Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
1597 connectés 

 



Dernière réponse
Sujet : Openvpn - TLS Handshake Error - Ubuntu
michael_ange Bonjour,
 
J'essaye de connecter un serveur linux à un serveur OpenVpn, mais j'ai quelques difficultés :
 
 
Sat Apr 9 16:58:39 2022 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Sat Apr 9 16:58:39 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sat Apr 9 16:58:39 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Apr 9 16:58:39 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194
Sat Apr 9 16:58:39 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Apr 9 16:58:39 2022 UDP link local: (not bound)
Sat Apr 9 16:58:39 2022 UDP link remote: [AF_INET]X.X.X.X:1194
Sat Apr 9 16:58:39 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Apr 9 16:58:39 2022 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=babe05dd 7d9eb535
Sat Apr 9 16:58:39 2022 VERIFY OK: depth=1, CN=Easy-RSA CA
Sat Apr 9 16:58:39 2022 VERIFY KU OK
Sat Apr 9 16:58:39 2022 Validating certificate extended key usage
Sat Apr 9 16:58:39 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Apr 9 16:58:39 2022 VERIFY EKU OK
Sat Apr 9 16:58:39 2022 VERIFY OK: depth=0, CN=server
Sat Apr 9 16:59:39 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 9 16:59:39 2022 TLS Error: TLS handshake failed
Sat Apr 9 16:59:39 2022 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 9 16:59:39 2022 Restart pause, 5 second(s)

 
 
Pourriez vous m'aider ?
 
Si dessous mes configs :
 
#Firewall
 
iptables -t filter -X  
iptables -t nat -F  
iptables -t nat -X  
iptables -t mangle -F  
iptables -t mangle -X  
iptables -t filter -P INPUT DROP  
iptables -t filter -P FORWARD DROP  
iptables -t filter -P OUTPUT ACCEPT  
iptables -t filter -A INPUT -i lo -j ACCEPT  
iptables -t filter -A OUTPUT -o lo -j ACCEPT
 
#openvpn
   iptables -t filter -A INPUT -p tcp --dport 1194 -j ACCEPT
 
   iptables -A INPUT -i ens3 -m state --state NEW -p udp --dport 1194 -j ACCEPT
   iptables -A INPUT -i tun+ -j ACCEPT
   iptables -A FORWARD -i tun+ -j ACCEPT
   iptables -A FORWARD -i tun+ -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -A FORWARD -i ens3 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
   iptables -A OUTPUT -o tun+ -j ACCEPT

 
#Fichier client openvpn
 
client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
verb 3
key-direction 1
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .
<ca>
--STRIPPED INLINE CA CERT--
</ca>
<cert>
--STRIPPED INLINE CERT--
</cert>
<key>
--STRIPPED INLINE KEY--
</key>
<tls-crypt>
--STRIPPED INLINE CERT--
</tls-crypt>

Votre réponse
Nom d'utilisateur    Pour poster, vous devez être inscrit sur ce forum .... si ce n'est pas le cas, cliquez ici !
Le ton de votre message                        
                       
Votre réponse


[b][i][u][strike][spoiler][fixed][cpp][url][email][img][*]   
 
   [quote]
 

Options

 
Vous avez perdu votre mot de passe ?


Vue Rapide de la discussion
michael_ange Bonjour,
 
J'essaye de connecter un serveur linux à un serveur OpenVpn, mais j'ai quelques difficultés :
 
 
Sat Apr 9 16:58:39 2022 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Sat Apr 9 16:58:39 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sat Apr 9 16:58:39 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Apr 9 16:58:39 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194
Sat Apr 9 16:58:39 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Apr 9 16:58:39 2022 UDP link local: (not bound)
Sat Apr 9 16:58:39 2022 UDP link remote: [AF_INET]X.X.X.X:1194
Sat Apr 9 16:58:39 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Apr 9 16:58:39 2022 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=babe05dd 7d9eb535
Sat Apr 9 16:58:39 2022 VERIFY OK: depth=1, CN=Easy-RSA CA
Sat Apr 9 16:58:39 2022 VERIFY KU OK
Sat Apr 9 16:58:39 2022 Validating certificate extended key usage
Sat Apr 9 16:58:39 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Apr 9 16:58:39 2022 VERIFY EKU OK
Sat Apr 9 16:58:39 2022 VERIFY OK: depth=0, CN=server
Sat Apr 9 16:59:39 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 9 16:59:39 2022 TLS Error: TLS handshake failed
Sat Apr 9 16:59:39 2022 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 9 16:59:39 2022 Restart pause, 5 second(s)

 
 
Pourriez vous m'aider ?
 
Si dessous mes configs :
 
#Firewall
 
iptables -t filter -X  
iptables -t nat -F  
iptables -t nat -X  
iptables -t mangle -F  
iptables -t mangle -X  
iptables -t filter -P INPUT DROP  
iptables -t filter -P FORWARD DROP  
iptables -t filter -P OUTPUT ACCEPT  
iptables -t filter -A INPUT -i lo -j ACCEPT  
iptables -t filter -A OUTPUT -o lo -j ACCEPT
 
#openvpn
   iptables -t filter -A INPUT -p tcp --dport 1194 -j ACCEPT
 
   iptables -A INPUT -i ens3 -m state --state NEW -p udp --dport 1194 -j ACCEPT
   iptables -A INPUT -i tun+ -j ACCEPT
   iptables -A FORWARD -i tun+ -j ACCEPT
   iptables -A FORWARD -i tun+ -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -A FORWARD -i ens3 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
   iptables -A OUTPUT -o tun+ -j ACCEPT

 
#Fichier client openvpn
 
client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
verb 3
key-direction 1
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .
<ca>
--STRIPPED INLINE CA CERT--
</ca>
<cert>
--STRIPPED INLINE CERT--
</cert>
<key>
--STRIPPED INLINE KEY--
</key>
<tls-crypt>
--STRIPPED INLINE CERT--
</tls-crypt>

Copyright © 1997-2022 Hardware.fr SARL (Signaler un contenu illicite / Données personnelles) / Groupe LDLC / Shop HFR