It is currently 16.12.2017 18:34


All times are UTC




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Keine Verbindung via OpenVPN (TLS)
PostPosted: 29.09.2016 14:17 
DES
DES

Joined: 29.09.2016 14:04
Posts: 1
Fehlermledung: "cannot locate hmac in incoming packet openvpn"

Hier meine Konfiguration:
OpenSuse 13.2 64-Bit

Nach dieser Anleitung bin ich vorgegangen
https://en.opensuse.org/SDB:OpenVPN_Ins ... _and_Setup
Die Zertifikate habe ich wie angegeben erstellt.

So sieht meine "Server" Konfiguration aus
#
# Sample OpenVPN configuration file for
# office using SSL/TLS mode and RSA certificates/keys.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun33

# 10.1.0.1 is our local VPN endpoint (office).
# 10.1.0.2 is our remote VPN endpoint (home).
ifconfig 33.33.33.1 33.33.33.2

# Our up script will establish routes
# once the VPN is alive.
#up ./office.up

# In SSL/TLS key exchange, Office will
# assume server role and Home
# will assume client role.
tls-server

# Diffie-Hellman Parameters (tls-server only)
dh /etc/openvpn/sample-keys/dh1024.pem

# Certificate Authority file
ca /etc/openvpn/sample-keys/ca.crt

# Our certificate/public key
cert /etc/openvpn/sample-keys/server.crt

# Our private key
key /etc/openvpn/sample-keys/server.key

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 5033

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3



Und so meine "Client" Konfiguration
#
# Sample OpenVPN configuration file for
# home using SSL/TLS mode and RSA certificates/keys.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun

# Our OpenVPN peer is the office gateway.
remote das-buero

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
ifconfig 33.33.33.2 33.33.33.1

route 192.168.16.0 255.255.255.0 33.33.33.1

# Our up script will establish routes
# once the VPN is alive.
#up ./home.up

# In SSL/TLS key exchange, Office will
# assume server role and Home
# will assume client role.
tls-client

#
ns-cert-type server
#

# Certificate Authority file
#ca ca.crt
<ca>
hier hab ich mein ca.cert eingefügt
</ca>

# Our certificate/public key
#cert client.crt
<cert>
hier hab ich mein client.crt eingefügt
</cert>

# Our private key
#key client.key
<key>
hier hab ich mein client.key eingefügt
</key>

<tls-auth>
#
# 2048 bit OpenVPN static key
#
hier hab ich mein tls.key eingefügt
</tls-auth>

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 5033

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

Seit Stunden versuche ich unterschiedliche Konfigurationen und sehe daher
den Wald vor lauter Bäumen nicht mehr. Natürlich ist der entsprechende Port
im Router bzw. der Firewall geforwardet.

Wo mache ich den Fehler bzw. wer kann mir einen Tip geben ?

Danke schon mal vorab


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Keine Verbindung via OpenVPN (TLS)
PostPosted: 29.09.2016 18:49 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2191
olaf wrote:
Fehlermledung: "cannot locate hmac in incoming packet openvpn"

Hier meine Konfiguration:
OpenSuse 13.2 64-Bit

Nach dieser Anleitung bin ich vorgegangen
https://en.opensuse.org/SDB:OpenVPN_Ins ... _and_Setup
Die Zertifikate habe ich wie angegeben erstellt.

So sieht meine "Server" Konfiguration aus
#
# Sample OpenVPN configuration file for
# office using SSL/TLS mode and RSA certificates/keys.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun33

# 10.1.0.1 is our local VPN endpoint (office).
# 10.1.0.2 is our remote VPN endpoint (home).
ifconfig 33.33.33.1 33.33.33.2
wer macht denn sowas ? Adressbereiche
Quote:
# Our up script will establish routes
# once the VPN is alive.
#up ./office.up

# In SSL/TLS key exchange, Office will
# assume server role and Home
# will assume client role.
tls-server

# Diffie-Hellman Parameters (tls-server only)
dh /etc/openvpn/sample-keys/dh1024.pem

# Certificate Authority file
ca /etc/openvpn/sample-keys/ca.crt

# Our certificate/public key
cert /etc/openvpn/sample-keys/server.crt

# Our private key
key /etc/openvpn/sample-keys/server.key

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 5033

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3



Und so meine "Client" Konfiguration
#
# Sample OpenVPN configuration file for
# home using SSL/TLS mode and RSA certificates/keys.
#
# '#' or ';' may be used to delimit comments.

# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tun

# Our OpenVPN peer is the office gateway.
remote das-buero

# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
ifconfig 33.33.33.2 33.33.33.1

route 192.168.16.0 255.255.255.0 33.33.33.1
darf nicht funktionieren
Quote:
# Our up script will establish routes
# once the VPN is alive.
#up ./home.up

# In SSL/TLS key exchange, Office will
# assume server role and Home
# will assume client role.
tls-client

#
ns-cert-type server
#

# Certificate Authority file
#ca ca.crt
<ca>
hier hab ich mein ca.cert eingefügt
</ca>

# Our certificate/public key
#cert client.crt
<cert>
hier hab ich mein client.crt eingefügt
</cert>

# Our private key
#key client.key
<key>
hier hab ich mein client.key eingefügt
</key>

<tls-auth>
#
# 2048 bit OpenVPN static key
#
hier hab ich mein tls.key eingefügt
</tls-auth>

# OpenVPN 2.0 uses UDP port 1194 by default
# (official port assignment by iana.org 11/04).
# OpenVPN 1.x uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 5033

# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody

# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo

# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15

# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key

# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3

Seit Stunden versuche ich unterschiedliche Konfigurationen und sehe daher
den Wald vor lauter Bäumen nicht mehr. Natürlich ist der entsprechende Port
im Router bzw. der Firewall geforwardet.

Wo mache ich den Fehler bzw. wer kann mir einen Tip geben ?

Danke schon mal vorab

ansonsten .. der Text "nervt"
- wegen der vielen Kommentare
- dafür gibts ne Code-Funtion

den Fehler machst du zuerst bei IMHO unsinnigen Netzzuweisungen (warum nimmst du nicht gleich 8.8.8.8 als Netz ? ;) )
Nachlesen: Netze, was wird wo wie gerouted bzw. was nicht...
die Kugel ist dein Freund...

F.

ps: na ja.. in der Anleitungs stehstts zwar anders, aber....


Top
Offline Profile  
Reply with quote  
 Post subject: Re: Keine Verbindung via OpenVPN (TLS)
PostPosted: 13.11.2016 18:59 
AES 256 bit
AES 256 bit

Joined: 27.11.2012 18:37
Posts: 272
Hi olaf,
versuch doch einmal die ganzen auskommentierten Zeilen wegzulassen.
Dann wäre ich auch gewillt, Deine Configs zu lesen..
Kein Wunder also, das Du den Wald vor lauter Bäumen nicht mehr siehst.:mrgreen:
Im Übrigen gilt der Hinweis von @dl5ym, private Netzbereiche....
https://de.wikipedia.org/wiki/Private_IP-Adresse
...und da kommt Deine Lieblings-IP 33-33-33-33 nicht wirklich vor. :wink:
Gruß orcape


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ]  Moderator: Moderators

All times are UTC


Who is online

Users browsing this forum: No registered users and 22 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net