J'ai récemment voulu supprimer mon routeur pfsense pour faire tout mon routage a base d'iptables.
J'ai donc du supprimer le service openvpn de pfsense. A la place, j'ai recréé un serveur OpenVPN.
Cependant, je n'arrive pas a debugger cette erreur :/
Tous les certificats sont crée a partir du serveur puis signer par ma pki intermédiaire ( Serveur distant) sauf le Diffie-Helman.
Conf Client:
Code: Select all
dev tun
persist-key
persist-tun
cipher AES-256-CBC
client
resolv-retry infinite
http-proxy proxy.com 8000 stdin ntlm
remote mathieuborn.fr 443 tcp-client
redirect-gateway def1
ca cacert.pem
cert Mathieu.crt
key Mathieu.key
;auth-user-pass
ns-cert-type server
tls-auth ta.key 1
tls-client
verb 3
;proto tcp
Code: Select all
Fri Jun 16 11:42:47 2017 OpenVPN 2.3.14 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 7 2016
Fri Jun 16 11:42:47 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jun 16 11:42:47 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Enter Management Password:
Fri Jun 16 11:42:47 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jun 16 11:42:47 2017 Need hold release from management interface, waiting...
Fri Jun 16 11:42:48 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'state on'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'log all on'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'hold off'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'hold release'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'proxy HTTP proxy.fr 8000'
Fri Jun 16 11:42:55 2017 MANAGEMENT: CMD 'username "HTTP Proxy" "born"'
Fri Jun 16 11:42:55 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 11:43:01 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 11:43:01 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jun 16 11:43:01 2017 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Jun 16 11:43:01 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:43:01 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:43:01 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jun 16 11:43:01 2017 MANAGEMENT: >STATE:1497606181,RESOLVE,,,
Fri Jun 16 11:43:01 2017 Attempting to establish TCP connection with [AF_INET]10.223.121.30:8000 [nonblock]
Fri Jun 16 11:43:01 2017 MANAGEMENT: >STATE:1497606181,TCP_CONNECT,,,
Fri Jun 16 11:43:02 2017 TCP connection established with [AF_INET]10.223.121.30:8000
Fri Jun 16 11:43:02 2017 Send to HTTP proxy: 'CONNECT Moi.fr:443 HTTP/1.0'
Fri Jun 16 11:43:02 2017 Attempting NTLM Proxy-Authorization phase 1
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required'
Fri Jun 16 11:43:02 2017 Proxy requires authentication
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Server: squid'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Mime-Version: 1.0'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Date: Fri, 16 Jun 2017 09:43:02 GMT'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Content-Type: text/html'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Content-Length: 3121'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADAAAAACAgAAwub0hkHGCkAAAAAAAAAAAAAAAAAwAAAA'
Fri Jun 16 11:43:02 2017 auth string: 'TlRMTVNTUAACAAAAAAAAADAAAAACAgAAwub0hkHGCkAAAAAAAAAAAAAAAAAwAAAA'
Fri Jun 16 11:43:02 2017 Received NTLM Proxy-Authorization phase 2 response
Fri Jun 16 11:43:04 2017 recv_line: TCP port read timeout expired
Fri Jun 16 11:43:04 2017 Send to HTTP proxy: 'CONNECT Moi.fr:443 HTTP/1.0'
Fri Jun 16 11:43:04 2017 Send to HTTP proxy: 'Host: Moi.fr'
Fri Jun 16 11:43:04 2017 Attempting NTLM Proxy-Authorization phase 3
Fri Jun 16 11:43:04 2017 Send to HTTP proxy: 'Proxy-Authorization: NTLM TlRMTVNTUAADAAAAAAAAAFwAAAAYABgAQAAAAAAAAABcAAAABAAEAFgAAAAAAAAAXAAAAAAAAABcAAAAAgIAAImQxhbxzF0L+8eGsmN4rkqmmzmTXaObDmJvcm4='
Fri Jun 16 11:43:04 2017 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Fri Jun 16 11:43:06 2017 TCPv4_CLIENT link local: [undef]
Fri Jun 16 11:43:06 2017 TCPv4_CLIENT link remote: [AF_INET]10.223.121.30:8000
Fri Jun 16 11:43:06 2017 MANAGEMENT: >STATE:1497606186,WAIT,,,
Fri Jun 16 11:43:06 2017 Connection reset, restarting [0]
Fri Jun 16 11:43:06 2017 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jun 16 11:43:06 2017 MANAGEMENT: >STATE:1497606186,RECONNECTING,connection-reset,,
Code: Select all
# Config ecoute
port 443
proto tcp
dev tun0
mode server
tls-server
persist-key
persist-tun
# Certificats SSL/TLS
ca cert/cacert.pem
cert cert/Serveur-VPN.crt
key cert/Serveur-VPN.key
# Chiffrement statique
dh cert/dh2048.pem
tls-auth cert/ta.key
# Configuration fournie aux clients
server 192.168.3.0 255.255.255.0
# Gestion de la connexion avec le client
keepalive 10 120
tun-mtu 1300
mssfix
cipher AES-256-CBC
max-clients 5
client-to-client
# Debug ?
verb 4
status /var/log/openvpn-status-server.log
Code: Select all
Fri Jun 16 11:58:28 2017 us=595615 Current Parameter Settings:
Fri Jun 16 11:58:28 2017 us=595678 config = 'server.conf'
Fri Jun 16 11:58:28 2017 us=595686 mode = 1
Fri Jun 16 11:58:28 2017 us=595691 persist_config = DISABLED
Fri Jun 16 11:58:28 2017 us=595694 persist_mode = 1
Fri Jun 16 11:58:28 2017 us=595698 show_ciphers = DISABLED
Fri Jun 16 11:58:28 2017 us=595701 show_digests = DISABLED
Fri Jun 16 11:58:28 2017 us=595705 show_engines = DISABLED
Fri Jun 16 11:58:28 2017 us=595708 genkey = DISABLED
Fri Jun 16 11:58:28 2017 us=595712 key_pass_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595716 show_tls_ciphers = DISABLED
Fri Jun 16 11:58:28 2017 us=595720 Connection profiles [default]:
Fri Jun 16 11:58:28 2017 us=595724 proto = tcp-server
Fri Jun 16 11:58:28 2017 us=595744 local = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595748 local_port = 443
Fri Jun 16 11:58:28 2017 us=595751 remote = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595755 remote_port = 443
Fri Jun 16 11:58:28 2017 us=595758 remote_float = DISABLED
Fri Jun 16 11:58:28 2017 us=595761 bind_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=595765 bind_local = ENABLED
Fri Jun 16 11:58:28 2017 us=595768 connect_retry_seconds = 5
Fri Jun 16 11:58:28 2017 us=595772 connect_timeout = 10
Fri Jun 16 11:58:28 2017 us=595775 connect_retry_max = 0
Fri Jun 16 11:58:28 2017 us=595779 socks_proxy_server = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595783 socks_proxy_port = 0
Fri Jun 16 11:58:28 2017 us=595786 socks_proxy_retry = DISABLED
Fri Jun 16 11:58:28 2017 us=595790 tun_mtu = 1300
Fri Jun 16 11:58:28 2017 us=595793 tun_mtu_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=595796 link_mtu = 1500
Fri Jun 16 11:58:28 2017 us=595800 link_mtu_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=595803 tun_mtu_extra = 0
Fri Jun 16 11:58:28 2017 us=595807 tun_mtu_extra_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=595810 mtu_discover_type = -1
Fri Jun 16 11:58:28 2017 us=595813 fragment = 0
Fri Jun 16 11:58:28 2017 us=595817 mssfix = 1450
Fri Jun 16 11:58:28 2017 us=595820 explicit_exit_notification = 0
Fri Jun 16 11:58:28 2017 us=595824 Connection profiles END
Fri Jun 16 11:58:28 2017 us=595827 remote_random = DISABLED
Fri Jun 16 11:58:28 2017 us=595830 ipchange = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595834 dev = 'tun0'
Fri Jun 16 11:58:28 2017 us=595837 dev_type = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595841 dev_node = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595844 lladdr = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595847 topology = 1
Fri Jun 16 11:58:28 2017 us=595851 tun_ipv6 = DISABLED
Fri Jun 16 11:58:28 2017 us=595854 ifconfig_local = '192.168.3.1'
Fri Jun 16 11:58:28 2017 us=595858 ifconfig_remote_netmask = '192.168.3.2'
Fri Jun 16 11:58:28 2017 us=595861 ifconfig_noexec = DISABLED
Fri Jun 16 11:58:28 2017 us=595865 ifconfig_nowarn = DISABLED
Fri Jun 16 11:58:28 2017 us=595868 ifconfig_ipv6_local = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595871 ifconfig_ipv6_netbits = 0
Fri Jun 16 11:58:28 2017 us=595875 ifconfig_ipv6_remote = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595878 shaper = 0
Fri Jun 16 11:58:28 2017 us=595882 mtu_test = 0
Fri Jun 16 11:58:28 2017 us=595885 mlock = DISABLED
Fri Jun 16 11:58:28 2017 us=595889 keepalive_ping = 10
Fri Jun 16 11:58:28 2017 us=595892 keepalive_timeout = 120
Fri Jun 16 11:58:28 2017 us=595895 inactivity_timeout = 0
Fri Jun 16 11:58:28 2017 us=595899 ping_send_timeout = 10
Fri Jun 16 11:58:28 2017 us=595902 ping_rec_timeout = 240
Fri Jun 16 11:58:28 2017 us=595906 ping_rec_timeout_action = 2
Fri Jun 16 11:58:28 2017 us=595909 ping_timer_remote = DISABLED
Fri Jun 16 11:58:28 2017 us=595913 remap_sigusr1 = 0
Fri Jun 16 11:58:28 2017 us=595916 persist_tun = ENABLED
Fri Jun 16 11:58:28 2017 us=595919 persist_local_ip = DISABLED
Fri Jun 16 11:58:28 2017 us=595928 persist_remote_ip = DISABLED
Fri Jun 16 11:58:28 2017 us=595933 persist_key = ENABLED
Fri Jun 16 11:58:28 2017 us=595936 passtos = DISABLED
Fri Jun 16 11:58:28 2017 us=595940 resolve_retry_seconds = 1000000000
Fri Jun 16 11:58:28 2017 us=595947 username = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595951 groupname = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595955 chroot_dir = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595958 cd_dir = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595962 writepid = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595965 up_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595968 down_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595972 down_pre = DISABLED
Fri Jun 16 11:58:28 2017 us=595975 up_restart = DISABLED
Fri Jun 16 11:58:28 2017 us=595978 up_delay = DISABLED
Fri Jun 16 11:58:28 2017 us=595982 daemon = DISABLED
Fri Jun 16 11:58:28 2017 us=595985 inetd = 0
Fri Jun 16 11:58:28 2017 us=595989 log = DISABLED
Fri Jun 16 11:58:28 2017 us=595992 suppress_timestamps = DISABLED
Fri Jun 16 11:58:28 2017 us=595996 nice = 0
Fri Jun 16 11:58:28 2017 us=595999 verbosity = 4
Fri Jun 16 11:58:28 2017 us=596002 mute = 0
Fri Jun 16 11:58:28 2017 us=596006 gremlin = 0
Fri Jun 16 11:58:28 2017 us=596009 status_file = '/var/log/openvpn-status-server.log'
Fri Jun 16 11:58:28 2017 us=596013 status_file_version = 1
Fri Jun 16 11:58:28 2017 us=596017 status_file_update_freq = 60
Fri Jun 16 11:58:28 2017 us=596020 occ = ENABLED
Fri Jun 16 11:58:28 2017 us=596023 rcvbuf = 65536
Fri Jun 16 11:58:28 2017 us=596027 sndbuf = 65536
Fri Jun 16 11:58:28 2017 us=596030 mark = 0
Fri Jun 16 11:58:28 2017 us=596034 sockflags = 0
Fri Jun 16 11:58:28 2017 us=596037 fast_io = DISABLED
Fri Jun 16 11:58:28 2017 us=596040 lzo = 0
Fri Jun 16 11:58:28 2017 us=596044 route_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596047 route_default_gateway = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596051 route_default_metric = 0
Fri Jun 16 11:58:28 2017 us=596054 route_noexec = DISABLED
Fri Jun 16 11:58:28 2017 us=596058 route_delay = 0
Fri Jun 16 11:58:28 2017 us=596062 route_delay_window = 30
Fri Jun 16 11:58:28 2017 us=596065 route_delay_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596069 route_nopull = DISABLED
Fri Jun 16 11:58:28 2017 us=596072 route_gateway_via_dhcp = DISABLED
Fri Jun 16 11:58:28 2017 us=596076 max_routes = 100
Fri Jun 16 11:58:28 2017 us=596079 allow_pull_fqdn = DISABLED
Fri Jun 16 11:58:28 2017 us=596083 route 192.168.3.0/255.255.255.0/nil/nil
Fri Jun 16 11:58:28 2017 us=596087 management_addr = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596090 management_port = 0
Fri Jun 16 11:58:28 2017 us=596094 management_user_pass = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596097 management_log_history_cache = 250
Fri Jun 16 11:58:28 2017 us=596101 management_echo_buffer_size = 100
Fri Jun 16 11:58:28 2017 us=596104 management_write_peer_info_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596127 management_client_user = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596130 management_client_group = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596134 management_flags = 0
Fri Jun 16 11:58:28 2017 us=596138 shared_secret_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596141 key_direction = 0
Fri Jun 16 11:58:28 2017 us=596145 ciphername_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=596149 ciphername = 'AES-256-CBC'
Fri Jun 16 11:58:28 2017 us=596153 authname_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=596156 authname = 'SHA1'
Fri Jun 16 11:58:28 2017 us=596160 prng_hash = 'SHA1'
Fri Jun 16 11:58:28 2017 us=596163 prng_nonce_secret_len = 16
Fri Jun 16 11:58:28 2017 us=596167 keysize = 0
Fri Jun 16 11:58:28 2017 us=596171 engine = DISABLED
Fri Jun 16 11:58:28 2017 us=596174 replay = ENABLED
Fri Jun 16 11:58:28 2017 us=596178 mute_replay_warnings = DISABLED
Fri Jun 16 11:58:28 2017 us=596181 replay_window = 64
Fri Jun 16 11:58:28 2017 us=596185 replay_time = 15
Fri Jun 16 11:58:28 2017 us=596189 packet_id_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596192 use_iv = ENABLED
Fri Jun 16 11:58:28 2017 us=596196 test_crypto = DISABLED
Fri Jun 16 11:58:28 2017 us=596199 tls_server = ENABLED
Fri Jun 16 11:58:28 2017 us=596203 tls_client = DISABLED
Fri Jun 16 11:58:28 2017 us=596213 key_method = 2
Fri Jun 16 11:58:28 2017 us=596217 ca_file = 'cert/cacert.pem'
Fri Jun 16 11:58:28 2017 us=596221 ca_path = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596225 dh_file = 'cert/dh2048.pem'
Fri Jun 16 11:58:28 2017 us=596229 cert_file = 'cert/Serveur-VPN.crt'
Fri Jun 16 11:58:28 2017 us=596233 priv_key_file = 'cert/Serveur-VPN.key'
Fri Jun 16 11:58:28 2017 us=596236 pkcs12_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596240 cipher_list = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596244 tls_verify = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596247 tls_export_cert = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596251 verify_x509_type = 0
Fri Jun 16 11:58:28 2017 us=596255 verify_x509_name = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596258 crl_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596262 ns_cert_type = 0
Fri Jun 16 11:58:28 2017 us=596266 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596269 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596273 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596276 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596280 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596283 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596287 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596290 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596294 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596297 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596301 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596304 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596307 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596311 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596314 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596318 remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596321 remote_cert_eku = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596325 ssl_flags = 0
Fri Jun 16 11:58:28 2017 us=596329 tls_timeout = 2
Fri Jun 16 11:58:28 2017 us=596332 renegotiate_bytes = 0
Fri Jun 16 11:58:28 2017 us=596336 renegotiate_packets = 0
Fri Jun 16 11:58:28 2017 us=596339 renegotiate_seconds = 3600
Fri Jun 16 11:58:28 2017 us=596343 handshake_window = 60
Fri Jun 16 11:58:28 2017 us=596346 transition_window = 3600
Fri Jun 16 11:58:28 2017 us=596350 single_session = DISABLED
Fri Jun 16 11:58:28 2017 us=596354 push_peer_info = DISABLED
Fri Jun 16 11:58:28 2017 us=596357 tls_exit = DISABLED
Fri Jun 16 11:58:28 2017 us=596361 tls_auth_file = 'cert/ta.key'
Fri Jun 16 11:58:28 2017 us=596365 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596368 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596372 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596376 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596379 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596383 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596386 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596390 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596393 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596397 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596400 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596404 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596407 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596411 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596414 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596418 pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596422 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596426 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596429 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596433 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596439 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596442 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596446 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596449 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596453 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596456 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596460 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596463 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596467 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596470 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596474 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596477 pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596481 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596484 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596488 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596491 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596494 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596498 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596501 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596505 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596508 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596511 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596515 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596518 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596522 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596525 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596529 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596532 pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596553 pkcs11_pin_cache_period = -1
Fri Jun 16 11:58:28 2017 us=596556 pkcs11_id = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596560 pkcs11_id_management = DISABLED
Fri Jun 16 11:58:28 2017 us=596564 server_network = 192.168.3.0
Fri Jun 16 11:58:28 2017 us=596568 server_netmask = 255.255.255.0
Fri Jun 16 11:58:28 2017 us=596573 server_network_ipv6 = ::
Fri Jun 16 11:58:28 2017 us=596577 server_netbits_ipv6 = 0
Fri Jun 16 11:58:28 2017 us=596581 server_bridge_ip = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596585 server_bridge_netmask = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596589 server_bridge_pool_start = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596593 server_bridge_pool_end = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596596 push_entry = 'route 192.168.3.0 255.255.255.0'
Fri Jun 16 11:58:28 2017 us=596600 push_entry = 'topology net30'
Fri Jun 16 11:58:28 2017 us=596603 push_entry = 'ping 10'
Fri Jun 16 11:58:28 2017 us=596607 push_entry = 'ping-restart 120'
Fri Jun 16 11:58:28 2017 us=596610 ifconfig_pool_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=596614 ifconfig_pool_start = 192.168.3.4
Fri Jun 16 11:58:28 2017 us=596621 ifconfig_pool_end = 192.168.3.251
Fri Jun 16 11:58:28 2017 us=596626 ifconfig_pool_netmask = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596630 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596634 ifconfig_pool_persist_refresh_freq = 600
Fri Jun 16 11:58:28 2017 us=596638 ifconfig_ipv6_pool_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596642 ifconfig_ipv6_pool_base = ::
Fri Jun 16 11:58:28 2017 us=596645 ifconfig_ipv6_pool_netbits = 0
Fri Jun 16 11:58:28 2017 us=596649 n_bcast_buf = 256
Fri Jun 16 11:58:28 2017 us=596652 tcp_queue_limit = 64
Fri Jun 16 11:58:28 2017 us=596656 real_hash_size = 256
Fri Jun 16 11:58:28 2017 us=596659 virtual_hash_size = 256
Fri Jun 16 11:58:28 2017 us=596663 client_connect_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596666 learn_address_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596670 client_disconnect_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596673 client_config_dir = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596677 ccd_exclusive = DISABLED
Fri Jun 16 11:58:28 2017 us=596683 tmp_dir = '/tmp'
Fri Jun 16 11:58:28 2017 us=596687 push_ifconfig_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596691 push_ifconfig_local = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596695 push_ifconfig_remote_netmask = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596699 push_ifconfig_ipv6_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596703 push_ifconfig_ipv6_local = ::/0
Fri Jun 16 11:58:28 2017 us=596707 push_ifconfig_ipv6_remote = ::
Fri Jun 16 11:58:28 2017 us=596711 enable_c2c = ENABLED
Fri Jun 16 11:58:28 2017 us=596714 duplicate_cn = DISABLED
Fri Jun 16 11:58:28 2017 us=596718 cf_max = 0
Fri Jun 16 11:58:28 2017 us=596721 cf_per = 0
Fri Jun 16 11:58:28 2017 us=596725 max_clients = 5
Fri Jun 16 11:58:28 2017 us=596728 max_routes_per_client = 256
Fri Jun 16 11:58:28 2017 us=596731 auth_user_pass_verify_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596740 auth_user_pass_verify_script_via_file = DISABLED
Fri Jun 16 11:58:28 2017 us=596745 port_share_host = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596749 port_share_port = 0
Fri Jun 16 11:58:28 2017 us=596752 client = DISABLED
Fri Jun 16 11:58:28 2017 us=596756 pull = DISABLED
Fri Jun 16 11:58:28 2017 us=596759 auth_user_pass_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596764 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri Jun 16 11:58:28 2017 us=596776 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Fri Jun 16 11:58:28 2017 us=596944 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Jun 16 11:58:28 2017 us=597211 Diffie-Hellman initialized with 2048 bit key
Fri Jun 16 11:58:28 2017 us=597532 Control Channel Authentication: using 'cert/ta.key' as a OpenVPN static key file
Fri Jun 16 11:58:28 2017 us=597548 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:58:28 2017 us=597553 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:58:28 2017 us=597559 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1300)
Fri Jun 16 11:58:28 2017 us=597565 TLS-Auth MTU parms [ L:1359 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri Jun 16 11:58:28 2017 us=597580 Socket Buffers: R=[87380->131072] S=[16384->131072]
Fri Jun 16 11:58:28 2017 us=597672 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:de:b9:fd
Fri Jun 16 11:58:28 2017 us=598300 TUN/TAP device tun0 opened
Fri Jun 16 11:58:28 2017 us=598321 TUN/TAP TX queue length set to 100
Fri Jun 16 11:58:28 2017 us=598330 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jun 16 11:58:28 2017 us=598359 /sbin/ip link set dev tun0 up mtu 1300
Fri Jun 16 11:58:28 2017 us=599706 /sbin/ip addr add dev tun0 local 192.168.3.1 peer 192.168.3.2
Fri Jun 16 11:58:28 2017 us=601245 /sbin/ip route add 192.168.3.0/24 via 192.168.3.2
Fri Jun 16 11:58:28 2017 us=602285 Data Channel MTU parms [ L:1359 D:1359 EF:59 EB:4 ET:0 EL:0 ]
Fri Jun 16 11:58:28 2017 us=602309 Listening for incoming TCP connection on [undef]
Fri Jun 16 11:58:28 2017 us=602321 TCPv4_SERVER link local (bound): [undef]
Fri Jun 16 11:58:28 2017 us=602325 TCPv4_SERVER link remote: [undef]
Fri Jun 16 11:58:28 2017 us=602332 MULTI: multi_init called, r=256 v=256
Fri Jun 16 11:58:28 2017 us=602353 IFCONFIG POOL: base=192.168.3.4 size=62, ipv6=0
Fri Jun 16 11:58:28 2017 us=602362 MULTI: TCP INIT maxclients=5 maxevents=9
Fri Jun 16 11:58:28 2017 us=602372 Initialization Sequence Completed
Fri Jun 16 11:59:04 2017 us=913994 MULTI: multi_create_instance called
Fri Jun 16 11:59:04 2017 us=914156 Re-using SSL/TLS context
Fri Jun 16 11:59:04 2017 us=914174 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1300)
Fri Jun 16 11:59:04 2017 us=914321 Control Channel MTU parms [ L:1359 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri Jun 16 11:59:04 2017 us=914348 Data Channel MTU parms [ L:1359 D:1359 EF:59 EB:4 ET:0 EL:0 ]
Fri Jun 16 11:59:04 2017 us=914374 Local Options String: 'V4,dev-type tun,link-mtu 1359,tun-mtu 1300,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Fri Jun 16 11:59:04 2017 us=914393 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1359,tun-mtu 1300,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Fri Jun 16 11:59:04 2017 us=914412 Local Options hash (VER=V4): '311e9f19'
Fri Jun 16 11:59:04 2017 us=914421 Expected Remote Options hash (VER=V4): 'efe82be8'
Fri Jun 16 11:59:04 2017 us=914442 TCP connection established with [AF_INET] IP:Port
Fri Jun 16 11:59:04 2017 us=914448 TCPv4_SERVER link local: [undef]
Fri Jun 16 11:59:04 2017 us=914453 TCPv4_SERVER link remote: [AF_INET] IP:Port
Fri Jun 16 11:59:06 2017 us=918321 IP:Port TLS: Initial packet from [AF_INET] IP:Port , sid=757a0e7d 516df98c
Fri Jun 16 11:59:06 2017 us=918375 IP:Port Authenticate/Decrypt packet error: packet HMAC authentication failed
Fri Jun 16 11:59:06 2017 us=918388 IP:Port TLS Error: incoming packet authentication failed from [AF_INET] IP:Port
Fri Jun 16 11:59:06 2017 us=918413 IP:Port Fatal TLS error (check_tls_errors_co), restarting
Fri Jun 16 11:59:06 2017 us=918420 IP:Port SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Jun 16 11:59:06 2017 us=918481 TCP/UDP: Closing socket
Fri Jun 16 11:59:16 2017 us=244448 TCP/UDP: Closing socket
Fri Jun 16 11:59:16 2017 us=244596 /sbin/ip route del 192.168.3.0/24
Fri Jun 16 11:59:16 2017 us=246421 Closing TUN/TAP interface
Fri Jun 16 11:59:16 2017 us=246502 /sbin/ip addr del dev tun0 local 192.168.3.1 peer 192.168.3.2
Fri Jun 16 11:59:16 2017 us=257936 SIGINT[hard,] received, process exiting
Merci de votre aide.