Ubuntu-fr

zwykx

client openvpn

Bonjour,

J'essaie de configurer un client openvpn pour me connecter aux serveurs de chez vpnbook.com.
A l'initialisation, tout se passe bien :

# openvpn --config vpnbook-euro1-tcp443.ovpn 
Thu Aug  4 11:13:57 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Enter Auth Username:vpnbook
Enter Auth Password:
Thu Aug  4 11:14:23 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Aug  4 11:14:23 2016 NOTE: --fast-io is disabled since we are not using UDP
Thu Aug  4 11:14:23 2016 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Aug  4 11:14:23 2016 Attempting to establish TCP connection with [AF_INET]176.126.237.217:443 [nonblock]
Thu Aug  4 11:14:24 2016 TCP connection established with [AF_INET]176.126.237.217:443
Thu Aug  4 11:14:24 2016 TCPv4_CLIENT link local: [undef]
Thu Aug  4 11:14:24 2016 TCPv4_CLIENT link remote: [AF_INET]176.126.237.217:443
Thu Aug  4 11:14:24 2016 TLS: Initial packet from [AF_INET]176.126.237.217:443, sid=a001a582 39954d1c
Thu Aug  4 11:14:24 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug  4 11:14:26 2016 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Thu Aug  4 11:14:26 2016 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Thu Aug  4 11:14:27 2016 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug  4 11:14:27 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug  4 11:14:27 2016 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug  4 11:14:27 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug  4 11:14:27 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug  4 11:14:27 2016 [vpnbook.com] Peer Connection Initiated with [AF_INET]176.126.237.217:443
Thu Aug  4 11:14:29 2016 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
Thu Aug  4 11:14:29 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS  89.233.43.71,dhcp-option DNS  91.239.100.100,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.2.182 10.9.2.181'
Thu Aug  4 11:14:29 2016 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug  4 11:14:29 2016 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug  4 11:14:29 2016 OPTIONS IMPORT: route options modified
Thu Aug  4 11:14:29 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug  4 11:14:29 2016 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:9e:54:9b
Thu Aug  4 11:14:29 2016 TUN/TAP device tun1 opened
Thu Aug  4 11:14:29 2016 TUN/TAP TX queue length set to 100
Thu Aug  4 11:14:29 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Aug  4 11:14:29 2016 /sbin/ip link set dev tun1 up mtu 1500
Thu Aug  4 11:14:29 2016 /sbin/ip addr add dev tun1 local 10.9.2.182 peer 10.9.2.181
Thu Aug  4 11:14:32 2016 /sbin/ip route add 176.126.237.217/32 via 10.0.2.2
Thu Aug  4 11:14:32 2016 /sbin/ip route add 0.0.0.0/1 via 10.9.2.181
Thu Aug  4 11:14:32 2016 /sbin/ip route add 128.0.0.0/1 via 10.9.2.181
Thu Aug  4 11:14:32 2016 /sbin/ip route add 10.9.0.1/32 via 10.9.2.181
Thu Aug  4 11:14:32 2016 Initialization Sequence Completed

Mon device tun1 est correctement créé :

# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:9e:54:9b  
          inet adr:10.0.2.15  Bcast:10.0.2.255  Masque:255.255.255.0
          adr inet6: fe80::a00:27ff:fe9e:549b/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Packets reçus:92365 erreurs:0 :0 overruns:0 frame:0
          TX packets:54386 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000 
          Octets reçus:65484481 (65.4 MB) Octets transmis:5693257 (5.6 MB)

lo        Link encap:Boucle locale  
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          Packets reçus:5262 erreurs:0 :0 overruns:0 frame:0
          TX packets:5262 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          Octets reçus:549719 (549.7 KB) Octets transmis:549719 (549.7 KB)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet adr:10.9.2.182  P-t-P:10.9.2.181  Masque:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          Packets reçus:0 erreurs:0 :0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:100 
          Octets reçus:0 (0.0 B) Octets transmis:2728 (2.7 KB)

Et voila la table de routage :

# route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         10.9.2.181      128.0.0.0       UG    0      0        0 tun1
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     1      0        0 eth0
10.9.0.1        10.9.2.181      255.255.255.255 UGH   0      0        0 tun1
10.9.2.181      0.0.0.0         255.255.255.255 UH    0      0        0 tun1
128.0.0.0       10.9.2.181      128.0.0.0       UG    0      0        0 tun1
176.126.237.217 10.0.2.2        255.255.255.255 UGH   0      0        0 eth0

Sauf que l'internet ne marche plus. Quand j'essaie d'aller sur www.google.fr, j'obtiens "Adresse introuvable".
Le ping de la passerelle sur tun1 ne répond pas :

# ping 10.9.2.181
PING 10.9.2.181 (10.9.2.181) 56(84) bytes of data.
^C
--- 10.9.2.181 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3024ms

Quelqu'un aurait-il une idée du problème ?
Merci.

Compte anonymisé

Re : client openvpn

rien d'anormal à ce que le ping à la passerelle vpn ne réponde pas, par contre  ping 8.8.8.8 devrait répondre, il faut vérifier le fichier /etc/resolv.conf

zwykx

Re : client openvpn

En effet :

# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=37.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=63 time=38.3 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=63 time=37.7 ms

# cat /etc/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1

et si je rajoute nameserver 8.8.8.8 dans /etc/resolv.conf, tout se met à marcher (Je peux aller sur internet et mon adresse IP a changé).
Bizarre !
Si quelqu'un a une explication à ce phénomène, je suis preneur !

En tout cas merci !

Dernière modification par zwykx (Le 04/08/2016, à 18:22)