Connexion VPN aléatoire

papy-tux · 20-04-2017 13:29:08

Bonjour,

J'essaye de faire fonctionner une liaison vpn entre mon pc et un serveur public gratuit (vpnbook) avec des résultats mitigés!. Tantôt (un jour) la connexion s'effectue bien, tantôt (un autre jour), elle ne s'effectue pas et je suis incapable d'en trouver la raison.

Je lance la connexion avec :

openvpn --config vpnbook-euro1-tcp80.ovpn 

 

Lorsque cela ne marche pas, j'obtiens :

openvpn vpnbook-euro1-tcp80.ovpn 

Thu Apr 20 14:14:27 2017 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 14 2017

Thu Apr 20 14:14:27 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08

Enter Auth Username: *******

Enter Auth Password: *******

Thu Apr 20 14:14:43 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr 20 14:14:43 2017 NOTE: --fast-io is disabled since we are not using UDP

Thu Apr 20 14:14:43 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]176.126.237.217:80

Thu Apr 20 14:14:43 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]

Thu Apr 20 14:14:43 2017 Attempting to establish TCP connection with [AF_INET]176.126.237.217:80 [nonblock]

Thu Apr 20 14:14:44 2017 TCP connection established with [AF_INET]176.126.237.217:80

Thu Apr 20 14:14:44 2017 TCP_CLIENT link local: (not bound)

Thu Apr 20 14:14:44 2017 TCP_CLIENT link remote: [AF_INET]176.126.237.217:80

Thu Apr 20 14:14:46 2017 Connection reset, restarting [-1]

Thu Apr 20 14:14:46 2017 SIGUSR1[soft,connection-reset] received, process restarting

Thu Apr 20 14:14:46 2017 Restart pause, 5 second(s)

Thu Apr 20 14:14:51 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Thu Apr 20 14:14:51 2017 NOTE: --fast-io is disabled since we are not using UDP

Thu Apr 20 14:15:11 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]176.126.237.217:80

Thu Apr 20 14:15:11 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]

Thu Apr 20 14:15:11 2017 Attempting to establish TCP connection with [AF_INET]176.126.237.217:80 [nonblock]

D'un point de vue réseau, mon installation est standard (wicd - connexion dhcp), à part le serveur DNS que je configure à 8.8.8.8 (il me semble que lorsque j'utilise les serveurs du FAI la connexion vpn échoue toujours).

Voià... SI quelqu'un a une idée

Merci d'avance

kyodev · 20-04-2017 14:07:41

WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

http://openvpn.net/howto.html#mitm mais je ne sais pas si cela explique l'échec, en tout cas c'est pas sécurisant.

Thu Apr 20 14:14:44 2017 TCP_CLIENT link remote: [AF_INET]176.126.237.217:80
Thu Apr 20 14:14:46 2017 Connection reset, restarting [-1]

en tout cas, ça bloque rapidement (2s), c'est pas un timeout.

quant à 8888, google, c'est peut-être antinomique avec discrétion vpn?
comme openDns d'ailleurs.
il vaudrait peut-être mieux utiliser FDN ou OpenNic doc:systeme:resolv.conf#exemple

papy-tux · 22-04-2017 21:30:08

Merci Kyodev,

1 - Tu avais raison, ce n'était pas un timeout, mais des erreurs dans le mot de passe (oui je sais, pas très brillant:o).

Désormais, la connexion s'effectue correctement

openvpn --config vpnbook-euro1-tcp80.ovpn

# openvpn --config vpnbook-euro1-tcp80.ovpn

Sat Apr 22 22:17:10 2017 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 14 2017

Sat Apr 22 22:17:10 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08

Enter Auth Username: *******

Enter Auth Password: *******

Sat Apr 22 22:17:28 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Sat Apr 22 22:17:28 2017 NOTE: --fast-io is disabled since we are not using UDP

Sat Apr 22 22:17:28 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]176.126.237.217:80

Sat Apr 22 22:17:28 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]

Sat Apr 22 22:17:28 2017 Attempting to establish TCP connection with [AF_INET]176.126.237.217:80 [nonblock]

Sat Apr 22 22:17:29 2017 TCP connection established with [AF_INET]176.126.237.217:80

Sat Apr 22 22:17:29 2017 TCP_CLIENT link local: (not bound)

Sat Apr 22 22:17:29 2017 TCP_CLIENT link remote: [AF_INET]176.126.237.217:80

Sat Apr 22 22:17:30 2017 TLS: Initial packet from [AF_INET]176.126.237.217:80, sid=40fce642 6db31e98

Sat Apr 22 22:17:30 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Sat Apr 22 22:17:36 2017 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com

Sat Apr 22 22:17:36 2017 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com

Sat Apr 22 22:17:37 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

Sat Apr 22 22:17:37 2017 [vpnbook.com] Peer Connection Initiated with [AF_INET]176.126.237.217:80

Sat Apr 22 22:17:38 2017 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)

Sat Apr 22 22:17:39 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS  89.233.43.71,dhcp-option DNS  91.239.100.100,route 10.12.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.12.0.110 10.12.0.109'

Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: timers and/or timeouts modified

Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: --ifconfig/up options modified

Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: route options modified

Sat Apr 22 22:17:39 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Sat Apr 22 22:17:39 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

Sat Apr 22 22:17:39 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Apr 22 22:17:39 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key

Sat Apr 22 22:17:39 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sat Apr 22 22:17:39 2017 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=wlan0 HWADDR=4c:80:93:7b:29:a1

Sat Apr 22 22:17:39 2017 TUN/TAP device tun3 opened

Sat Apr 22 22:17:39 2017 TUN/TAP TX queue length set to 100

Sat Apr 22 22:17:39 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Sat Apr 22 22:17:39 2017 /sbin/ip link set dev tun3 up mtu 1500

Sat Apr 22 22:17:39 2017 /sbin/ip addr add dev tun3 local 10.12.0.110 peer 10.12.0.109

Sat Apr 22 22:17:41 2017 /sbin/ip route add 176.126.237.217/32 via 192.168.43.1

Sat Apr 22 22:17:41 2017 /sbin/ip route add 0.0.0.0/1 via 10.12.0.109

Sat Apr 22 22:17:41 2017 /sbin/ip route add 128.0.0.0/1 via 10.12.0.109

Sat Apr 22 22:17:41 2017 /sbin/ip route add 10.12.0.1/32 via 10.12.0.109

Sat Apr 22 22:17:41 2017 Initialization Sequence Completed

2 - Le message

Sat Apr 22 22:17:28 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

est toujours là. Effectivement,pas très rassurant. Peut-être est-ce lié à ce fournisseur de vpn ....

3 - Pour le fournisseur DNS, je testerai un résolveur DNS type unbound en espérant que c'est une solution plus confidentielle que d'utiliser un serveur externe 8.8.8.8 ou autre

Debian-facile

#1 20-04-2017 13:29:08

Connexion VPN aléatoire

#2 20-04-2017 14:07:41

Re : Connexion VPN aléatoire

#3 22-04-2017 21:30:08

Re : Connexion VPN aléatoire

Pied de page des forums