Pages : 1
#1 Le 28/12/2012, à 13:20
- tocks
Accéder à un VPN (OpenVPN) via un proxy
Bonjour,
Je souhaite me connecter sur mon openvpn à partir du travail.
Je précise que le vpn fonctionne quand je ne suis pas derrière un proxy.
Sur le lieux de travail il y a un proxy sonicwall le port 443 est ouvert : C'est a dire que si chez moi je met un site derrière le 443 j'y accède bien.
Le proxy possède une authentification de type : domain\nomuser avec mot de passe
J'ai donc redirigé sur ma freebox le port 443 en UDP sur le port 1194 de l'ip 192.168.0.10 qui est mon serveur VPN.
1 ) faut il rajouter un NAT sur le 443 en TCP ?
2 ) comment configurer openvpn client pour utiliser le proxy?
mes log :
beber@ubuntu-portable:~/Documents/openvpn$ sudo openvpn openvpn.ovpn
Fri Dec 28 12:16:09 2012 us=446825 Current Parameter Settings:
Fri Dec 28 12:16:09 2012 us=446922 config = 'openvpn.ovpn'
Fri Dec 28 12:16:09 2012 us=446951 mode = 0
Fri Dec 28 12:16:09 2012 us=446975 persist_config = DISABLED
Fri Dec 28 12:16:09 2012 us=447000 persist_mode = 1
Fri Dec 28 12:16:09 2012 us=447023 show_ciphers = DISABLED
Fri Dec 28 12:16:09 2012 us=447072 show_digests = DISABLED
Fri Dec 28 12:16:09 2012 us=447107 show_engines = DISABLED
Fri Dec 28 12:16:09 2012 us=447138 genkey = DISABLED
Fri Dec 28 12:16:09 2012 us=447174 key_pass_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447207 show_tls_ciphers = DISABLED
Fri Dec 28 12:16:09 2012 us=447244 Connection profiles [default]:
Fri Dec 28 12:16:09 2012 us=447272 proto = udp
Fri Dec 28 12:16:09 2012 us=447298 local = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447325 local_port = 1194
Fri Dec 28 12:16:09 2012 us=447352 remote = 'MONIPPUBLIC'
Fri Dec 28 12:16:09 2012 us=447378 remote_port = 443
Fri Dec 28 12:16:09 2012 us=447403 remote_float = DISABLED
Fri Dec 28 12:16:09 2012 us=447428 bind_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=447454 bind_local = ENABLED
Fri Dec 28 12:16:09 2012 us=447480 connect_retry_seconds = 5
Fri Dec 28 12:16:09 2012 us=447506 connect_timeout = 10
Fri Dec 28 12:16:09 2012 us=447531 connect_retry_max = 0
Fri Dec 28 12:16:09 2012 us=447556 socks_proxy_server = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447582 socks_proxy_port = 0
Fri Dec 28 12:16:09 2012 us=447607 socks_proxy_retry = DISABLED
Fri Dec 28 12:16:09 2012 us=447635 Connection profiles END
Fri Dec 28 12:16:09 2012 us=447662 remote_random = DISABLED
Fri Dec 28 12:16:09 2012 us=447689 ipchange = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447714 dev = 'tun'
Fri Dec 28 12:16:09 2012 us=447738 dev_type = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447763 dev_node = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447789 lladdr = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447815 topology = 1
Fri Dec 28 12:16:09 2012 us=447838 tun_ipv6 = DISABLED
Fri Dec 28 12:16:09 2012 us=447864 ifconfig_local = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447890 ifconfig_remote_netmask = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447916 ifconfig_noexec = DISABLED
Fri Dec 28 12:16:09 2012 us=447941 ifconfig_nowarn = DISABLED
Fri Dec 28 12:16:09 2012 us=447967 ifconfig_ipv6_local = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447992 ifconfig_ipv6_netbits = 0
Fri Dec 28 12:16:09 2012 us=448018 ifconfig_ipv6_remote = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448044 shaper = 0
Fri Dec 28 12:16:09 2012 us=448069 tun_mtu = 1500
Fri Dec 28 12:16:09 2012 us=448094 tun_mtu_defined = ENABLED
Fri Dec 28 12:16:09 2012 us=448120 link_mtu = 1500
Fri Dec 28 12:16:09 2012 us=448145 link_mtu_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=448171 tun_mtu_extra = 0
Fri Dec 28 12:16:09 2012 us=448198 tun_mtu_extra_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=448224 fragment = 0
Fri Dec 28 12:16:09 2012 us=448249 mtu_discover_type = -1
Fri Dec 28 12:16:09 2012 us=448305 mtu_test = 0
Fri Dec 28 12:16:09 2012 us=448345 mlock = DISABLED
Fri Dec 28 12:16:09 2012 us=448374 keepalive_ping = 0
Fri Dec 28 12:16:09 2012 us=448401 keepalive_timeout = 0
Fri Dec 28 12:16:09 2012 us=448426 inactivity_timeout = 0
Fri Dec 28 12:16:09 2012 us=448453 ping_send_timeout = 0
Fri Dec 28 12:16:09 2012 us=448479 ping_rec_timeout = 0
Fri Dec 28 12:16:09 2012 us=448505 ping_rec_timeout_action = 0
Fri Dec 28 12:16:09 2012 us=448530 ping_timer_remote = DISABLED
Fri Dec 28 12:16:09 2012 us=448556 remap_sigusr1 = 0
Fri Dec 28 12:16:09 2012 us=448579 explicit_exit_notification = 0
Fri Dec 28 12:16:09 2012 us=448605 persist_tun = DISABLED
Fri Dec 28 12:16:09 2012 us=448630 persist_local_ip = DISABLED
Fri Dec 28 12:16:09 2012 us=448655 persist_remote_ip = DISABLED
Fri Dec 28 12:16:09 2012 us=448680 persist_key = DISABLED
Fri Dec 28 12:16:09 2012 us=448709 mssfix = 1450
Fri Dec 28 12:16:09 2012 us=448734 passtos = DISABLED
Fri Dec 28 12:16:09 2012 us=448760 resolve_retry_seconds = 1000000000
Fri Dec 28 12:16:09 2012 us=448786 username = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448809 groupname = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448832 chroot_dir = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448854 cd_dir = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448877 writepid = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448899 up_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448921 down_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448944 down_pre = DISABLED
Fri Dec 28 12:16:09 2012 us=448966 up_restart = DISABLED
Fri Dec 28 12:16:09 2012 us=448988 up_delay = DISABLED
Fri Dec 28 12:16:09 2012 us=449010 daemon = DISABLED
Fri Dec 28 12:16:09 2012 us=449033 inetd = 0
Fri Dec 28 12:16:09 2012 us=449055 log = DISABLED
Fri Dec 28 12:16:09 2012 us=449078 suppress_timestamps = DISABLED
Fri Dec 28 12:16:09 2012 us=449100 nice = 0
Fri Dec 28 12:16:09 2012 us=449122 verbosity = 6
Fri Dec 28 12:16:09 2012 us=449144 mute = 0
Fri Dec 28 12:16:09 2012 us=449167 gremlin = 0
Fri Dec 28 12:16:09 2012 us=449189 status_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449212 status_file_version = 1
Fri Dec 28 12:16:09 2012 us=449235 status_file_update_freq = 60
Fri Dec 28 12:16:09 2012 us=449258 occ = ENABLED
Fri Dec 28 12:16:09 2012 us=449280 rcvbuf = 65536
Fri Dec 28 12:16:09 2012 us=449302 sndbuf = 65536
Fri Dec 28 12:16:09 2012 us=449325 sockflags = 0
Fri Dec 28 12:16:09 2012 us=449347 fast_io = DISABLED
Fri Dec 28 12:16:09 2012 us=449369 lzo = 7
Fri Dec 28 12:16:09 2012 us=449392 route_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449415 route_default_gateway = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449438 route_default_metric = 0
Fri Dec 28 12:16:09 2012 us=449460 route_noexec = DISABLED
Fri Dec 28 12:16:09 2012 us=449483 route_delay = 0
Fri Dec 28 12:16:09 2012 us=449507 route_delay_window = 30
Fri Dec 28 12:16:09 2012 us=449530 route_delay_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=449552 route_nopull = DISABLED
Fri Dec 28 12:16:09 2012 us=449575 route_gateway_via_dhcp = DISABLED
Fri Dec 28 12:16:09 2012 us=449599 max_routes = 100
Fri Dec 28 12:16:09 2012 us=449621 allow_pull_fqdn = DISABLED
Fri Dec 28 12:16:09 2012 us=449644 management_addr = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449667 management_port = 0
Fri Dec 28 12:16:09 2012 us=449689 management_user_pass = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449713 management_log_history_cache = 250
Fri Dec 28 12:16:09 2012 us=449736 management_echo_buffer_size = 100
Fri Dec 28 12:16:09 2012 us=449759 management_write_peer_info_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449787 management_client_user = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449811 management_client_group = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449834 management_flags = 0
Fri Dec 28 12:16:09 2012 us=449857 shared_secret_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449880 key_direction = 0
Fri Dec 28 12:16:09 2012 us=449903 ciphername_defined = ENABLED
Fri Dec 28 12:16:09 2012 us=449926 ciphername = 'BF-CBC'
Fri Dec 28 12:16:09 2012 us=449949 authname_defined = ENABLED
Fri Dec 28 12:16:09 2012 us=449972 authname = 'SHA1'
Fri Dec 28 12:16:09 2012 us=449994 prng_hash = 'SHA1'
Fri Dec 28 12:16:09 2012 us=450017 prng_nonce_secret_len = 16
Fri Dec 28 12:16:09 2012 us=450039 keysize = 0
Fri Dec 28 12:16:09 2012 us=450062 engine = DISABLED
Fri Dec 28 12:16:09 2012 us=450085 replay = ENABLED
Fri Dec 28 12:16:09 2012 us=450108 mute_replay_warnings = DISABLED
Fri Dec 28 12:16:09 2012 us=450131 replay_window = 64
Fri Dec 28 12:16:09 2012 us=450153 replay_time = 15
Fri Dec 28 12:16:09 2012 us=450176 packet_id_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450199 use_iv = ENABLED
Fri Dec 28 12:16:09 2012 us=450222 test_crypto = DISABLED
Fri Dec 28 12:16:09 2012 us=450245 tls_server = DISABLED
Fri Dec 28 12:16:09 2012 us=450267 tls_client = ENABLED
Fri Dec 28 12:16:09 2012 us=450290 key_method = 2
Fri Dec 28 12:16:09 2012 us=450313 ca_file = 'ca.crt'
Fri Dec 28 12:16:09 2012 us=450336 ca_path = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450358 dh_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450380 cert_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450402 priv_key_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450424 pkcs12_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450446 cipher_list = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450468 tls_verify = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450490 tls_export_cert = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450512 tls_remote = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450534 crl_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450556 ns_cert_type = 0
Fri Dec 28 12:16:09 2012 us=450578 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450600 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450621 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450643 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450665 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450686 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450708 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450729 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450751 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450772 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450794 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450816 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450837 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450859 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450881 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450902 remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450924 remote_cert_eku = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450945 tls_timeout = 2
Fri Dec 28 12:16:09 2012 us=450967 renegotiate_bytes = 0
Fri Dec 28 12:16:09 2012 us=450989 renegotiate_packets = 0
Fri Dec 28 12:16:09 2012 us=451011 renegotiate_seconds = 0
Fri Dec 28 12:16:09 2012 us=451034 handshake_window = 60
Fri Dec 28 12:16:09 2012 us=451056 transition_window = 3600
Fri Dec 28 12:16:09 2012 us=451078 single_session = DISABLED
Fri Dec 28 12:16:09 2012 us=451099 push_peer_info = DISABLED
Fri Dec 28 12:16:09 2012 us=451121 tls_exit = DISABLED
Fri Dec 28 12:16:09 2012 us=451143 tls_auth_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=451165 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451188 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451210 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451232 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451254 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451277 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451299 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451321 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451344 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451366 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451388 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451410 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451433 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451455 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451477 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451500 pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451523 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451546 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451568 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451590 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451612 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451634 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451656 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451678 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451700 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451722 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451744 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451766 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451788 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451810 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451832 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451854 pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451876 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451898 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451920 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451941 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451963 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451985 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452006 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452028 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452050 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452072 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452108 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452158 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452190 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452212 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452235 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452257 pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452321 pkcs11_pin_cache_period = -1
Fri Dec 28 12:16:09 2012 us=452354 pkcs11_id = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=452377 pkcs11_id_management = DISABLED
Fri Dec 28 12:16:09 2012 us=452409 server_network = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452434 server_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452450 server_network_ipv6 = ::
Fri Dec 28 12:16:09 2012 us=452458 server_netbits_ipv6 = 0
Fri Dec 28 12:16:09 2012 us=452468 server_bridge_ip = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452477 server_bridge_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452486 server_bridge_pool_start = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452495 server_bridge_pool_end = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452503 ifconfig_pool_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=452513 ifconfig_pool_start = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452522 ifconfig_pool_end = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452531 ifconfig_pool_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452539 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=452548 ifconfig_pool_persist_refresh_freq = 600
Fri Dec 28 12:16:09 2012 us=460048 ifconfig_ipv6_pool_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=460089 ifconfig_ipv6_pool_base = ::
Fri Dec 28 12:16:09 2012 us=460116 ifconfig_ipv6_pool_netbits = 0
Fri Dec 28 12:16:09 2012 us=460139 n_bcast_buf = 256
Fri Dec 28 12:16:09 2012 us=460161 tcp_queue_limit = 64
Fri Dec 28 12:16:09 2012 us=460183 real_hash_size = 256
Fri Dec 28 12:16:09 2012 us=460199 virtual_hash_size = 256
Fri Dec 28 12:16:09 2012 us=460208 client_connect_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460218 learn_address_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460227 client_disconnect_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460236 client_config_dir = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460245 ccd_exclusive = DISABLED
Fri Dec 28 12:16:09 2012 us=460254 tmp_dir = '/tmp'
Fri Dec 28 12:16:09 2012 us=460264 push_ifconfig_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=460287 push_ifconfig_local = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=460307 push_ifconfig_remote_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=460321 push_ifconfig_ipv6_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=460332 push_ifconfig_ipv6_local = ::/0
Fri Dec 28 12:16:09 2012 us=460341 push_ifconfig_ipv6_remote = ::
Fri Dec 28 12:16:09 2012 us=460350 enable_c2c = DISABLED
Fri Dec 28 12:16:09 2012 us=460360 duplicate_cn = DISABLED
Fri Dec 28 12:16:09 2012 us=460369 cf_max = 0
Fri Dec 28 12:16:09 2012 us=460378 cf_per = 0
Fri Dec 28 12:16:09 2012 us=460387 max_clients = 1024
Fri Dec 28 12:16:09 2012 us=460396 max_routes_per_client = 256
Fri Dec 28 12:16:09 2012 us=460405 auth_user_pass_verify_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460415 auth_user_pass_verify_script_via_file = DISABLED
Fri Dec 28 12:16:09 2012 us=460424 ssl_flags = 0
Fri Dec 28 12:16:09 2012 us=460433 port_share_host = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460442 port_share_port = 0
Fri Dec 28 12:16:09 2012 us=460451 client = DISABLED
Fri Dec 28 12:16:09 2012 us=460460 pull = ENABLED
Fri Dec 28 12:16:09 2012 us=460475 auth_user_pass_file = 'stdin'
Fri Dec 28 12:16:09 2012 us=460494 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct 8 2012
Enter Auth Username:admin
Enter Auth Password:
Fri Dec 28 12:16:14 2012 us=800752 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Dec 28 12:16:14 2012 us=800790 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Dec 28 12:16:14 2012 us=801689 LZO compression initialized
Fri Dec 28 12:16:14 2012 us=801788 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Dec 28 12:16:14 2012 us=801842 Socket Buffers: R=[212992->131072] S=[212992->131072]
Fri Dec 28 12:16:14 2012 us=801887 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Dec 28 12:16:14 2012 us=801919 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Dec 28 12:16:14 2012 us=801935 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Dec 28 12:16:14 2012 us=801966 Local Options hash (VER=V4): '41690919'
Fri Dec 28 12:16:14 2012 us=801988 Expected Remote Options hash (VER=V4): '530fdded'
Fri Dec 28 12:16:14 2012 us=802010 UDPv4 link local (bound): [undef]
Fri Dec 28 12:16:14 2012 us=802028 UDPv4 link remote: [AF_INET]MONIPPUBLIC:443
Fri Dec 28 12:16:14 2012 us=802086 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:17 2012 us=14881 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:21 2012 us=440077 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:29 2012 us=211980 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:45 2012 us=784719 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:14 2012 us=231034 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Dec 28 12:17:14 2012 us=231078 TLS Error: TLS handshake failed
Fri Dec 28 12:17:14 2012 us=231245 TCP/UDP: Closing socket
Fri Dec 28 12:17:14 2012 us=231283 SIGUSR1[soft,tls-error] received, process restarting
Fri Dec 28 12:17:14 2012 us=231303 Restart pause, 2 second(s)
Fri Dec 28 12:17:16 2012 us=231527 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Dec 28 12:17:16 2012 us=231570 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Dec 28 12:17:16 2012 us=232182 LZO compression initialized
Fri Dec 28 12:17:16 2012 us=232263 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Dec 28 12:17:16 2012 us=232362 Socket Buffers: R=[212992->131072] S=[212992->131072]
Fri Dec 28 12:17:16 2012 us=232398 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Dec 28 12:17:16 2012 us=232426 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Dec 28 12:17:16 2012 us=232441 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Dec 28 12:17:16 2012 us=232467 Local Options hash (VER=V4): '41690919'
Fri Dec 28 12:17:16 2012 us=232488 Expected Remote Options hash (VER=V4): '530fdded'
Fri Dec 28 12:17:16 2012 us=232506 UDPv4 link local (bound): [undef]
Fri Dec 28 12:17:16 2012 us=232523 UDPv4 link remote: [AF_INET]MONIPPUBLIC:443
Fri Dec 28 12:17:16 2012 us=232566 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:18 2012 us=633397 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:22 2012 us=234622 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:30 2012 us=601124 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
^CFri Dec 28 12:17:30 2012 us=906149 event_wait : Interrupted system call (code=4)
Fri Dec 28 12:17:30 2012 us=906276 TCP/UDP: Closing socket
Fri Dec 28 12:17:30 2012 us=906311 SIGINT[hard,] received, process exiting
J'ai donc lu qu'il fallait faire un fichier avec mes informations de connexion proxy, puis indiquer ce fichier a openvpn.
3 ) Quel est la forme de ce fichier auth ?
Mon fichier de config :
dev tun
tls-client
remote MONIPPUBLIC 443
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
verb 6
Merci d'avance pour votre aide
Dernière modification par tocks (Le 28/12/2012, à 13:26)
Hors ligne
#2 Le 28/12/2012, à 23:45
- Haleth
Re : Accéder à un VPN (OpenVPN) via un proxy
VPN en UDP, c'est une mauvaise idée
De plus, dans ton cas, rien de dit que le gogole drop les 443 UDP.
Je te susurre donc d'utiliser du TCP.
Ubuntu is an ancien African word which means "I can't configure Debian"
Because accessor & mutator are against encapsulation (one of OOP principles), good OOP-programmers do not use them. Obviously, procedural-devs do not. In fact, only ugly-devs are still using them.
Hors ligne
#3 Le 29/12/2012, à 00:43
- PascalHambourg
Re : Accéder à un VPN (OpenVPN) via un proxy
Au contraire, il vaut mieux utiliser UDP quand c'est possible, cf. les problèmes posés par TCP dans TCP.
Mais là, le proxy ne laisse probablement passer le port 443 que pour HTTPS donc en TCP, pas en UDP.
Concernant l'authentification, je ne sais pas.
Hors ligne
#4 Le 29/12/2012, à 00:45
- Haleth
Re : Accéder à un VPN (OpenVPN) via un proxy
cf. les problèmes posés par TCP dans TCP.
Tu peux dev s'il te plait ?
Ubuntu is an ancien African word which means "I can't configure Debian"
Because accessor & mutator are against encapsulation (one of OOP principles), good OOP-programmers do not use them. Obviously, procedural-devs do not. In fact, only ugly-devs are still using them.
Hors ligne
#5 Le 29/12/2012, à 01:29
- PascalHambourg
Re : Accéder à un VPN (OpenVPN) via un proxy
Si un paquet de VPN UDP est perdu ou retardé, c'est exactement comme si le paquet IP qu'il transporte est perdu. Cela n'impacte pas la transmission des paquets suivants. Bref, c'est comme s'il n'y avait pas de VPN car chaque paquet UDP est indépendant.
En revanche si un paquet (segment) de VPN TCP est perdu ou retardé, alors comme TCP garantit l'ordre et la livraison de tous les segments, la transmission des paquets suivants est bloquée car il va y avoir attente, retransmission jusqu'à ce que le paquet manquant soit reçu. Pour les applications temps réel ou interactives, ce n'est pas génial. D'autre part quand le paquet de VPN perdu contenait un segment TCP, le mécanisme se met en branle deux fois, pour le paquet TCP du VPN et pour le paquet TCP transporté, avec des effets de bord comme des doubles retransmissions, ce qui ne fait qu'empirer le problème.
Hors ligne