35:35 2014 us=925592 config = 'server.conf'
Wed Aug 20 16:35:35 2014 us=926105 mode = 1
Wed Aug 20 16:35:35 2014 us=927180 persist_config = DISABLED
Wed Aug 20 16:35:35 2014 us=928224 persist_mode = 1
Wed Aug 20 16:35:35 2014 us=928996 show_ciphers = DISABLED
Wed Aug 20 16:35:35 2014 us=929583 show_digests = DISABLED
Wed Aug 20 16:35:35 2014 us=930110 show_engines = DISABLED
Wed Aug 20 16:35:35 2014 us=930568 genkey = DISABLED
Wed Aug 20 16:35:35 2014 us=931148 key_pass_file = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=931787 show_tls_ciphers = DISABLED
Wed Aug 20 16:35:35 2014 us=932260 Connection profiles [default]:
Wed Aug 20 16:35:35 2014 us=932575 proto = udp
Wed Aug 20 16:35:35 2014 us=932997 local = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=933394 local_port = 1196
Wed Aug 20 16:35:35 2014 us=933805 remote = '[UNDEF'
Wed Aug 20 16:35:35 2014 us=934281 remote_port = 1196
Wed Aug 20 16:35:35 2014 us=934601 remote_float = DISABLED
Wed Aug 20 16:35:35 2014 us=934904 bind_defined = DISABLED
Wed Aug 20 16:35:35 2014 us=935257 bind_local = ENABLED
Wed Aug 20 16:35:35 2014 us=935634 connect_retry_seconds = 5
Wed Aug 20 16:35:35 2014 us=935954 connect_timeout = 10
Wed Aug 20 16:35:35 2014 us=936252 connect_retry_max = 0
Wed Aug 20 16:35:35 2014 us=936589 socks_proxy_server = UNDEF'
Wed Aug 20 16:35:35 2014 us=936937 socks_proxy_port = 0
Wed Aug 20 16:35:35 2014 us=937212 socks_proxy_retry = DISABLED
Wed Aug 20 16:35:35 2014 us=937588 tun_mtu = 1500
Wed Aug 20 16:35:35 2014 us=937898 tun_mtu_defined = ENABLED
Wed Aug 20 16:35:35 2014 us=938283 link_mtu = 1500
Wed Aug 20 16:35:35 2014 us=938722 link_mtu_defined = DISABLED
Wed Aug 20 16:35:35 2014 us=939070 tun_mtu_extra = 0
Wed Aug 20 16:35:35 2014 us=939448 tun_mtu_extra_defined = DISABLED
Wed Aug 20 16:35:35 2014 us=939908 mtu_discover_type = -1
Wed Aug 20 16:35:35 2014 us=940308 fragment = 1400
Wed Aug 20 16:35:35 2014 us=940543 mssfix = 1400
Wed Aug 20 16:35:35 2014 us=940781 explicit_exit_notification = 0
Wed Aug 20 16:35:35 2014 us=940799 Connection profiles END
Wed Aug 20 16:35:35 2014 us=940810 remote_random = DISABLED
Wed Aug 20 16:35:35 2014 us=940820 ipchange = 'UNDEF'
Wed Aug 20 16:35:35 2014 us=940830 dev = 'tun'
Wed Aug 20 16:35:35 2014 us=941049 dev_type = 'UNDEF'
Wed Aug 20 16:35:35 2014 us=941077 dev_node = 'UNDEF'
Wed Aug 20 16:35:35 2014 us=941298 lladdr = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=941317 topology = 1
Wed Aug 20 16:35:35 2014 us=941328 tun_ipv6 = DISABLED
Wed Aug 20 16:35:35 2014 us=941575 ifconfig_local = '10.8.0.1'
Wed Aug 20 16:35:35 2014 us=941600 ifconfig_remote_netmask = '10.8.0.2'
Wed Aug 20 16:35:35 2014 us=941610 ifconfig_noexec = DISABLED
Wed Aug 20 16:35:35 2014 us=941785 ifconfig_nowarn = DISABLED
Wed Aug 20 16:35:35 2014 us=941813 ifconfig_ipv6_local = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=941829 ifconfig_ipv6_netbits = 0
Wed Aug 20 16:35:35 2014 us=941839 ifconfig_ipv6_remote = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=941849 shaper = 0
Wed Aug 20 16:35:35 2014 us=941859 mtu_test = 0
Wed Aug 20 16:35:35 2014 us=941869 mlock = DISABLED
Wed Aug 20 16:35:35 2014 us=942086 keepalive_ping = 10
Wed Aug 20 16:35:35 2014 us=942114 keepalive_timeout = 60
Wed Aug 20 16:35:35 2014 us=942134 inactivity_timeout = 600
Wed Aug 20 16:35:35 2014 us=943079 ping_send_timeout = 10
Wed Aug 20 16:35:35 2014 us=943092 ping_rec_timeout = 120
Wed Aug 20 16:35:35 2014 us=943101 ping_rec_timeout_action = 2
Wed Aug 20 16:35:35 2014 us=943110 ping_timer_remote = DISABLED
Wed Aug 20 16:35:35 2014 us=943119 remap_sigusr1 = 0
Wed Aug 20 16:35:35 2014 us=943128 persist_tun = ENABLED
Wed Aug 20 16:35:35 2014 us=943137 persist_local_ip = DISABLED
Wed Aug 20 16:35:35 2014 us=943146 persist_remote_ip = DISABLED
Wed Aug 20 16:35:35 2014 us=943155 persist_key = ENABLED
Wed Aug 20 16:35:35 2014 us=943164 passtos = DISABLED
Wed Aug 20 16:35:35 2014 us=943173 resolve_retry_seconds = 1000000000
Wed Aug 20 16:35:35 2014 us=943182 username = 'client'
Wed Aug 20 16:35:35 2014 us=943191 groupname = 'client'
Wed Aug 20 16:35:35 2014 us=943200 chroot_dir = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943209 cd_dir = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943228 writepid = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943239 up_script = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943248 down_script = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943257 down_pre = DISABLED
Wed Aug 20 16:35:35 2014 us=943266 up_restart = DISABLED
Wed Aug 20 16:35:35 2014 us=943279 up_delay = DISABLED
Wed Aug 20 16:35:35 2014 us=943289 daemon = DISABLED
Wed Aug 20 16:35:35 2014 us=943298 inetd = 0
Wed Aug 20 16:35:35 2014 us=943307 log = DISABLED
Wed Aug 20 16:35:35 2014 us=943316 suppress_timestamps = DISABLED
Wed Aug 20 16:35:35 2014 us=943326 nice = 0
Wed Aug 20 16:35:35 2014 us=943335 verbosity = 4
Wed Aug 20 16:35:35 2014 us=943343 mute = 0
Wed Aug 20 16:35:35 2014 us=943352 gremlin = 0
Wed Aug 20 16:35:35 2014 us=943361 status_file = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943370 status_file_version = 1
Wed Aug 20 16:35:35 2014 us=943380 status_file_update_freq = 60
Wed Aug 20 16:35:35 2014 us=943389 occ = ENABLED
Wed Aug 20 16:35:35 2014 us=943398 rcvbuf = 65536
Wed Aug 20 16:35:35 2014 us=943407 sndbuf = 65536
Wed Aug 20 16:35:35 2014 us=943415 mark = 0
Wed Aug 20 16:35:35 2014 us=943424 sockflags = 0
Wed Aug 20 16:35:35 2014 us=943433 fast_io = DISABLED
Wed Aug 20 16:35:35 2014 us=943442 lzo = 7
Wed Aug 20 16:35:35 2014 us=943451 route_script = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943461 route_default_gateway = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943470 route_default_metric = 0
Wed Aug 20 16:35:35 2014 us=943479 route_noexec = DISABLED
Wed Aug 20 16:35:35 2014 us=943488 route_delay = 0
Wed Aug 20 16:35:35 2014 us=943497 route_delay_window = 30
Wed Aug 20 16:35:35 2014 us=943506 route_delay_defined = DISABLED
Wed Aug 20 16:35:35 2014 us=943516 route_nopull = DISABLED
Wed Aug 20 16:35:35 2014 us=943525 route_gateway_via_dhcp = DISABLED
Wed Aug 20 16:35:35 2014 us=943534 max_routes = 100
Wed Aug 20 16:35:35 2014 us=943543 allow_pull_fqdn = DISABLED
Wed Aug 20 16:35:35 2014 us=943553 route 10.8.0.0/255.255.255.0/nil/nil
Wed Aug 20 16:35:35 2014 us=943562 management_addr = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943571 management_port = 0
Wed Aug 20 16:35:35 2014 us=943580 management_user_pass = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943590 management_log_history_cache = 250
Wed Aug 20 16:35:35 2014 us=943599 management_echo_buffer_size = 100
Wed Aug 20 16:35:35 2014 us=943608 management_write_peer_info_file = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943617 management_client_user = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943626 management_client_group = UNDEF]'
Wed Aug 20 16:35:35 2014 us=943635 management_flags = 0
Wed Aug 20 16:35:35 2014 us=943647 shared_secret_file = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943657 key_direction = 0
Wed Aug 20 16:35:35 2014 us=943666 ciphername_defined = ENABLED
Wed Aug 20 16:35:35 2014 us=943675 ciphername = 'BF-CBC'
Wed Aug 20 16:35:35 2014 us=943684 authname_defined = ENABLED
Wed Aug 20 16:35:35 2014 us=943693 authname = 'SHA1'
Wed Aug 20 16:35:35 2014 us=943702 prng_hash = 'SHA1'
Wed Aug 20 16:35:35 2014 us=943711 prng_nonce_secret_len = 16
Wed Aug 20 16:35:35 2014 us=943720 keysize = 0
Wed Aug 20 16:35:35 2014 us=943729 engine = DISABLED
Wed Aug 20 16:35:35 2014 us=943738 replay = ENABLED
Wed Aug 20 16:35:35 2014 us=943746 mute_replay_warnings = DISABLED
Wed Aug 20 16:35:35 2014 us=943755 replay_window = 64
Wed Aug 20 16:35:35 2014 us=943764 replay_time = 15
Wed Aug 20 16:35:35 2014 us=943772 packet_id_file = [UNDEF]'
Wed Aug 20 16:35:35 2014 us=943781 use_iv = ENABLED
Wed Aug 20 16:35:35 2014 us=943789 test_crypto = DISABLED
Wed Aug 20 16:35:35 2014 us=943798 tls_server = ENABLED
Wed Aug 20 16:35:35 2014 us=943807 tls_client = DISABLED
Wed Aug 20 16:35:35 2014 us=943815 key_method = 2
Wed Aug 20 16:35:35 2014 us=943824 ca_file = '/etc/openvpn/keys/keys/ca.crt'
Wed Aug 20 16:35:35 2014 us=943833 ca_path = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=943842 dh_file = '/etc/openvpn/keys/keys/dh2048.pem'
Wed Aug 20 16:35:35 2014 us=944262 cert_file = '/etc/openvpn/keys/keys/server.crt'
Wed Aug 20 16:35:35 2014 us=945018 priv_key_file = '/etc/openvpn/keys/keys/server.key'
Wed Aug 20 16:35:35 2014 us=945340 pkcs12_file = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=945670 cipher_list = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=945948 tls_verify = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=946247 tls_export_cert = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=946542 verify_x509_type = 0
Wed Aug 20 16:35:35 2014 us=946920 verify_x509_name = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=947212 crl_file = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=947527 ns_cert_type = 0
Wed Aug 20 16:35:35 2014 us=947791 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=948069 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=948354 remote_cert_ku]= 0
Wed Aug 20 16:35:35 2014 us=948742 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=948999 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=949353 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=949669 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=949948 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=950321 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=950631 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=950928 remote_cert_ku[i= 0
Wed Aug 20 16:35:35 2014 us=951338 remote_cert_ku[ = 0
Wed Aug 20 16:35:35 2014 us=951356 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=951367 remote_cert_ku[ = 0
Wed Aug 20 16:35:35 2014 us=951376 remote_cert_ku[i = 0
Wed Aug 20 16:35:35 2014 us=951386 remote_cert_ku[] = 0
Wed Aug 20 16:35:35 2014 us=951396 remote_cert_eku = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=951405 ssl_flags = 0
Wed Aug 20 16:35:35 2014 us=951414 tls_timeout = 2
Wed Aug 20 16:35:35 2014 us=951424 renegotiate_bytes = 0
Wed Aug 20 16:35:35 2014 us=951538 renegotiate_packets = 0
Wed Aug 20 16:35:35 2014 us=951561 renegotiate_seconds = 3600
Wed Aug 20 16:35:35 2014 us=951586 handshake_window = 60
Wed Aug 20 16:35:35 2014 us=951833 transition_window = 3600
Wed Aug 20 16:35:35 2014 us=951859 single_session = DISABLED
Wed Aug 20 16:35:35 2014 us=951966 push_peer_info = DISABLED
Wed Aug 20 16:35:35 2014 us=952090 tls_exit = DISABLED
Wed Aug 20 16:35:35 2014 us=952109 tls_auth_file = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=952130 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952361 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952377 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952387 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952404 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952429 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952641 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952657 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952668 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952682 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=952703 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=953083 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=953101 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=953112 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=953122 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=953245 pkcs11_protected_authentication = DISABLED
Wed Aug 20 16:35:35 2014 us=953268 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953295 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953505 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953525 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953551 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953840 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953862 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953979 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=953998 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954022 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954218 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954240 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954264 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954373 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954494 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954516 pkcs11_private_mode = 00000000
Wed Aug 20 16:35:35 2014 us=954542 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=954751 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=954859 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=954978 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=954994 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955017 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955234 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955258 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955283 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955491 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955514 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955540 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955756 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=955866 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=956003 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=956023 pkcs11_cert_private = DISABLED
Wed Aug 20 16:35:35 2014 us=956042 pkcs11_pin_cache_period = -1
Wed Aug 20 16:35:35 2014 us=956251 pkcs11_id = '[UNDEF'
Wed Aug 20 16:35:35 2014 us=956275 pkcs11_id_management = DISABLED
Wed Aug 20 16:35:35 2014 us=956391 server_network = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=956516 server_netmask = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=956548 server_network_ipv6 = ::
Wed Aug 20 16:35:35 2014 us=956840 server_netbits_ipv6 = 0
Wed Aug 20 16:35:35 2014 us=956862 server_bridge_ip = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=956874 server_bridge_netmask = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=956884 server_bridge_pool_start = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=956894 server_bridge_pool_end = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=957119 push_entry = 'route 10.8.0.1 255.255.255.255'
Wed Aug 20 16:35:35 2014 us=957149 push_entry = 'route 192.168.1.0 255.255.255.0'
Wed Aug 20 16:35:35 2014 us=957164 push_entry = 'dhcp-option homz.net'
Wed Aug 20 16:35:35 2014 us=957176 push_entry = 'dhcp-option DNS 208.67.222.222'
Wed Aug 20 16:35:35 2014 us=957187 push_entry = 'dhcp-option WINS 208.67.220.220'
Wed Aug 20 16:35:35 2014 us=957201 push_entry = 'redirect-gateway def1 bypass-dhcp'
Wed Aug 20 16:35:35 2014 us=957211 push_entry = 'ping 10'
Wed Aug 20 16:35:35 2014 us=957330 push_entry = 'ping-restart 60'
Wed Aug 20 16:35:35 2014 us=957435 ifconfig_pool_defined = ENABLED
Wed Aug 20 16:35:35 2014 us=957460 ifconfig_pool_start = 10.8.0.4
Wed Aug 20 16:35:35 2014 us=957587 ifconfig_pool_end = 10.8.0.255
Wed Aug 20 16:35:35 2014 us=957726 ifconfig_pool_netmask = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=957741 ifconfig_pool_persist_filename = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=957751 ifconfig_pool_persist_refresh_freq = 600
Wed Aug 20 16:35:35 2014 us=957761 ifconfig_ipv6_pool_defined = DISABLED
Wed Aug 20 16:35:35 2014 us=957881 ifconfig_ipv6_pool_base = ::
Wed Aug 20 16:35:35 2014 us=958001 ifconfig_ipv6_pool_netbits = 0
Wed Aug 20 16:35:35 2014 us=958023 n_bcast_buf = 256
Wed Aug 20 16:35:35 2014 us=959082 tcp_queue_limit = 64
Wed Aug 20 16:35:35 2014 us=959095 real_hash_size = 256
Wed Aug 20 16:35:35 2014 us=959104 virtual_hash_size = 256
Wed Aug 20 16:35:35 2014 us=959113 client_connect_script = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=959123 learn_address_script = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=959132 client_disconnect_script = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=959141 client_config_dir = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=959150 ccd_exclusive = DISABLED
Wed Aug 20 16:35:35 2014 us=959159 tmp_dir = '/tmp'
Wed Aug 20 16:35:35 2014 us=959168 push_ifconfig_defined = DISABLED
Wed Aug 20 16:35:35 2014 us=959179 push_ifconfig_local = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=959188 push_ifconfig_remote_netmask = 0.0.0.0
Wed Aug 20 16:35:35 2014 us=959198 push_ifconfig_ipv6_defined = DISABLED
Wed Aug 20 16:35:35 2014 us=959212 push_ifconfig_ipv6_local = ::/0
Wed Aug 20 16:35:35 2014 us=959222 push_ifconfig_ipv6_remote = ::
Wed Aug 20 16:35:35 2014 us=959232 enable_c2c = DISABLED
Wed Aug 20 16:35:35 2014 us=959241 duplicate_cn = DISABLED
Wed Aug 20 16:35:35 2014 us=959251 cf_max = 0
Wed Aug 20 16:35:35 2014 us=959260 cf_per = 0
Wed Aug 20 16:35:35 2014 us=959270 max_clients = 1024
Wed Aug 20 16:35:35 2014 us=959279 max_routes_per_client = 256
Wed Aug 20 16:35:35 2014 us=959289 auth_user_pass_verify_script = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=959299 auth_user_pass_verify_script_via_file = DISABLED
Wed Aug 20 16:35:35 2014 us=959308 port_share_host = 'UNDEF]'
Wed Aug 20 16:35:35 2014 us=959318 port_share_port = 0
Wed Aug 20 16:35:35 2014 us=959327 client = DISABLED
Wed Aug 20 16:35:35 2014 us=959337 pull = DISABLED
Wed Aug 20 16:35:35 2014 us=959346 auth_user_pass_file = '[UNDEF]'
Wed Aug 20 16:35:35 2014 us=959357 OpenVPN 2.3.2 x86_64-redhat-linux-gnu SSL (OpenSSL)] LZO] EPOLL] [PKCS1
] [eurephia] [MH] [IPv6] built on Sep 12 2013
Wed Aug 20 16:35:35 2014 us=959497 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Aug 20 16:35:35 2014 us=970687 Diffie-Hellman initialized with 2048 bit key
Wed Aug 20 16:35:35 2014 us=971436 TLS-Auth MTU parms L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Aug 20 16:35:35 2014 us=971790 Socket Buffers: R=212992->131072] S=212992->131072]
Wed Aug 20 16:35:35 2014 us=972047 TCP/UDP: Socket bind failed on local address [undef]: Address already in use # Aî !!!
Wed Aug 20 16:35:35 2014 us=972458 Exiting due to fatal error
Il semblerai que les serveur et client ne se synchronise pas (pas de sockets bindés, etat="néant" car le service openvpn n'est pas en l'état LISTEN :
[root@localhost openvpn]# netstat -laptun
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
udp 0 0 0.0.0.0:1196 0.0.0.0:* 7981/openvpn
Je démarre le client openvpn :
Machine cliente : [texte tronqué}
[root@localhost tmp]# openvpn --config client.ovpn
Wed Aug 20 16:53:07 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Wed Aug 20 16:53:07 2014 Socket Buffers: R=[212992->131072] S=[212992->131072]
Wed Aug 20 16:53:07 2014 UDPv4 link local: [undef]
Wed Aug 20 16:53:07 2014 UDPv4 link remote: [AF_INET]@ip_publique:1196
Wed Aug 20 16:53:07 2014 TLS: Initial packet from [AF_INET]monip_publique:1196, sid=249a839d 712d37ad
Wed Aug 20 16:53:07 2014 VERIFY OK: depth=1, C=FR, ST=IDF, L=, O=, OU=server, CN=server, name=EasyRSA, emailAddress=
potach@gmx.fr
Wed Aug 20 16:53:07 2014 VERIFY OK: nsCertType=SERVER
Wed Aug 20 16:53:07 2014 VERIFY OK: depth=0, C=FR, ST=IDF, L=, O=, OU=server, CN=server, name=EasyRSA, emailAddress=
potach@gmx.fr
Wed Aug 20 16:53:08 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 20 16:53:08 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 16:53:08 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 20 16:53:08 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 20 16:53:08 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Aug 20 16:53:08 2014 [server] Peer Connection Initiated with [AF_INET]89.156.31.164:1196
Wed Aug 20 16:53:10 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Aug 20 16:53:10 2014 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 192.168.1.0 255.255.255.0,dhcp-option homz.net,dhcp-option DNS 208.67.222.222,dhcp-option WINS 208.67.220.220,redirect-gateway def1 bypass-dhcp,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
Wed Aug 20 16:53:10 2014 OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 20 16:53:10 2014 OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 20 16:53:10 2014 OPTIONS IMPORT: route options modified
Wed Aug 20 16:53:10 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Aug 20 16:53:10 2014 ROUTE_GATEWAY 192.168.0.254/255.255.255.0 IFACE=enp0s25 HWADDR=00:26:55:57:12:1f
Wed Aug 20 16:53:10 2014 TUN/TAP device tun0 opened
Wed Aug 20 16:53:10 2014 TUN/TAP TX queue length set to 100
Wed Aug 20 16:53:10 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 20 16:53:10 2014 /usr/sbin/ip link set dev tun0 up mtu 1500
Wed Aug 20 16:53:10 2014 /usr/sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Wed Aug 20 16:53:10 2014 /usr/sbin/ip route add mon_ip_publique/32 via 192.168.0.254 (passerelle du sous-réseau client)
Wed Aug 20 16:53:10 2014 /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Wed Aug 20 16:53:10 2014 /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Wed Aug 20 16:53:10 2014 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Wed Aug 20 16:53:10 2014 /usr/sbin/ip route add 192.168.1.0/24 via 10.8.0.5
Wed Aug 20 16:53:10 2014 Initialization Sequence Completed
Sur la machine cliente, impossible de sortir vers l'extérieur :
[root@localhost tmp]# ping 208.67.222.222
PING 208.67.222.222 (208.67.222.222) 56(84) bytes of data.
Pendant ce temps sur la cliente ;
[root@localhost tmp]# netstat -lapunt
Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale Adresse distante Etat PID/Program name
udp 0 0 0.0.0.0:59277 0.0.0.0:* 16236/openvpn
et sur le serveur :
[root@localhost openvpn]# netstat -laputn | grep openvpn
udp 0 0 0.0.0.0:1196 0.0.0.0:* 8855/openvpn
[root@localhost openvpn]# systemctl restart
openvpn@server.service
[root@localhost openvpn]# systemctl status
openvpn@server.service -l
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: active (running) since mer. 2014-08-20 17:19:07 CEST; 10min ago
Process: 10499 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=0/SUCCESS)
Main PID: 10505 (openvpn)
CGroup: /system.slice/system-openvpn.slice/
openvpn@server.service
└─10505 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/server.pid --cd /etc/openvpn/ --config server.conf
août 20 17:20:01 localhost.localdomain openvpn[10505]: @IP_publique:59122 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
août 20 17:20:01 localhost.localdomain openvpn[10505]:@IP_publique:59122 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
août 20 17:20:01 localhost.localdomain openvpn[10505]:@IP_publique:59122 [client] Peer Connection Initiated with [AF_INET]82.66.110.69:59122
août 20 17:20:01 localhost.localdomain openvpn[10505]: client/@IP_publique:59122 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
août 20 17:20:01 localhost.localdomain openvpn[10505]: client/@IP_publique122 MULTI: Learn: 10.8.0.6 -> client/82.66.110.69:59122
août 20 17:20:01 localhost.localdomain openvpn[10505]: client@IP_publique:59122 MULTI: primary virtual IP for client/82.66.110.69:59122: 10.8.0.6
août 20 17:20:03 localhost.localdomain openvpn[10505]: client/@IP_publique:59122 PUSH: Received control message: 'PUSH_REQUEST'
août 20 17:20:03 localhost.localdomain openvpn[10505]: client/@IP_publique:59122 send_push_reply(): safe_cap=940
août 20 17:20:03 localhost.localdomain openvpn[10505]: client/@IP_publique:59122 SENT CONTROL [client]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 192.168.1.0 255.255.255.0,dhcp-option homz.net,dhcp-option DNS 208.67.222.222,dhcp-option WINS 208.67.220.220,redirect-gateway def1 bypass-dhcp,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' (status=1)
août 20 17:26:04 localhost.localdomain openvpn[10505]: client/@IP_publique:59122 MULTI: bad source address from client [192.168.0.160], packet dropped
Hypothèses :
1) Le service openvpn sur le serveur ne se met pas en l'état LISTEN
2) Problème de routage ou de configuration routage ?? Je ne suis pas un spécialiste du routage.
Ai-je bien configuré le sous-réseau tunnel (10.0.8.0 255.255.255.0) ?
Merci pour votra aide .