Re: OpenVpn

To: Xavier Poinsard <xpoinsard@openpricer.com>
Cc: debian-user-french@lists.debian.org
Subject: Re: OpenVpn
From: k3rn <k3rn@free.fr>
Date: Thu, 10 Nov 2005 15:29:00 +0100
Message-id: <[🔎] 4373592C.4020101@free.fr>
In-reply-to: <[🔎] 4373465F.8020203@openpricer.com>
References: <[🔎] 43720FE8.4070209@free.fr> <[🔎] 4373465F.8020203@openpricer.com>

Xavier Poinsard wrote:

Tu as bien mis sur le client et le serveur :

persist-key
persist-tun


Oui, aucun soucis ici...

as-tu essayé de changer le keepalive ? :
keepalive 30 200


Je viens de le faire...

Le temps s'allonge (non plus 10, mais 24 secondes, mais pas les 30 dutimeout)


Toujours le même log...

Thu Nov 10 15:19:02 2005 TUN/TAP device tun0 opened

Thu Nov 10 15:19:02 2005 ifconfig tun0 192.168.99.14 pointopoint192.168.99.13 mtu 1500Thu Nov 10 15:19:02 2005 route add -net 192.168.4.0 netmask255.255.255.0 gw 192.168.99.13Thu Nov 10 15:19:02 2005 route add -net 192.168.99.1 netmask255.255.255.255 gw 192.168.99.13

Thu Nov 10 15:19:02 2005 Initialization Sequence Completed
Connected successfully
Thu Nov 10 15:19:26 2005 Connection reset, restarting [0]
Thu Nov 10 15:19:26 2005 TCP/UDP: Closing socket

Thu Nov 10 15:19:26 2005 SIGUSR1[soft,connection-reset] received,process restarting

Thu Nov 10 15:19:26 2005 Restart pause, 5 second(s)


En revanche, côté serveur, j'ai ça :

Thu Nov 10 15:19:14 2005 xxxx:21685 Data Channel Encrypt: Cipher'AES-128-CBC' initialized with 128 bit keyThu Nov 10 15:19:14 2005 xxxx:21685 Data Channel Encrypt: Using 160 bitmessage hash 'SHA1' for HMAC authenticationThu Nov 10 15:19:14 2005 xxxx:21685 Data Channel Decrypt: Cipher'AES-128-CBC' initialized with 128 bit keyThu Nov 10 15:19:14 2005 xxxx:21685 Data Channel Decrypt: Using 160 bitmessage hash 'SHA1' for HMAC authenticationThu Nov 10 15:19:14 2005 xxxx:21685 Control Channel: TLSv1, cipherTLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSAThu Nov 10 15:19:14 2005 xxxx:21685 [florian] Peer Connection Initiatedwith xxxx:21685Thu Nov 10 15:19:14 2005 florian/xxxx:21685 MULTI: Learn: 192.168.99.14-> florian/xxxx:21685Thu Nov 10 15:19:14 2005 florian/xxxx:21685 MULTI: primary virtual IPfor florian/xxxx:21685: 192.168.99.14Thu Nov 10 15:19:15 2005 florian/xxxx:21685 PUSH: Received controlmessage: 'PUSH_REQUEST'Thu Nov 10 15:19:15 2005 florian/xxxx:21685 SENT CONTROL [florian]:'PUSH_REPLY,route 192.168.4.0 255.255.255.0,route 192.168.99.1,ping30,ping-restart 220,ifconfig 192.168.99.14 192.168.99.13' (status=1)Thu Nov 10 15:19:40 2005 florian/xxxx:21685 Authenticate/Decrypt packeterror: cipher final failedThu Nov 10 15:19:40 2005 florian/xxxx:21685 Fatal decryption error(process_incoming_link), restartingThu Nov 10 15:19:40 2005 florian/xxxx:21685SIGUSR1[soft,decryption-error] received, client-instance restarting

Rien de significatif sur google à propos de cette erreur "cipher finalfailed" à part un soucis d'openssl...


help :(

Reply to:

Follow-Ups:
- Re: OpenVpn
  - From: Xavier Poinsard <xpoinsard@openpricer.com>

References:
- OpenVpn
  - From: k3rn <k3rn@free.fr>
- Re: OpenVpn
  - From: Xavier Poinsard <xpoinsard@openpricer.com>

Prev by Date: Re: [Sarge 3.1] Applications CRM
Next by Date: Re: OpenVpn
Previous by thread: Re: OpenVpn
Next by thread: Re: OpenVpn
Index(es):
- Date
- Thread