Problem med openvpn

Skriv svar

2011-08-30 21:59

Permalänk

Robanswe

Medlem

Registrerad: Dec 2008

●

Problem med openvpn

Hallå, Jag försöker få Openvpn att funka men det går inte så bra. Fick det att funka några timmar sen ändra jag nogra små saker och det slutade funka. Ändrade tillbaka men det funkar fortfarande inte o.0 Har suttit med detta problem i runt 10 timmar nu så börjar bli galen. Problemet är att jag kan connecta till vpn servern och allt funkar nästan som det ska. Jag kan pinga och göra andra mycket små saker. Men om jag försöker sända lite mer data än en liten ping så dör vpn anslutningen på några få ms så som att öppna en hemsida. Här är loggen:

Client log:

Tue Aug 30 20:45:59 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul  1 2011
Tue Aug 30 20:46:04 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Aug 30 20:46:04 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Aug 30 20:46:04 2011 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 30 20:46:04 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Aug 30 20:46:04 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Tue Aug 30 20:46:04 2011 Local Options hash (VER=V4): 'db02a8f8'
Tue Aug 30 20:46:04 2011 Expected Remote Options hash (VER=V4): '7e068940'
Tue Aug 30 20:46:04 2011 Attempting to establish TCP connection with 109.74.5.189:443
Tue Aug 30 20:46:04 2011 TCP connection established with 109.74.5.189:443
Tue Aug 30 20:46:04 2011 TCPv4_CLIENT link local: [undef]
Tue Aug 30 20:46:04 2011 TCPv4_CLIENT link remote: 109.74.5.189:443
Tue Aug 30 20:46:04 2011 TLS: Initial packet from 109.74.5.189:443, sid=d536e275 96daac14
Tue Aug 30 20:46:04 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Aug 30 20:46:05 2011 VERIFY OK: depth=1, /C=SE/ST=VG/L=Fargelanda/O=udcs/OU=udcs/CN=udcs-tss.com/name=Roban/emailAddress=help@udcs-tss.com
Tue Aug 30 20:46:05 2011 VERIFY OK: depth=0, /C=SE/ST=VG/L=Fargelanda/O=udcs/OU=udcs/CN=udcs-tss.com/name=Roban/emailAddress=help@udcs-tss.com
Tue Aug 30 20:46:06 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 30 20:46:06 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 30 20:46:06 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 30 20:46:06 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 30 20:46:06 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Aug 30 20:46:06 2011 [udcs-tss.com] Peer Connection Initiated with 109.74.5.189:443
Tue Aug 30 20:46:08 2011 SENT CONTROL [udcs-tss.com]: 'PUSH_REQUEST' (status=1)
Tue Aug 30 20:46:08 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ifconfig 10.8.0.6 10.8.0.5'
Tue Aug 30 20:46:08 2011 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 30 20:46:08 2011 OPTIONS IMPORT: route options modified
Tue Aug 30 20:46:08 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Aug 30 20:46:08 2011 ROUTE default_gateway=192.168.1.254
Tue Aug 30 20:46:08 2011 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{1FC438A3-16F5-4A09-866D-11C51528B72E}.tap
Tue Aug 30 20:46:08 2011 TAP-Win32 Driver Version 9.8 
Tue Aug 30 20:46:08 2011 TAP-Win32 MTU=1500
Tue Aug 30 20:46:08 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {1FC438A3-16F5-4A09-866D-11C51528B72E} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Aug 30 20:46:08 2011 Successful ARP Flush on interface [23] {1FC438A3-16F5-4A09-866D-11C51528B72E}
Tue Aug 30 20:46:13 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Aug 30 20:46:13 2011 C:\WINDOWS\system32\route.exe ADD 109.74.5.189 MASK 255.255.255.255 192.168.1.254
Tue Aug 30 20:46:13 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Aug 30 20:46:13 2011 Route addition via IPAPI succeeded [adaptive]
Tue Aug 30 20:46:13 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Aug 30 20:46:13 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Aug 30 20:46:13 2011 Route addition via IPAPI succeeded [adaptive]
Tue Aug 30 20:46:13 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Aug 30 20:46:13 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Aug 30 20:46:13 2011 Route addition via IPAPI succeeded [adaptive]
Tue Aug 30 20:46:13 2011 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Aug 30 20:46:13 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Tue Aug 30 20:46:13 2011 Route addition via IPAPI succeeded [adaptive]
Tue Aug 30 20:46:13 2011 Initialization Sequence Completed
Tue Aug 30 20:46:34 2011 Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Aug 30 20:46:34 2011 Fatal decryption error (process_incoming_link), restarting
Tue Aug 30 20:46:34 2011 TCP/UDP: Closing socket
Tue Aug 30 20:46:34 2011 SIGUSR1[soft,decryption-error] received, process restarting
Tue Aug 30 20:46:34 2011 Restart pause, 5 second(s)

Server log:

Citat:

Tue Aug 30 20:46:41 2011 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Aug 30 20:46:41 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Tue Aug 30 20:46:41 2011 Local Options hash (VER=V4): '7e068940'
Tue Aug 30 20:46:41 2011 Expected Remote Options hash (VER=V4): 'db02a8f8'
Tue Aug 30 20:46:41 2011 TCP connection established with 213.67.242.27:51973
Tue Aug 30 20:46:41 2011 TCPv4_SERVER link local: [undef]
Tue Aug 30 20:46:41 2011 TCPv4_SERVER link remote: 213.67.242.27:51973
Tue Aug 30 20:46:41 2011 213.67.242.27:51973 TLS: Initial packet from 213.67.242.27:51973, sid=7493d184 a7753416
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 PLUGIN_CALL: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 TLS: Username/Password authentication succeeded for username 'robanswe' [CN SET]
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Tue Aug 30 20:46:42 2011 213.67.242.27:51973 [robanswe] Peer Connection Initiated with 213.67.242.27:51973
Tue Aug 30 20:46:42 2011 robanswe/213.67.242.27:51973 MULTI: Learn: 10.8.0.6 -> robanswe/213.67.242.27:51973
Tue Aug 30 20:46:42 2011 robanswe/213.67.242.27:51973 MULTI: primary virtual IP for robanswe/213.67.242.27:51973: 10.8.0.6
Tue Aug 30 20:46:44 2011 robanswe/213.67.242.27:51973 PUSH: Received control message: 'PUSH_REQUEST'
Tue Aug 30 20:46:44 2011 robanswe/213.67.242.27:51973 SENT CONTROL [robanswe]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Tue Aug 30 20:46:44 2011 robanswe/213.67.242.27:51973 write TCPv4_SERVER [NO-INFO]: Connection reset by peer (code=104)
Tue Aug 30 20:46:44 2011 robanswe/213.67.242.27:51973 Connection reset, restarting [0]
Tue Aug 30 20:46:44 2011 robanswe/213.67.242.27:51973 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Aug 30 20:46:44 2011 TCP/UDP: Closing socket
Tue Aug 30 20:46:49 2011 MULTI: multi_create_instance called
Tue Aug 30 20:46:49 2011 Re-using SSL/TLS context

Server config:

port 443
proto tcp 
dev tun
#tun-mtu 1500
#tun-mtu-extra 32
#mssfix 1450
#cipher AES-128-CBC
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
#keepalive 5 30
#comp-lzo
persist-key
persist-tun
status 1194.log
verb 3

Client config:

client
dev tun
proto tcp
remote udcs-tss.com 443
resolv-retry infinite
nobind
#tun-mtu 1500
#tun-mtu-extra 32
#mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
#comp-lzo
verb 3

Jag är 99.9% säker på att ca.crt är rätt syncad och port 443 är öppen och används inte till något annat program. Så vad kan vara felet?

Ps: Säkerheten skiter jag fullständigt i som ni kanske ser i config filerna. Jag är desperat så hjälp på team Viewer motages tacksamt.

Senast redigerat 2012-04-20 08:59

Rapportera Redigera

Citera flera Citera

2011-08-31 23:18

Permalänk

anon115054

Inaktiv

Registrerad: Jan 2008

●

Har du installerat om och laddat ner ny cert-fil?

Rapportera Redigera

Citera flera Citera

2011-09-01 08:48

Permalänk

Robanswe

Medlem

Registrerad: Dec 2008

●

Skrivet av El_Raspberry:

Har du installerat om och laddat ner ny cert-fil?

Gå till inlägget

Jag har genererat egna nycklar och har laddat hem dom till klienten ja. Men jag tycker det inte borde vara nyckel fel då vpn tunnel fungerar felfritt om man bara använder den till mycket mycket lite data så som att pinga. Vill bara säga att jag måste använda tcp då jag går igenom en proxy server ibland.

Edit: Är det detta som är problemet? Hur fixar man det?
Local Options hash (VER=V4): '7d20c2bc'
Expected Remote Options hash (VER=V4): 'de2aef47'

Edit 2: Har även en stark misstanke om att det är komprimeringen som spökar. Vad jag har hört så hjälper det inte att ta bort comp-lzo för att stänga av komprimeringen. Stämmer det?

Edit 3: Om jag stänger av det mästa som har med kryptering att göra får jag detta problem:

Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #102 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Fatal decryption error (process_incoming_link), restarting
TCP/UDP: Closing socket
SIGUSR1[soft,decryption-error] received, process restarting

Felet är det samma det funkar så länge jag skickar lite data..

Senast redigerat 2012-04-20 09:00

Rapportera Redigera

Citera flera Citera

Skriv svar

Problem med openvpn

Problem med openvpn

Externa nyheter

Spelnyheter från FZ