Bonjour tout le monde,
J'espère être dans le bon forum pour cette discussion. Je vous explique les faits.
J'ai actuellement un réseau vpn qui fonctionne parfaitement entre plusieurs serveurs ovh.
Afin de faire des backups en local de mes serveurs distants, je voudrais que mon syno puisse se connecter au réseau VPN.
Bien entendu, la faible configuration possible d'un vpn client en ligne graphique étant mis à disposition, j'ai attaqué directement les fichiers de configuration en ligne de commande (en root bien sur !).
Maintenant, quand je lance la connexion du VPN (par l'interface graphique) :
- La connexion reste sur "En cours de connexion"
- la carte réseau virtuelle a bien pris son IP
tap0 Link encap:Ethernet HWaddr 0E:95:04:B0:87:8A
inet addr:10.10.110.21 Bcast:10.10.110.255 Mask:255.255.255.0
inet6 addr: fe80::c95:4ff:feb0:878a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:237 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:140932 (137.6 KiB) TX bytes:7901 (7.7 KiB)
- J'arrive parfaitement a pinger les autres machines sur le réseau VPN (je parle bien de pinger les adresses 10.10.110.xxx, et non l'adresse publique).
Tout fonctionne me direz-vous. Seulement voilà, allez savoir pourquoi, la connexion se coupe au bout de 30 secondes, sans aucune raison apparente.
S'en suit, les différents fichiers de log et configuration :
/usr/syno/etc/synovpnclient/openvpn/openvpn.log
Fri May 30 09:22:41 2014 OpenVPN 2.1.4 i686-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on Apr 8 2014
Fri May 30 09:22:41 2014 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri May 30 09:22:41 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri May 30 09:22:41 2014 PLUGIN_INIT: POST /lib/openvpn/openvpn-down-root.so '[/lib/openvpn/openvpn-down-root.so] [/usr/syno/etc.defaults/synovpnclient/scripts/ip-down]' intercepted=PLUGIN_UP|PLUGIN_DOWN
Fri May 30 09:22:41 2014 PLUGIN_INIT: POST /lib/openvpn/openvpn-down-root.so '[/lib/openvpn/openvpn-down-root.so] [/etc/ppp/ip-down]' intercepted=PLUGIN_UP|PLUGIN_DOWN
Fri May 30 09:22:41 2014 WARNING: file 'XXX-client01.key' is group or others accessible
Fri May 30 09:22:41 2014 WARNING: file 'ta.key' is group or others accessible
Fri May 30 09:22:41 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri May 30 09:22:41 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 30 09:22:41 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 30 09:22:41 2014 LZO compression initialized
Fri May 30 09:22:41 2014 Control Channel MTU parms [ L:1578 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri May 30 09:22:41 2014 Socket Buffers: R=[229376->131072] S=[229376->131072]
Fri May 30 09:22:41 2014 Data Channel MTU parms [ L:1578 D:1300 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Fri May 30 09:22:41 2014 Fragmentation MTU parms [ L:1578 D:1300 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Fri May 30 09:22:41 2014 Local Options hash (VER=V4): 'a257ef04'
Fri May 30 09:22:41 2014 Expected Remote Options hash (VER=V4): '8f3da10b'
Fri May 30 09:22:41 2014 UDPv4 link local (bound): [undef]:1194
Fri May 30 09:22:41 2014 UDPv4 link remote: X.X.X.X:1194
Fri May 30 09:22:41 2014 TLS: Initial packet from X.X.X.X:1194, sid=90cf68c5 a0d02561
Fri May 30 09:22:41 2014 TLS Error: local/remote TLS keys are out of sync: X.X.X.X:1194 [0]
Fri May 30 09:22:41 2014 VERIFY OK: depth=1, /C=FR/ST=HE/L=XXX/O=XXX/CN=XXX_CA/emailAddress=admin@XXX.com
Fri May 30 09:22:41 2014 VERIFY OK: nsCertType=SERVER
Fri May 30 09:22:41 2014 VERIFY OK: depth=0, /C=FR/ST=HE/L=XXX/O=XXX/CN=XXX-srv02/emailAddress=admin@XXX.com
Fri May 30 09:22:41 2014 TLS Error: local/remote TLS keys are out of sync: X.X.X.X:1194 [0]
Fri May 30 09:22:42 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 30 09:22:42 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 30 09:22:42 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 30 09:22:42 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 30 09:22:42 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 30 09:22:42 2014 [XXX-srv02] Peer Connection Initiated with X.X.X.X:1194
Fri May 30 09:22:44 2014 SENT CONTROL [XXX-srv02]: 'PUSH_REQUEST' (status=1)
Fri May 30 09:22:44 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.10.110.10,ping 10,ping-restart 120,ifconfig 10.10.110.21 255.255.255.0'
Fri May 30 09:22:44 2014 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 30 09:22:44 2014 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 30 09:22:44 2014 OPTIONS IMPORT: route-related options modified
Fri May 30 09:22:44 2014 TUN/TAP device tap0 opened
Fri May 30 09:22:44 2014 TUN/TAP TX queue length set to 100
Fri May 30 09:22:44 2014 /sbin/ifconfig tap0 10.10.110.21 netmask 255.255.255.0 mtu 1500 broadcast 10.10.110.255
Fri May 30 09:22:44 2014 PLUGIN_CALL: POST /lib/openvpn/openvpn-down-root.so/PLUGIN_UP status=0
Fri May 30 09:22:44 2014 PLUGIN_CALL: POST /lib/openvpn/openvpn-down-root.so/PLUGIN_UP status=0
Fri May 30 09:22:44 2014 Initialization Sequence Completed
/var/log/messages
May 30 09:22:57 ds412plus SystemInfo.cgi: SystemInfo.cpp:272 get network error.
May 30 09:23:31 ds412plus SystemInfo.cgi: SystemInfo.cpp:272 get network error.
May 30 09:23:58 ds412plus SystemInfo.cgi: SystemInfo.cpp:272 get network error.
May 30 09:24:14 ds412plus synovpnc: connection.c:917 Wait 30 seconds; Failed to get net card info 'tun0' [0x3600]
May 30 09:24:15 ds412plus synovpnc: connection.c:1230 CreateOVPNConnection(o1401292124) failed
May 30 09:24:15 ds412plus synovpnc: synovpnc.c:375 VPN id 'o1401292124' is failed to create
/usr/syno/etc/synovpnclient/client_xxxxx
dev tap
remote X.X.X.X 1194
tls-client
pull
proto udp
ca ca_xxxxx.crt
ns-cert-type server
cert client01.crt
key client01.key
script-security 2
float
explicit-exit-notify
plugin /lib/openvpn/openvpn-down-root.so /usr/syno/etc.defaults/synovpnclient/scripts/ip-down
tls-auth ta.key 1
log-append openvpn.log
comp-lzo
verb 3
mssfix 1300
fragment 1300
plugin /lib/openvpn/openvpn-down-root.so /etc/ppp/ip-down
/usr/syno/etc/synovpnclient/ovpnclient.conf
[xxxxx]
nat=no
redirect-gateway=no
comp-lzo=yes
pass=
reconnect=yes
conf_name=VPN
user=nobody
remote=X.X.X.X 1194
Server OpenVpn : /etc/openvpn/openvpn.log
....
Fri May 30 09:24:01 2014 client01/X.X.X.X:57975 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 30 09:24:01 2014 client01/X.X.X.X:57975 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 30 09:24:01 2014 client01/X.X.X.X:57975 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri May 30 09:24:01 2014 client01/X.X.X.X:57975 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 30 09:24:01 2014 client01/X.X.X.X:57975 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 30 09:24:17 2014 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri May 30 09:24:17 2014 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Toute aide sera la bienvenue, car la je ne vois pas trop pourquoi ça fonctionne, et que ça coupe pour rien ... Merci