OPENvpn and SMEserver 9.2

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
lorenzzacio
OpenVpn Newbie
Posts: 7
Joined: Sun Jun 18, 2017 10:22 pm

OPENvpn and SMEserver 9.2

Post by lorenzzacio » Sun Jun 18, 2017 10:53 pm

hi,

i have installed SMEserver with the following schema:

BOX ADSL
!
!
!
Server SME configured as Router and Gateway
!
!
!
switch
!
!
!
4 computers and a printer

i'd like to install OPENvpn on my SMEserver. but the doc of SMEserver says that a SMEserver just configured in Gateway and they have a method of installation of OPENvpn and PHPki.

Could you say me thr best configuration for ma please? Warning!!! i have only one Lan for my computers but i'll install soon another lan connected too to thr SMEserver.

Best regards
L

lorenzzacio
OpenVpn Newbie
Posts: 7
Joined: Sun Jun 18, 2017 10:22 pm

OPENvpn on SMEserver

Post by lorenzzacio » Thu Jun 22, 2017 10:39 am

nzzacio » Sun Jun 18, 2017 10:53 pm
hi,

i have installed SMEserver with the following schema:

BOX ADSL
!
!
!
Server SME configured as Router and Gateway
!
!
!
switch
!
!
!
4 computers and a printer

i'd like to install OPENvpn on my SMEserver. they have a method for installing an OPENvpn and PHPki.

do you think it's better to use their configuration or to install VPN https://wiki.contribs.org/OpenVPN_Bridgealong your advices and so totally independant of SMEserver?
Best regards
L

lorenzzacio
OpenVpn Newbie
Posts: 7
Joined: Sun Jun 18, 2017 10:22 pm

connection client

Post by lorenzzacio » Wed Jul 05, 2017 10:52 am

Hi,
i have installed OPENvpn server on a SMEserver and a client on fedora25

this command on the client: openvpn --config /home/client.ovpn

returns this error:

[thierry@fedora-msi log]$ openvpn --config /home/client.openVPN/client.ovpn
Wed Jul 5 10:39:15 2017 WARNING: file '/home/thierry/Informatique/SMEserver/thierry.p12' is group or others accessible
Wed Jul 5 10:39:15 2017 WARNING: file '/home/client.openVPN/takey.pem' is group or others accessible
Wed Jul 5 10:39:15 2017 OpenVPN 2.4.2 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 11 2017
Wed Jul 5 10:39:15 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.08
Enter Private Key Password: ***************
Wed Jul 5 10:39:21 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jul 5 10:39:21 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]82.240.100.49:1194
Wed Jul 5 10:39:21 2017 UDP link local: (not bound)
Wed Jul 5 10:39:21 2017 UDP link remote: [AF_INET]82.240.100.49:1194
Wed Jul 5 10:40:21 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 5 10:40:21 2017 TLS Error: TLS handshake failed
Wed Jul 5 10:40:21 2017 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 5 10:40:26 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]82.240.100.49:1194

can you help me?
thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: connection client

Post by TinCanTech » Wed Jul 05, 2017 11:41 am


lorenzzacio
OpenVpn Newbie
Posts: 7
Joined: Sun Jun 18, 2017 10:22 pm

connexion impossible

Post by lorenzzacio » Mon Jul 10, 2017 12:48 pm

Hi,

here is the config:
1 server with 2 interfaces eth0 for external INternet et eth1 for inside LAN
i have installed OPENVPN server on this server

i have the certificats:
cacert.pem--------------->CA
cert.pem
cacrl.pem
dh.pem
/etc/openvpn/bridge/openvpn.conf

on the server
behind this server i have a switch and 3 computers connected to this switch
here is the config of one client:
cacert
debergerac.12 -------> pkcs user
debergerac.pem
debergerac-key.pem
takey.pem


HERE is my error:

Code: Select all

[root@fedora-msi Certificats]# openvpn --config /home/thierry/Informatique/SMEserver/Certificats/client.ovpn
Mon Jul 10 14:47:17 2017 WARNING: file '/home/thierry/Informatique/SMEserver/Certificats/takey.pem' is group or others accessible
Mon Jul 10 14:47:17 2017 OpenVPN 2.4.2 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 11 2017
Mon Jul 10 14:47:17 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.08
Mon Jul 10 14:47:18 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.1:1194
Mon Jul 10 14:47:18 2017 UDP link local: (not bound)
Mon Jul 10 14:47:18 2017 UDP link remote: [AF_INET]192.168.0.1:1194
Mon Jul 10 14:47:18 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.1:1194
Mon Jul 10 14:47:20 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.1:1194
Can you help me please?
Regards

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OPENvpn and SMEserver 9.2

Post by TinCanTech » Mon Jul 10, 2017 1:05 pm

lorenzzacio wrote:TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.1:1194
Something is wrong with your --tls-auth

lorenzzacio
OpenVpn Newbie
Posts: 7
Joined: Sun Jun 18, 2017 10:22 pm

Re: OPENvpn and SMEserver 9.2

Post by lorenzzacio » Mon Jul 10, 2017 1:56 pm

here is ma config file in my .ovpn on client:

rport 1194
proto udp
dev tap
nobind
# Uncomment the following line if your system
# support passtos (not supported on Windows)
# passtos
remote smeserver-toshiba
tls-client
tls-auth /home/thierry/Informatique/SMEserver/Certificats/takey.pem 1
--remote-cert-tls server


# Replace user.p12 with the certificate
# bundle in PKCS12 format
#pkcs12 /home/thierry/Informatique/SMEserver/Certificats/debergerac.p12

# You can replace the pkcs12
# directive with the old ones
#ca cacert.pem
#cert user.pem
#key user-key.pem

ca /home/thierry/Informatique/SMEserver/Certificats/cacert.pem
cert /home/thierry/Informatique/SMEserver/Certificats/debergerac.pem
key /home/thierry/Informatique/SMEserver/Certificats/debergerac-key.pem


mtu-test
comp-lzo
pull


here is my config file on the server:

#------------------------------------------------------------
# !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://www.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
# Virtual Interface Configuration

port 1194
proto udp
dev tap0


# Drop down privileges
user nobody
group nobody
chroot /etc/openvpn/bridge

persist-key
persist-tun

# Certificates config
dh pub/dh.pem
ca pub/cacert.pem
cert pub/cert.pem
key priv/key.pem
tls-server



# CRL file for certificates verification
crl-verify pub/cacrl.pem

# Plugin for user-auth


# Server mode
server-bridge 192.168.0.1 255.255.255.0 192.168.0.22 192.168.0.25

# Options
keepalive 10 120
push "dhcp-option DOMAIN trazom.thierry"
push "dhcp-option DNS 192.168.0.1"
push "dhcp-option WINS 192.168.0.1"

mtu-test
passtos


nice 5

# Routes


# Management interface
management localhost 11194 management-pass.txt

# Clients options
client-config-dir ccd
max-clients 20
comp-lzo adaptive
push "comp-lzo adaptive"


# Log
status-version 2
status bridge-status.txt
suppress-timestamps
verb 3


i have No takey.pem on the server.
can you anerror?
bests regards
T

lorenzzacio
OpenVpn Newbie
Posts: 7
Joined: Sun Jun 18, 2017 10:22 pm

Re: OPENvpn and SMEserver 9.2

Post by lorenzzacio » Tue Jul 11, 2017 10:05 am

hi,

i have no more this error but i got another:

Code: Select all

 return
[root@fedora-msi Certificats]# openvpn --config /home/thierry/Informatique/SMEserver/Certificats/client.ovpn
Tue Jul 11 12:02:31 2017 us=703789 WARNING: file '/home/thierry/Informatique/SMEserver/Certificats/takey.pem' is group or others accessible
Tue Jul 11 12:02:31 2017 us=703957 Current Parameter Settings:
Tue Jul 11 12:02:31 2017 us=703967   config = '/home/thierry/Informatique/SMEserver/Certificats/client.ovpn'
Tue Jul 11 12:02:31 2017 us=703972   mode = 0
Tue Jul 11 12:02:31 2017 us=703977   persist_config = DISABLED
Tue Jul 11 12:02:31 2017 us=703981   persist_mode = 1
Tue Jul 11 12:02:31 2017 us=703987   show_ciphers = DISABLED
Tue Jul 11 12:02:31 2017 us=703992   show_digests = DISABLED
Tue Jul 11 12:02:31 2017 us=703997   show_engines = DISABLED
Tue Jul 11 12:02:31 2017 us=704004   genkey = DISABLED
Tue Jul 11 12:02:31 2017 us=704012   key_pass_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704021   show_tls_ciphers = DISABLED
Tue Jul 11 12:02:31 2017 us=704030   connect_retry_max = 0
Tue Jul 11 12:02:31 2017 us=704038 Connection profiles [0]:
Tue Jul 11 12:02:31 2017 us=704047   proto = udp
Tue Jul 11 12:02:31 2017 us=704055   local = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704064   local_port = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704072   remote = '192.168.0.1'
Tue Jul 11 12:02:31 2017 us=704079   remote_port = '1194'
Tue Jul 11 12:02:31 2017 us=704086   remote_float = DISABLED
Tue Jul 11 12:02:31 2017 us=704094   bind_defined = DISABLED
Tue Jul 11 12:02:31 2017 us=704100   bind_local = DISABLED
Tue Jul 11 12:02:31 2017 us=704107   bind_ipv6_only = DISABLED
Tue Jul 11 12:02:31 2017 us=704115   connect_retry_seconds = 5
Tue Jul 11 12:02:31 2017 us=704123   connect_timeout = 120
Tue Jul 11 12:02:31 2017 us=704130   socks_proxy_server = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704138   socks_proxy_port = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704146   tun_mtu = 1500
Tue Jul 11 12:02:31 2017 us=704151   tun_mtu_defined = ENABLED
Tue Jul 11 12:02:31 2017 us=704157   link_mtu = 1500
Tue Jul 11 12:02:31 2017 us=704162   link_mtu_defined = DISABLED
Tue Jul 11 12:02:31 2017 us=704167   tun_mtu_extra = 32
Tue Jul 11 12:02:31 2017 us=704172   tun_mtu_extra_defined = ENABLED
Tue Jul 11 12:02:31 2017 us=704177   mtu_discover_type = -1
Tue Jul 11 12:02:31 2017 us=704182   fragment = 0
Tue Jul 11 12:02:31 2017 us=704187   mssfix = 1450
Tue Jul 11 12:02:31 2017 us=704195   explicit_exit_notification = 0
Tue Jul 11 12:02:31 2017 us=704201 Connection profiles END
Tue Jul 11 12:02:31 2017 us=704209   remote_random = DISABLED
Tue Jul 11 12:02:31 2017 us=704216   ipchange = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704225   dev = 'tap'
Tue Jul 11 12:02:31 2017 us=704232   dev_type = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704239   dev_node = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704246   lladdr = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704254   topology = 1
Tue Jul 11 12:02:31 2017 us=704261   ifconfig_local = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704268   ifconfig_remote_netmask = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704276   ifconfig_noexec = DISABLED
Tue Jul 11 12:02:31 2017 us=704283   ifconfig_nowarn = DISABLED
Tue Jul 11 12:02:31 2017 us=704291   ifconfig_ipv6_local = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704299   ifconfig_ipv6_netbits = 0
Tue Jul 11 12:02:31 2017 us=704307   ifconfig_ipv6_remote = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704315   shaper = 0
Tue Jul 11 12:02:31 2017 us=704322   mtu_test = 1
Tue Jul 11 12:02:31 2017 us=704330   mlock = DISABLED
Tue Jul 11 12:02:31 2017 us=704337   keepalive_ping = 0
Tue Jul 11 12:02:31 2017 us=704345   keepalive_timeout = 0
Tue Jul 11 12:02:31 2017 us=704353   inactivity_timeout = 0
Tue Jul 11 12:02:31 2017 us=704360   ping_send_timeout = 0
Tue Jul 11 12:02:31 2017 us=704368   ping_rec_timeout = 0
Tue Jul 11 12:02:31 2017 us=704375   ping_rec_timeout_action = 0
Tue Jul 11 12:02:31 2017 us=704383   ping_timer_remote = DISABLED
Tue Jul 11 12:02:31 2017 us=704391   remap_sigusr1 = 0
Tue Jul 11 12:02:31 2017 us=704398   persist_tun = DISABLED
Tue Jul 11 12:02:31 2017 us=704406   persist_local_ip = DISABLED
Tue Jul 11 12:02:31 2017 us=704415   persist_remote_ip = DISABLED
Tue Jul 11 12:02:31 2017 us=704422   persist_key = DISABLED
Tue Jul 11 12:02:31 2017 us=704430   passtos = DISABLED
Tue Jul 11 12:02:31 2017 us=704437   resolve_retry_seconds = 1000000000
Tue Jul 11 12:02:31 2017 us=704445   resolve_in_advance = DISABLED
Tue Jul 11 12:02:31 2017 us=704453   username = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704460   groupname = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704468   chroot_dir = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704475   cd_dir = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704483   selinux_context = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704491   writepid = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704498   up_script = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704506   down_script = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704513   down_pre = DISABLED
Tue Jul 11 12:02:31 2017 us=704520   up_restart = DISABLED
Tue Jul 11 12:02:31 2017 us=704527   up_delay = DISABLED
Tue Jul 11 12:02:31 2017 us=704535   daemon = DISABLED
Tue Jul 11 12:02:31 2017 us=704542   inetd = 0
Tue Jul 11 12:02:31 2017 us=704550   log = DISABLED
Tue Jul 11 12:02:31 2017 us=704557   suppress_timestamps = DISABLED
Tue Jul 11 12:02:31 2017 us=704564   machine_readable_output = DISABLED
Tue Jul 11 12:02:31 2017 us=704571   nice = 0
Tue Jul 11 12:02:31 2017 us=704579   verbosity = 9
Tue Jul 11 12:02:31 2017 us=704586   mute = 0
Tue Jul 11 12:02:31 2017 us=704593   gremlin = 0
Tue Jul 11 12:02:31 2017 us=704601   status_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704609   status_file_version = 1
Tue Jul 11 12:02:31 2017 us=704616   status_file_update_freq = 60
Tue Jul 11 12:02:31 2017 us=704625   occ = ENABLED
Tue Jul 11 12:02:31 2017 us=704632   rcvbuf = 0
Tue Jul 11 12:02:31 2017 us=704640   sndbuf = 0
Tue Jul 11 12:02:31 2017 us=704647   mark = 0
Tue Jul 11 12:02:31 2017 us=704654   sockflags = 0
Tue Jul 11 12:02:31 2017 us=704661   fast_io = DISABLED
Tue Jul 11 12:02:31 2017 us=704669   comp.alg = 2
Tue Jul 11 12:02:31 2017 us=704676   comp.flags = 1
Tue Jul 11 12:02:31 2017 us=704684   route_script = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704692   route_default_gateway = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704699   route_default_metric = 0
Tue Jul 11 12:02:31 2017 us=704707   route_noexec = DISABLED
Tue Jul 11 12:02:31 2017 us=704714   route_delay = 0
Tue Jul 11 12:02:31 2017 us=704722   route_delay_window = 30
Tue Jul 11 12:02:31 2017 us=704730   route_delay_defined = DISABLED
Tue Jul 11 12:02:31 2017 us=704737   route_nopull = DISABLED
Tue Jul 11 12:02:31 2017 us=704745   route_gateway_via_dhcp = DISABLED
Tue Jul 11 12:02:31 2017 us=704752   allow_pull_fqdn = DISABLED
Tue Jul 11 12:02:31 2017 us=704759   management_addr = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704766   management_port = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704774   management_user_pass = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704782   management_log_history_cache = 250
Tue Jul 11 12:02:31 2017 us=704789   management_echo_buffer_size = 100
Tue Jul 11 12:02:31 2017 us=704797   management_write_peer_info_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704810   management_client_user = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704818   management_client_group = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704825   management_flags = 0
Tue Jul 11 12:02:31 2017 us=704832   shared_secret_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704840   key_direction = 2
Tue Jul 11 12:02:31 2017 us=704847   ciphername = 'BF-CBC'
Tue Jul 11 12:02:31 2017 us=704854   ncp_enabled = ENABLED
Tue Jul 11 12:02:31 2017 us=704862   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Jul 11 12:02:31 2017 us=704869   authname = 'SHA1'
Tue Jul 11 12:02:31 2017 us=704876   prng_hash = 'SHA1'
Tue Jul 11 12:02:31 2017 us=704883   prng_nonce_secret_len = 16
Tue Jul 11 12:02:31 2017 us=704891   keysize = 0
Tue Jul 11 12:02:31 2017 us=704898   engine = DISABLED
Tue Jul 11 12:02:31 2017 us=704905   replay = ENABLED
Tue Jul 11 12:02:31 2017 us=704912   mute_replay_warnings = DISABLED
Tue Jul 11 12:02:31 2017 us=704920   replay_window = 64
Tue Jul 11 12:02:31 2017 us=704927   replay_time = 15
Tue Jul 11 12:02:31 2017 us=704935   packet_id_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704942   use_iv = ENABLED
Tue Jul 11 12:02:31 2017 us=704949   test_crypto = DISABLED
Tue Jul 11 12:02:31 2017 us=704957   tls_server = DISABLED
Tue Jul 11 12:02:31 2017 us=704965   tls_client = ENABLED
Tue Jul 11 12:02:31 2017 us=704972   key_method = 2
Tue Jul 11 12:02:31 2017 us=704979   ca_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704987   ca_path = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=704993   dh_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705001   cert_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705008   extra_certs_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705016   priv_key_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705023   pkcs12_file = '/home/thierry/Informatique/SMEserver/Certificats/debergerac.p12'
Tue Jul 11 12:02:31 2017 us=705031   cipher_list = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705039   tls_verify = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705046   tls_export_cert = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705054   verify_x509_type = 0
Tue Jul 11 12:02:31 2017 us=705061   verify_x509_name = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705068   crl_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705075   ns_cert_type = 0
Tue Jul 11 12:02:31 2017 us=705083   remote_cert_ku[i] = 65535
Tue Jul 11 12:02:31 2017 us=705090   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705097   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705104   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705112   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705118   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705126   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705133   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705141   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705148   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705155   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705163   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705170   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705177   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705185   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705192   remote_cert_ku[i] = 0
Tue Jul 11 12:02:31 2017 us=705200   remote_cert_eku = 'TLS Web Server Authentication'
Tue Jul 11 12:02:31 2017 us=705207   ssl_flags = 0
Tue Jul 11 12:02:31 2017 us=705214   tls_timeout = 2
Tue Jul 11 12:02:31 2017 us=705221   renegotiate_bytes = -1
Tue Jul 11 12:02:31 2017 us=705229   renegotiate_packets = 0
Tue Jul 11 12:02:31 2017 us=705236   renegotiate_seconds = 3600
Tue Jul 11 12:02:31 2017 us=705243   handshake_window = 60
Tue Jul 11 12:02:31 2017 us=705250   transition_window = 3600
Tue Jul 11 12:02:31 2017 us=705258   single_session = DISABLED
Tue Jul 11 12:02:31 2017 us=705265   push_peer_info = DISABLED
Tue Jul 11 12:02:31 2017 us=705272   tls_exit = DISABLED
Tue Jul 11 12:02:31 2017 us=705279   tls_auth_file = '/home/thierry/Informatique/SMEserver/Certificats/takey.pem'
Tue Jul 11 12:02:31 2017 us=705287   tls_crypt_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705295   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705303   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705311   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705318   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705325   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705332   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705340   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705347   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705354   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705361   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705369   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705376   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705383   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705391   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705398   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705405   pkcs11_protected_authentication = DISABLED
Tue Jul 11 12:02:31 2017 us=705413   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705420   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705428   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705435   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705442   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705449   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705456   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705463   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705471   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705478   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705486   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705493   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705500   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705507   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705515   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705522   pkcs11_private_mode = 00000000
Tue Jul 11 12:02:31 2017 us=705529   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705536   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705544   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705551   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705558   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705565   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705572   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705580   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705587   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705594   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705602   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705609   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705616   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705623   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705631   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705638   pkcs11_cert_private = DISABLED
Tue Jul 11 12:02:31 2017 us=705646   pkcs11_pin_cache_period = -1
Tue Jul 11 12:02:31 2017 us=705652   pkcs11_id = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705660   pkcs11_id_management = DISABLED
Tue Jul 11 12:02:31 2017 us=705669   server_network = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705676   server_netmask = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705692   server_network_ipv6 = ::
Tue Jul 11 12:02:31 2017 us=705698   server_netbits_ipv6 = 0
Tue Jul 11 12:02:31 2017 us=705704   server_bridge_ip = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705718   server_bridge_netmask = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705724   server_bridge_pool_start = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705731   server_bridge_pool_end = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705737   ifconfig_pool_defined = DISABLED
Tue Jul 11 12:02:31 2017 us=705743   ifconfig_pool_start = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705750   ifconfig_pool_end = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705756   ifconfig_pool_netmask = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705762   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705769   ifconfig_pool_persist_refresh_freq = 600
Tue Jul 11 12:02:31 2017 us=705773   ifconfig_ipv6_pool_defined = DISABLED
Tue Jul 11 12:02:31 2017 us=705778   ifconfig_ipv6_pool_base = ::
Tue Jul 11 12:02:31 2017 us=705782   ifconfig_ipv6_pool_netbits = 0
Tue Jul 11 12:02:31 2017 us=705787   n_bcast_buf = 256
Tue Jul 11 12:02:31 2017 us=705791   tcp_queue_limit = 64
Tue Jul 11 12:02:31 2017 us=705798   real_hash_size = 256
Tue Jul 11 12:02:31 2017 us=705807   virtual_hash_size = 256
Tue Jul 11 12:02:31 2017 us=705814   client_connect_script = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705821   learn_address_script = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705827   client_disconnect_script = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705833   client_config_dir = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705839   ccd_exclusive = DISABLED
Tue Jul 11 12:02:31 2017 us=705846   tmp_dir = '/tmp'
Tue Jul 11 12:02:31 2017 us=705851   push_ifconfig_defined = DISABLED
Tue Jul 11 12:02:31 2017 us=705858   push_ifconfig_local = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705865   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jul 11 12:02:31 2017 us=705871   push_ifconfig_ipv6_defined = DISABLED
Tue Jul 11 12:02:31 2017 us=705878   push_ifconfig_ipv6_local = ::/0
Tue Jul 11 12:02:31 2017 us=705882   push_ifconfig_ipv6_remote = ::
Tue Jul 11 12:02:31 2017 us=705887   enable_c2c = DISABLED
Tue Jul 11 12:02:31 2017 us=705891   duplicate_cn = DISABLED
Tue Jul 11 12:02:31 2017 us=705895   cf_max = 0
Tue Jul 11 12:02:31 2017 us=705899   cf_per = 0
Tue Jul 11 12:02:31 2017 us=705904   max_clients = 1024
Tue Jul 11 12:02:31 2017 us=705908   max_routes_per_client = 256
Tue Jul 11 12:02:31 2017 us=705914   auth_user_pass_verify_script = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705921   auth_user_pass_verify_script_via_file = DISABLED
Tue Jul 11 12:02:31 2017 us=705928   auth_token_generate = DISABLED
Tue Jul 11 12:02:31 2017 us=705934   auth_token_lifetime = 0
Tue Jul 11 12:02:31 2017 us=705940   port_share_host = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705946   port_share_port = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705953   client = DISABLED
Tue Jul 11 12:02:31 2017 us=705959   pull = ENABLED
Tue Jul 11 12:02:31 2017 us=705965   auth_user_pass_file = '[UNDEF]'
Tue Jul 11 12:02:31 2017 us=705972 OpenVPN 2.4.2 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 11 2017
Tue Jul 11 12:02:31 2017 us=705984 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.08
Tue Jul 11 12:02:31 2017 us=706018 PKCS#11: pkcs11_initialize - entered
Tue Jul 11 12:02:31 2017 us=706047 PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
Tue Jul 11 12:02:31 2017 us=706062 PO_INIT maxevents=4 flags=0x00000002
Tue Jul 11 12:02:31 2017 us=708865 PRNG init md=SHA1 size=36
Tue Jul 11 12:02:31 2017 us=708928 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 11 12:02:31 2017 us=708940 Outgoing Control Channel Authentication: HMAC KEY: 7369e170 75b800ac c239f132 b8444152 40773de0
Tue Jul 11 12:02:31 2017 us=708946 Outgoing Control Channel Authentication: HMAC size=20 block_size=20
Tue Jul 11 12:02:31 2017 us=708955 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 11 12:02:31 2017 us=708964 Incoming Control Channel Authentication: HMAC KEY: 680d319c d83a370c 42d7e7a6 b61af13c 9ccdb25d
Tue Jul 11 12:02:31 2017 us=708969 Incoming Control Channel Authentication: HMAC size=20 block_size=20
Tue Jul 11 12:02:31 2017 us=708977 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 28 bytes
Tue Jul 11 12:02:31 2017 us=708984 LZO compression initializing
Tue Jul 11 12:02:31 2017 us=709000 TLS: tls_session_init: entry
Tue Jul 11 12:02:31 2017 us=709008 PID packet_id_init seq_backtrack=64 time_backtrack=15
Tue Jul 11 12:02:31 2017 us=709029 PID packet_id_init seq_backtrack=64 time_backtrack=15
Tue Jul 11 12:02:31 2017 us=709037 TLS: tls_session_init: new session object, sid=97c747de 501a62dc
Tue Jul 11 12:02:31 2017 us=709043 TLS: tls_session_init: entry
Tue Jul 11 12:02:31 2017 us=709054 PID packet_id_init seq_backtrack=64 time_backtrack=15
Tue Jul 11 12:02:31 2017 us=709071 PID packet_id_init seq_backtrack=64 time_backtrack=15
Tue Jul 11 12:02:31 2017 us=709078 TLS: tls_session_init: new session object, sid=248ef8bd 8898700f
Tue Jul 11 12:02:31 2017 us=709086 Control Channel MTU parms [ L:1654 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Jul 11 12:02:31 2017 us=709102 MTU DYNAMIC mtu=1450, flags=2, 1654 -> 1450
Tue Jul 11 12:02:31 2017 us=709114 RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0
Tue Jul 11 12:02:31 2017 us=709121 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Tue Jul 11 12:02:31 2017 us=709131 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 40 bytes
Tue Jul 11 12:02:31 2017 us=709136 calc_options_string_link_mtu: link-mtu 1654 -> 1574
Tue Jul 11 12:02:31 2017 us=709146 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 40 bytes
Tue Jul 11 12:02:31 2017 us=709151 calc_options_string_link_mtu: link-mtu 1654 -> 1574
Tue Jul 11 12:02:31 2017 us=709162 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Jul 11 12:02:31 2017 us=709167 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Jul 11 12:02:31 2017 us=709177 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.1:1194
Tue Jul 11 12:02:31 2017 us=709214 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 11 12:02:31 2017 us=709221 UDP link local: (not bound)
Tue Jul 11 12:02:31 2017 us=709229 UDP link remote: [AF_INET]192.168.0.1:1194
Tue Jul 11 12:02:31 2017 us=709238 TIMER: coarse timer wakeup 1 seconds
Tue Jul 11 12:02:31 2017 us=709247 TLS: tls_multi_process: i=0 state=S_INITIAL, mysid=97c747de 501a62dc, stored-sid=00000000 00000000, stored-ip=[AF_INET]192.168.0.1:1194
Tue Jul 11 12:02:31 2017 us=709253 TLS: tls_process: chg=0 ks=S_INITIAL lame=S_UNDEF to_link->len=0 wakeup=604800
Tue Jul 11 12:02:31 2017 us=709257 ACK mark active outgoing ID 0
Tue Jul 11 12:02:31 2017 us=709262 TLS: Initial Handshake, sid=97c747de 501a62dc
Tue Jul 11 12:02:31 2017 us=709269 ACK reliable_can_send active=1 current=1 : [1] 0
Tue Jul 11 12:02:31 2017 us=709276 ACK reliable_send ID 0 (size=4 to=2)
Tue Jul 11 12:02:31 2017 us=709288 ENCRYPT HMAC: 70b71bff 548cc475 dbe3fc5e 911be34f 40f8b5ac
Tue Jul 11 12:02:31 2017 us=709299 ENCRYPT TO: 70b71bff 548cc475 dbe3fc5e 911be34f 40f8b5ac 00000001 5964a237 3897c74[more...]
Tue Jul 11 12:02:31 2017 us=709305 Reliable -> TCP/UDP
Tue Jul 11 12:02:31 2017 us=709312 ACK reliable_send_timeout 2 [1] 0
Tue Jul 11 12:02:31 2017 us=709317 TLS: tls_process: timeout set to 2
Tue Jul 11 12:02:31 2017 us=709327 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=248ef8bd 8898700f, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Tue Jul 11 12:02:31 2017 us=709336 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
Tue Jul 11 12:02:31 2017 us=709344 RANDOM USEC=119270
Tue Jul 11 12:02:31 2017 us=709350 PO_CTL rwflags=0x0003 ev=3 arg=0x564656735150
Tue Jul 11 12:02:31 2017 us=709359 I/O WAIT T?|T?|SR|SW [1/119270]
Tue Jul 11 12:02:31 2017 us=709366 PO_WAIT[0,0] fd=3 rev=0x00000004 rwflags=0x0002 arg=0x564656735150 
Tue Jul 11 12:02:31 2017 us=709371  event_wait returned 1
Tue Jul 11 12:02:31 2017 us=709374 I/O WAIT status=0x0002
[b][i]Tue Jul 11 12:02:31 2017 us=709388 UDP WRITE [42] to [AF_INET]192.168.0.1:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=97c747de [b]501a62dc tls_hmac=70b71bff 548cc475 dbe3fc5e 911be34f 40f8b5ac pid=[ #1 / time = (1499767351) Tue Jul 11 12:02:31 2017 ] [ ] pid=0 DATA 
Tue Jul 11 12:02:31 2017 us=709398 UDP write returned -1
Tue Jul 11 12:02:31 2017 us=709406 write UDP: Network is unreachable (code=101)
Tue Jul 11 12:02:31 2017 us=709410 Network unreachable, restarting[/b][/i]
Tue Jul 11 12:02:31 2017 us=709424 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709435 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709440 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709444 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709450 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709454 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709458 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709462 PID packet_id_free
Tue Jul 11 12:02:31 2017 us=709475 TCP/UDP: Closing socket

the error is below:

Code: Select all

[b][i]Tue Jul 11 12:02:31 2017 us=709388 UDP WRITE [42] to [AF_INET]192.168.0.1:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=97c747de [b]501a62dc tls_hmac=70b71bff 548cc475 dbe3fc5e 911be34f 40f8b5ac pid=[ #1 / time = (1499767351) Tue Jul 11 12:02:31 2017 ] [ ] pid=0 DATA 
Tue Jul 11 12:02:31 2017 us=709398 UDP write returned -1
Tue Jul 11 12:02:31 2017 us=709406 write UDP: Network is unreachable (code=101)
Tue Jul 11 12:02:31 2017 us=709410 Network unreachable, restarting[/b][/i]
can you help me please?
Thanks

Post Reply