Bonjour,
J'essaye de connecter un serveur linux à un serveur OpenVpn, mais j'ai quelques difficultés :
Sat Apr 9 16:58:39 2022 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Sat Apr 9 16:58:39 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sat Apr 9 16:58:39 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Apr 9 16:58:39 2022 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Sat Apr 9 16:58:39 2022 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Apr 9 16:58:39 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:1194
Sat Apr 9 16:58:39 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Apr 9 16:58:39 2022 UDP link local: (not bound)
Sat Apr 9 16:58:39 2022 UDP link remote: [AF_INET]X.X.X.X:1194
Sat Apr 9 16:58:39 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Apr 9 16:58:39 2022 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=babe05dd 7d9eb535
Sat Apr 9 16:58:39 2022 VERIFY OK: depth=1, CN=Easy-RSA CA
Sat Apr 9 16:58:39 2022 VERIFY KU OK
Sat Apr 9 16:58:39 2022 Validating certificate extended key usage
Sat Apr 9 16:58:39 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Apr 9 16:58:39 2022 VERIFY EKU OK
Sat Apr 9 16:58:39 2022 VERIFY OK: depth=0, CN=server
Sat Apr 9 16:59:39 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 9 16:59:39 2022 TLS Error: TLS handshake failed
Sat Apr 9 16:59:39 2022 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 9 16:59:39 2022 Restart pause, 5 second(s)
Pourriez vous m'aider ?
Si dessous mes configs :
#Firewall
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
#openvpn
iptables -t filter -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i ens3 -m state --state NEW -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ens3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ens3 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
#Fichier client openvpn
client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
verb 3
key-direction 1
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .
<ca>
--STRIPPED INLINE CA CERT--
</ca>
<cert>
--STRIPPED INLINE CERT--
</cert>
<key>
--STRIPPED INLINE KEY--
</key>
<tls-crypt>
--STRIPPED INLINE CERT--
</tls-crypt>
FORUM HardWare.fr
