Merci Kyodev,
1 - Tu avais raison, ce n'était pas un timeout, mais des erreurs dans le mot de passe (oui je sais, pas très brillant:o).
Désormais, la connexion s'effectue correctement
openvpn --config vpnbook-euro1-tcp80.ovpn
# openvpn --config vpnbook-euro1-tcp80.ovpn
Sat Apr 22 22:17:10 2017 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 14 2017
Sat Apr 22 22:17:10 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Enter Auth Username: *******
Enter Auth Password: *******
Sat Apr 22 22:17:28 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Apr 22 22:17:28 2017 NOTE: --fast-io is disabled since we are not using UDP
Sat Apr 22 22:17:28 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]176.126.237.217:80
Sat Apr 22 22:17:28 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Sat Apr 22 22:17:28 2017 Attempting to establish TCP connection with [AF_INET]176.126.237.217:80 [nonblock]
Sat Apr 22 22:17:29 2017 TCP connection established with [AF_INET]176.126.237.217:80
Sat Apr 22 22:17:29 2017 TCP_CLIENT link local: (not bound)
Sat Apr 22 22:17:29 2017 TCP_CLIENT link remote: [AF_INET]176.126.237.217:80
Sat Apr 22 22:17:30 2017 TLS: Initial packet from [AF_INET]176.126.237.217:80, sid=40fce642 6db31e98
Sat Apr 22 22:17:30 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Apr 22 22:17:36 2017 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Sat Apr 22 22:17:36 2017 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Sat Apr 22 22:17:37 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Apr 22 22:17:37 2017 [vpnbook.com] Peer Connection Initiated with [AF_INET]176.126.237.217:80
Sat Apr 22 22:17:38 2017 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
Sat Apr 22 22:17:39 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 89.233.43.71,dhcp-option DNS 91.239.100.100,route 10.12.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.12.0.110 10.12.0.109'
Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: route options modified
Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Apr 22 22:17:39 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Apr 22 22:17:39 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 22 22:17:39 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Apr 22 22:17:39 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 22 22:17:39 2017 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=wlan0 HWADDR=4c:80:93:7b:29:a1
Sat Apr 22 22:17:39 2017 TUN/TAP device tun3 opened
Sat Apr 22 22:17:39 2017 TUN/TAP TX queue length set to 100
Sat Apr 22 22:17:39 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Apr 22 22:17:39 2017 /sbin/ip link set dev tun3 up mtu 1500
Sat Apr 22 22:17:39 2017 /sbin/ip addr add dev tun3 local 10.12.0.110 peer 10.12.0.109
Sat Apr 22 22:17:41 2017 /sbin/ip route add 176.126.237.217/32 via 192.168.43.1
Sat Apr 22 22:17:41 2017 /sbin/ip route add 0.0.0.0/1 via 10.12.0.109
Sat Apr 22 22:17:41 2017 /sbin/ip route add 128.0.0.0/1 via 10.12.0.109
Sat Apr 22 22:17:41 2017 /sbin/ip route add 10.12.0.1/32 via 10.12.0.109
Sat Apr 22 22:17:41 2017 Initialization Sequence Completed
2 - Le message
Sat Apr 22 22:17:28 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
est toujours là. Effectivement,pas très rassurant. Peut-être est-ce lié à ce fournisseur de vpn ....
3 - Pour le fournisseur DNS, je testerai un résolveur DNS type unbound en espérant que c'est une solution plus confidentielle que d'utiliser un serveur externe 8.8.8.8 ou autre