Contenu | Rechercher | Menus

Annonce

Si vous rencontrez des soucis à rester connecté sur le forum (ou si vous avez perdu votre mot de passe) déconnectez-vous et reconnectez-vous depuis cette page, en cochant la case "Me connecter automatiquement lors de mes prochaines visites".
Test de l'ISO d'Ubuntu francophone : nous avons besoin de testeurs pour la version francophone d'Ubuntu 14.04. Liens et informations ici.

Attention, une faille de sécurité dans bash a récemment été rapportée, il est recommandé de mettre à jour son système (plus de détails)

#1 Le 28/12/2012, à 13:20

tocks

Accéder à un VPN (OpenVPN) via un proxy

Bonjour,

Je souhaite me connecter sur mon openvpn à partir du travail.

Je précise que le vpn fonctionne quand je ne suis pas derrière un proxy.

Sur le lieux de travail il y a un proxy sonicwall le port 443 est ouvert : C'est a dire que si chez moi je met un site derrière le 443 j'y accède bien.

Le proxy possède une authentification de type : domain\nomuser    avec mot de passe

J'ai donc redirigé sur ma freebox le port 443 en UDP sur le port 1194 de l'ip 192.168.0.10 qui est mon serveur VPN.

1 ) faut il rajouter un NAT sur le 443 en TCP ?

2 ) comment configurer openvpn client pour utiliser le proxy?

mes log :

beber@ubuntu-portable:~/Documents/openvpn$ sudo openvpn  openvpn.ovpn 
Fri Dec 28 12:16:09 2012 us=446825 Current Parameter Settings:
Fri Dec 28 12:16:09 2012 us=446922   config = 'openvpn.ovpn'
Fri Dec 28 12:16:09 2012 us=446951   mode = 0
Fri Dec 28 12:16:09 2012 us=446975   persist_config = DISABLED
Fri Dec 28 12:16:09 2012 us=447000   persist_mode = 1
Fri Dec 28 12:16:09 2012 us=447023   show_ciphers = DISABLED
Fri Dec 28 12:16:09 2012 us=447072   show_digests = DISABLED
Fri Dec 28 12:16:09 2012 us=447107   show_engines = DISABLED
Fri Dec 28 12:16:09 2012 us=447138   genkey = DISABLED
Fri Dec 28 12:16:09 2012 us=447174   key_pass_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447207   show_tls_ciphers = DISABLED
Fri Dec 28 12:16:09 2012 us=447244 Connection profiles [default]:
Fri Dec 28 12:16:09 2012 us=447272   proto = udp
Fri Dec 28 12:16:09 2012 us=447298   local = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447325   local_port = 1194
Fri Dec 28 12:16:09 2012 us=447352   remote = 'MONIPPUBLIC'
Fri Dec 28 12:16:09 2012 us=447378   remote_port = 443
Fri Dec 28 12:16:09 2012 us=447403   remote_float = DISABLED
Fri Dec 28 12:16:09 2012 us=447428   bind_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=447454   bind_local = ENABLED
Fri Dec 28 12:16:09 2012 us=447480   connect_retry_seconds = 5
Fri Dec 28 12:16:09 2012 us=447506   connect_timeout = 10
Fri Dec 28 12:16:09 2012 us=447531   connect_retry_max = 0
Fri Dec 28 12:16:09 2012 us=447556   socks_proxy_server = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447582   socks_proxy_port = 0
Fri Dec 28 12:16:09 2012 us=447607   socks_proxy_retry = DISABLED
Fri Dec 28 12:16:09 2012 us=447635 Connection profiles END
Fri Dec 28 12:16:09 2012 us=447662   remote_random = DISABLED
Fri Dec 28 12:16:09 2012 us=447689   ipchange = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447714   dev = 'tun'
Fri Dec 28 12:16:09 2012 us=447738   dev_type = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447763   dev_node = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447789   lladdr = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447815   topology = 1
Fri Dec 28 12:16:09 2012 us=447838   tun_ipv6 = DISABLED
Fri Dec 28 12:16:09 2012 us=447864   ifconfig_local = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447890   ifconfig_remote_netmask = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447916   ifconfig_noexec = DISABLED
Fri Dec 28 12:16:09 2012 us=447941   ifconfig_nowarn = DISABLED
Fri Dec 28 12:16:09 2012 us=447967   ifconfig_ipv6_local = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=447992   ifconfig_ipv6_netbits = 0
Fri Dec 28 12:16:09 2012 us=448018   ifconfig_ipv6_remote = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448044   shaper = 0
Fri Dec 28 12:16:09 2012 us=448069   tun_mtu = 1500
Fri Dec 28 12:16:09 2012 us=448094   tun_mtu_defined = ENABLED
Fri Dec 28 12:16:09 2012 us=448120   link_mtu = 1500
Fri Dec 28 12:16:09 2012 us=448145   link_mtu_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=448171   tun_mtu_extra = 0
Fri Dec 28 12:16:09 2012 us=448198   tun_mtu_extra_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=448224   fragment = 0
Fri Dec 28 12:16:09 2012 us=448249   mtu_discover_type = -1
Fri Dec 28 12:16:09 2012 us=448305   mtu_test = 0
Fri Dec 28 12:16:09 2012 us=448345   mlock = DISABLED
Fri Dec 28 12:16:09 2012 us=448374   keepalive_ping = 0
Fri Dec 28 12:16:09 2012 us=448401   keepalive_timeout = 0
Fri Dec 28 12:16:09 2012 us=448426   inactivity_timeout = 0
Fri Dec 28 12:16:09 2012 us=448453   ping_send_timeout = 0
Fri Dec 28 12:16:09 2012 us=448479   ping_rec_timeout = 0
Fri Dec 28 12:16:09 2012 us=448505   ping_rec_timeout_action = 0
Fri Dec 28 12:16:09 2012 us=448530   ping_timer_remote = DISABLED
Fri Dec 28 12:16:09 2012 us=448556   remap_sigusr1 = 0
Fri Dec 28 12:16:09 2012 us=448579   explicit_exit_notification = 0
Fri Dec 28 12:16:09 2012 us=448605   persist_tun = DISABLED
Fri Dec 28 12:16:09 2012 us=448630   persist_local_ip = DISABLED
Fri Dec 28 12:16:09 2012 us=448655   persist_remote_ip = DISABLED
Fri Dec 28 12:16:09 2012 us=448680   persist_key = DISABLED
Fri Dec 28 12:16:09 2012 us=448709   mssfix = 1450
Fri Dec 28 12:16:09 2012 us=448734   passtos = DISABLED
Fri Dec 28 12:16:09 2012 us=448760   resolve_retry_seconds = 1000000000
Fri Dec 28 12:16:09 2012 us=448786   username = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448809   groupname = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448832   chroot_dir = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448854   cd_dir = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448877   writepid = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448899   up_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448921   down_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=448944   down_pre = DISABLED
Fri Dec 28 12:16:09 2012 us=448966   up_restart = DISABLED
Fri Dec 28 12:16:09 2012 us=448988   up_delay = DISABLED
Fri Dec 28 12:16:09 2012 us=449010   daemon = DISABLED
Fri Dec 28 12:16:09 2012 us=449033   inetd = 0
Fri Dec 28 12:16:09 2012 us=449055   log = DISABLED
Fri Dec 28 12:16:09 2012 us=449078   suppress_timestamps = DISABLED
Fri Dec 28 12:16:09 2012 us=449100   nice = 0
Fri Dec 28 12:16:09 2012 us=449122   verbosity = 6
Fri Dec 28 12:16:09 2012 us=449144   mute = 0
Fri Dec 28 12:16:09 2012 us=449167   gremlin = 0
Fri Dec 28 12:16:09 2012 us=449189   status_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449212   status_file_version = 1
Fri Dec 28 12:16:09 2012 us=449235   status_file_update_freq = 60
Fri Dec 28 12:16:09 2012 us=449258   occ = ENABLED
Fri Dec 28 12:16:09 2012 us=449280   rcvbuf = 65536
Fri Dec 28 12:16:09 2012 us=449302   sndbuf = 65536
Fri Dec 28 12:16:09 2012 us=449325   sockflags = 0
Fri Dec 28 12:16:09 2012 us=449347   fast_io = DISABLED
Fri Dec 28 12:16:09 2012 us=449369   lzo = 7
Fri Dec 28 12:16:09 2012 us=449392   route_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449415   route_default_gateway = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449438   route_default_metric = 0
Fri Dec 28 12:16:09 2012 us=449460   route_noexec = DISABLED
Fri Dec 28 12:16:09 2012 us=449483   route_delay = 0
Fri Dec 28 12:16:09 2012 us=449507   route_delay_window = 30
Fri Dec 28 12:16:09 2012 us=449530   route_delay_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=449552   route_nopull = DISABLED
Fri Dec 28 12:16:09 2012 us=449575   route_gateway_via_dhcp = DISABLED
Fri Dec 28 12:16:09 2012 us=449599   max_routes = 100
Fri Dec 28 12:16:09 2012 us=449621   allow_pull_fqdn = DISABLED
Fri Dec 28 12:16:09 2012 us=449644   management_addr = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449667   management_port = 0
Fri Dec 28 12:16:09 2012 us=449689   management_user_pass = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449713   management_log_history_cache = 250
Fri Dec 28 12:16:09 2012 us=449736   management_echo_buffer_size = 100
Fri Dec 28 12:16:09 2012 us=449759   management_write_peer_info_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449787   management_client_user = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449811   management_client_group = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449834   management_flags = 0
Fri Dec 28 12:16:09 2012 us=449857   shared_secret_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=449880   key_direction = 0
Fri Dec 28 12:16:09 2012 us=449903   ciphername_defined = ENABLED
Fri Dec 28 12:16:09 2012 us=449926   ciphername = 'BF-CBC'
Fri Dec 28 12:16:09 2012 us=449949   authname_defined = ENABLED
Fri Dec 28 12:16:09 2012 us=449972   authname = 'SHA1'
Fri Dec 28 12:16:09 2012 us=449994   prng_hash = 'SHA1'
Fri Dec 28 12:16:09 2012 us=450017   prng_nonce_secret_len = 16
Fri Dec 28 12:16:09 2012 us=450039   keysize = 0
Fri Dec 28 12:16:09 2012 us=450062   engine = DISABLED
Fri Dec 28 12:16:09 2012 us=450085   replay = ENABLED
Fri Dec 28 12:16:09 2012 us=450108   mute_replay_warnings = DISABLED
Fri Dec 28 12:16:09 2012 us=450131   replay_window = 64
Fri Dec 28 12:16:09 2012 us=450153   replay_time = 15
Fri Dec 28 12:16:09 2012 us=450176   packet_id_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450199   use_iv = ENABLED
Fri Dec 28 12:16:09 2012 us=450222   test_crypto = DISABLED
Fri Dec 28 12:16:09 2012 us=450245   tls_server = DISABLED
Fri Dec 28 12:16:09 2012 us=450267   tls_client = ENABLED
Fri Dec 28 12:16:09 2012 us=450290   key_method = 2
Fri Dec 28 12:16:09 2012 us=450313   ca_file = 'ca.crt'
Fri Dec 28 12:16:09 2012 us=450336   ca_path = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450358   dh_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450380   cert_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450402   priv_key_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450424   pkcs12_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450446   cipher_list = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450468   tls_verify = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450490   tls_export_cert = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450512   tls_remote = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450534   crl_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450556   ns_cert_type = 0
Fri Dec 28 12:16:09 2012 us=450578   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450600   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450621   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450643   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450665   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450686   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450708   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450729   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450751   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450772   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450794   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450816   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450837   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450859   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450881   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450902   remote_cert_ku[i] = 0
Fri Dec 28 12:16:09 2012 us=450924   remote_cert_eku = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=450945   tls_timeout = 2
Fri Dec 28 12:16:09 2012 us=450967   renegotiate_bytes = 0
Fri Dec 28 12:16:09 2012 us=450989   renegotiate_packets = 0
Fri Dec 28 12:16:09 2012 us=451011   renegotiate_seconds = 0
Fri Dec 28 12:16:09 2012 us=451034   handshake_window = 60
Fri Dec 28 12:16:09 2012 us=451056   transition_window = 3600
Fri Dec 28 12:16:09 2012 us=451078   single_session = DISABLED
Fri Dec 28 12:16:09 2012 us=451099   push_peer_info = DISABLED
Fri Dec 28 12:16:09 2012 us=451121   tls_exit = DISABLED
Fri Dec 28 12:16:09 2012 us=451143   tls_auth_file = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=451165   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451188   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451210   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451232   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451254   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451277   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451299   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451321   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451344   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451366   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451388   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451410   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451433   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451455   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451477   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451500   pkcs11_protected_authentication = DISABLED
Fri Dec 28 12:16:09 2012 us=451523   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451546   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451568   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451590   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451612   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451634   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451656   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451678   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451700   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451722   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451744   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451766   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451788   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451810   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451832   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451854   pkcs11_private_mode = 00000000
Fri Dec 28 12:16:09 2012 us=451876   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451898   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451920   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451941   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451963   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=451985   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452006   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452028   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452050   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452072   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452108   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452158   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452190   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452212   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452235   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452257   pkcs11_cert_private = DISABLED
Fri Dec 28 12:16:09 2012 us=452321   pkcs11_pin_cache_period = -1
Fri Dec 28 12:16:09 2012 us=452354   pkcs11_id = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=452377   pkcs11_id_management = DISABLED
Fri Dec 28 12:16:09 2012 us=452409   server_network = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452434   server_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452450   server_network_ipv6 = ::
Fri Dec 28 12:16:09 2012 us=452458   server_netbits_ipv6 = 0
Fri Dec 28 12:16:09 2012 us=452468   server_bridge_ip = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452477   server_bridge_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452486   server_bridge_pool_start = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452495   server_bridge_pool_end = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452503   ifconfig_pool_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=452513   ifconfig_pool_start = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452522   ifconfig_pool_end = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452531   ifconfig_pool_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=452539   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=452548   ifconfig_pool_persist_refresh_freq = 600
Fri Dec 28 12:16:09 2012 us=460048   ifconfig_ipv6_pool_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=460089   ifconfig_ipv6_pool_base = ::
Fri Dec 28 12:16:09 2012 us=460116   ifconfig_ipv6_pool_netbits = 0
Fri Dec 28 12:16:09 2012 us=460139   n_bcast_buf = 256
Fri Dec 28 12:16:09 2012 us=460161   tcp_queue_limit = 64
Fri Dec 28 12:16:09 2012 us=460183   real_hash_size = 256
Fri Dec 28 12:16:09 2012 us=460199   virtual_hash_size = 256
Fri Dec 28 12:16:09 2012 us=460208   client_connect_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460218   learn_address_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460227   client_disconnect_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460236   client_config_dir = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460245   ccd_exclusive = DISABLED
Fri Dec 28 12:16:09 2012 us=460254   tmp_dir = '/tmp'
Fri Dec 28 12:16:09 2012 us=460264   push_ifconfig_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=460287   push_ifconfig_local = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=460307   push_ifconfig_remote_netmask = 0.0.0.0
Fri Dec 28 12:16:09 2012 us=460321   push_ifconfig_ipv6_defined = DISABLED
Fri Dec 28 12:16:09 2012 us=460332   push_ifconfig_ipv6_local = ::/0
Fri Dec 28 12:16:09 2012 us=460341   push_ifconfig_ipv6_remote = ::
Fri Dec 28 12:16:09 2012 us=460350   enable_c2c = DISABLED
Fri Dec 28 12:16:09 2012 us=460360   duplicate_cn = DISABLED
Fri Dec 28 12:16:09 2012 us=460369   cf_max = 0
Fri Dec 28 12:16:09 2012 us=460378   cf_per = 0
Fri Dec 28 12:16:09 2012 us=460387   max_clients = 1024
Fri Dec 28 12:16:09 2012 us=460396   max_routes_per_client = 256
Fri Dec 28 12:16:09 2012 us=460405   auth_user_pass_verify_script = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460415   auth_user_pass_verify_script_via_file = DISABLED
Fri Dec 28 12:16:09 2012 us=460424   ssl_flags = 0
Fri Dec 28 12:16:09 2012 us=460433   port_share_host = '[UNDEF]'
Fri Dec 28 12:16:09 2012 us=460442   port_share_port = 0
Fri Dec 28 12:16:09 2012 us=460451   client = DISABLED
Fri Dec 28 12:16:09 2012 us=460460   pull = ENABLED
Fri Dec 28 12:16:09 2012 us=460475   auth_user_pass_file = 'stdin'
Fri Dec 28 12:16:09 2012 us=460494 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Oct  8 2012
Enter Auth Username:admin
Enter Auth Password:
Fri Dec 28 12:16:14 2012 us=800752 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Dec 28 12:16:14 2012 us=800790 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Dec 28 12:16:14 2012 us=801689 LZO compression initialized
Fri Dec 28 12:16:14 2012 us=801788 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Dec 28 12:16:14 2012 us=801842 Socket Buffers: R=[212992->131072] S=[212992->131072]
Fri Dec 28 12:16:14 2012 us=801887 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Dec 28 12:16:14 2012 us=801919 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Dec 28 12:16:14 2012 us=801935 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Dec 28 12:16:14 2012 us=801966 Local Options hash (VER=V4): '41690919'
Fri Dec 28 12:16:14 2012 us=801988 Expected Remote Options hash (VER=V4): '530fdded'
Fri Dec 28 12:16:14 2012 us=802010 UDPv4 link local (bound): [undef]
Fri Dec 28 12:16:14 2012 us=802028 UDPv4 link remote: [AF_INET]MONIPPUBLIC:443
Fri Dec 28 12:16:14 2012 us=802086 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:17 2012 us=14881 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:21 2012 us=440077 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:29 2012 us=211980 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:16:45 2012 us=784719 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:14 2012 us=231034 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Dec 28 12:17:14 2012 us=231078 TLS Error: TLS handshake failed
Fri Dec 28 12:17:14 2012 us=231245 TCP/UDP: Closing socket
Fri Dec 28 12:17:14 2012 us=231283 SIGUSR1[soft,tls-error] received, process restarting
Fri Dec 28 12:17:14 2012 us=231303 Restart pause, 2 second(s)
Fri Dec 28 12:17:16 2012 us=231527 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Dec 28 12:17:16 2012 us=231570 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Dec 28 12:17:16 2012 us=232182 LZO compression initialized
Fri Dec 28 12:17:16 2012 us=232263 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Dec 28 12:17:16 2012 us=232362 Socket Buffers: R=[212992->131072] S=[212992->131072]
Fri Dec 28 12:17:16 2012 us=232398 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Dec 28 12:17:16 2012 us=232426 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Dec 28 12:17:16 2012 us=232441 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Dec 28 12:17:16 2012 us=232467 Local Options hash (VER=V4): '41690919'
Fri Dec 28 12:17:16 2012 us=232488 Expected Remote Options hash (VER=V4): '530fdded'
Fri Dec 28 12:17:16 2012 us=232506 UDPv4 link local (bound): [undef]
Fri Dec 28 12:17:16 2012 us=232523 UDPv4 link remote: [AF_INET]MONIPPUBLIC:443
Fri Dec 28 12:17:16 2012 us=232566 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:18 2012 us=633397 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:22 2012 us=234622 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Dec 28 12:17:30 2012 us=601124 UDPv4 WRITE [14] to [AF_INET]MONIPPUBLIC:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
^CFri Dec 28 12:17:30 2012 us=906149 event_wait : Interrupted system call (code=4)
Fri Dec 28 12:17:30 2012 us=906276 TCP/UDP: Closing socket
Fri Dec 28 12:17:30 2012 us=906311 SIGINT[hard,] received, process exiting

J'ai donc lu qu'il fallait faire un fichier avec mes informations de connexion proxy, puis indiquer ce fichier a openvpn.

3 ) Quel est la forme de ce fichier auth ?

Mon fichier de config :

dev tun
tls-client

remote MONIPPUBLIC 443

# The "float" tells OpenVPN to accept authenticated packets from any address, 
# not only the address which was specified in the --remote option. 
# This is useful when you are connecting to a peer which holds a dynamic address 
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option DNS DNS_IP_ADDRESS

pull

proto udp
script-security 2

ca ca.crt

comp-lzo

reneg-sec 0

auth-user-pass


verb 6

Merci d'avance pour votre aide

Dernière modification par tocks (Le 28/12/2012, à 13:26)

Hors ligne

#2 Le 28/12/2012, à 23:45

Haleth

Re : Accéder à un VPN (OpenVPN) via un proxy

VPN en UDP, c'est une mauvaise idée

De plus, dans ton cas, rien de dit que le gogole drop les 443 UDP.

Je te susurre donc d'utiliser du TCP.


Ubuntu is an ancien African word which means "I can't configure Debian"

Because accessor & mutator are against encapsulation (one of OOP principles), good OOP-programmers do not use them. Obviously, procedural-devs do not. In fact, only ugly-devs are still using them.

Hors ligne

#3 Le 29/12/2012, à 00:43

PascalHambourg

Re : Accéder à un VPN (OpenVPN) via un proxy

Au contraire, il vaut mieux utiliser UDP quand c'est possible, cf. les problèmes posés par TCP dans TCP.
Mais là, le proxy ne laisse probablement passer le port 443 que pour HTTPS donc en TCP, pas en UDP.
Concernant l'authentification, je ne sais pas.

Hors ligne

#4 Le 29/12/2012, à 00:45

Haleth

Re : Accéder à un VPN (OpenVPN) via un proxy

cf. les problèmes posés par TCP dans TCP.

Tu peux dev s'il te plait ?


Ubuntu is an ancien African word which means "I can't configure Debian"

Because accessor & mutator are against encapsulation (one of OOP principles), good OOP-programmers do not use them. Obviously, procedural-devs do not. In fact, only ugly-devs are still using them.

Hors ligne

#5 Le 29/12/2012, à 01:29

PascalHambourg

Re : Accéder à un VPN (OpenVPN) via un proxy

Si un paquet de VPN UDP est perdu ou retardé, c'est exactement comme si le paquet IP qu'il transporte est perdu. Cela n'impacte pas la transmission des paquets suivants. Bref, c'est comme s'il n'y avait pas de VPN car chaque paquet UDP est indépendant.
En revanche si un paquet (segment) de VPN TCP est perdu ou retardé, alors comme TCP garantit l'ordre et la livraison de tous les segments, la transmission des paquets suivants est bloquée car il va y avoir attente, retransmission jusqu'à ce que le paquet manquant soit reçu. Pour les applications temps réel ou interactives, ce n'est pas génial. D'autre part quand le paquet de VPN perdu contenait un segment TCP, le mécanisme se met en branle deux fois, pour le paquet TCP du VPN et pour le paquet TCP transporté, avec des effets de bord comme des doubles retransmissions, ce qui ne fait qu'empirer le problème.

Hors ligne

Haut de page ↑