 |
||
| ||
| |||||
FORUM HardWare.fr
Linux et OS Alternatifs
réseaux et sécurité
Openvpn - TLS Handshake Error - Ubuntu| Dernière réponse | |
|---|---|
| Sujet : Openvpn - TLS Handshake Error - Ubuntu | |
| michael_ange | Bonjour,
J'essaye de connecter un serveur linux à un serveur OpenVpn, mais j'ai quelques difficultés : Sat Apr 9 16:58:39 2022 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021 Sat Apr 9 16:58:39 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Sat Apr 9 16:58:39 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Sat Apr 9 16:58:39 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194 Sat Apr 9 16:58:39 2022 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Apr 9 16:58:39 2022 UDP link local: (not bound) Sat Apr 9 16:58:39 2022 UDP link remote: [AF_INET]X.X.X.X:1194 Sat Apr 9 16:58:39 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Sat Apr 9 16:58:39 2022 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=babe05dd 7d9eb535 Sat Apr 9 16:58:39 2022 VERIFY OK: depth=1, CN=Easy-RSA CA Sat Apr 9 16:58:39 2022 VERIFY KU OK Sat Apr 9 16:58:39 2022 Validating certificate extended key usage Sat Apr 9 16:58:39 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Apr 9 16:58:39 2022 VERIFY EKU OK Sat Apr 9 16:58:39 2022 VERIFY OK: depth=0, CN=server Sat Apr 9 16:59:39 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Apr 9 16:59:39 2022 TLS Error: TLS handshake failed Sat Apr 9 16:59:39 2022 SIGUSR1[soft,tls-error] received, process restarting Sat Apr 9 16:59:39 2022 Restart pause, 5 second(s) Pourriez vous m'aider ? Si dessous mes configs : #Firewall iptables -t filter -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -t filter -P INPUT DROP iptables -t filter -P FORWARD DROP iptables -t filter -P OUTPUT ACCEPT iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT #openvpn iptables -t filter -A INPUT -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -i ens3 -m state --state NEW -p udp --dport 1194 -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ens3 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE iptables -A OUTPUT -o tun+ -j ACCEPT #Fichier client openvpn client dev tun proto udp remote XXX.XXX.XXX.XXX 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun remote-cert-tls server cipher AES-256-GCM auth SHA256 verb 3 key-direction 1 script-security 2 up /etc/openvpn/update-systemd-resolved down /etc/openvpn/update-systemd-resolved down-pre dhcp-option DOMAIN-ROUTE . <ca> --STRIPPED INLINE CA CERT-- </ca> <cert> --STRIPPED INLINE CERT-- </cert> <key> --STRIPPED INLINE KEY-- </key> <tls-crypt> --STRIPPED INLINE CERT-- </tls-crypt> |
| Vue Rapide de la discussion |
|---|
