Bonjour,
Voilà, j'essaie de faire fonctionner mon serveur openvpn, mais de toutes les façons, je n'arrive pas à donner l'accès a internet au client vpn lorsque la connexion est établie. Mon serveur openvpn fonctionne sur une machine debian9. Comme je souhaite avoir accès au serveur samba, j'ai configuré le serveur openvpn avec option
server-bridge en suivant les informations sur :
https://openvpn.net/community-resources … -bridging/Mon réseau local est géré par un routeur linksys.
mon fichier de configuration du serveur (server.conf):
port 1194
proto udp
dev tap0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
server-bridge 192.168.1.101 255.255.255.0 192.168.1.100 192.168.1.199
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
status openvpn-status.log
verb 3
crl-verify crl.pem
mon fichier de configuration du client (client.conf):
sndbuf 0
client
dev tap0
proto udp
sndbuf 0
rcvbuf 0
remote ippublique + port
resolv-retry infinite
nobind
persist-key
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
setenv opt block-outside-dns
key-direction 1
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
...
...
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
...
...
...
-----END OpenVPN Static key V1-----
</tls-auth>
log de connexion sur le client:
Wed May 29 14:19:27 2019 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 1 2018
Wed May 29 14:19:27 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed May 29 14:19:27 2019 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Enter Management Password:
Wed May 29 14:19:27 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed May 29 14:19:27 2019 Need hold release from management interface, waiting...
Wed May 29 14:19:28 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed May 29 14:19:28 2019 MANAGEMENT: CMD 'state on'
Wed May 29 14:19:28 2019 MANAGEMENT: CMD 'log all on'
Wed May 29 14:19:28 2019 MANAGEMENT: CMD 'echo all on'
Wed May 29 14:19:28 2019 MANAGEMENT: CMD 'bytecount 5'
Wed May 29 14:19:28 2019 MANAGEMENT: CMD 'hold off'
Wed May 29 14:19:28 2019 MANAGEMENT: CMD 'hold release'
Wed May 29 14:19:28 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed May 29 14:19:28 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed May 29 14:19:28 2019 TCP/UDP: Preserving recently used remote address: [AF_INET][i]mon ip publique[/i]
Wed May 29 14:19:28 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed May 29 14:19:28 2019 UDP link local: (not bound)
Wed May 29 14:19:28 2019 UDP link remote: [AF_INET][i]mon ip publique[/i]
Wed May 29 14:19:28 2019 MANAGEMENT: >STATE:1559153968,WAIT,,,,,,
Wed May 29 14:19:28 2019 MANAGEMENT: >STATE:1559153968,AUTH,,,,,,
Wed May 29 14:19:28 2019 TLS: Initial packet from [AF_INET][i]mon ip publique[/i], sid=da6d74ad 99e0a223
Wed May 29 14:19:28 2019 VERIFY OK: depth=1, CN=ChangeMe
Wed May 29 14:19:28 2019 VERIFY KU OK
Wed May 29 14:19:28 2019 Validating certificate extended key usage
Wed May 29 14:19:28 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 29 14:19:28 2019 VERIFY EKU OK
Wed May 29 14:19:28 2019 VERIFY OK: depth=0, CN=server
Wed May 29 14:19:28 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed May 29 14:19:28 2019 [server] Peer Connection Initiated with [AF_INET][i]mon ip publique[/i]
Wed May 29 14:19:29 2019 MANAGEMENT: >STATE:1559153969,GET_CONFIG,,,,,,
Wed May 29 14:19:29 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed May 29 14:19:29 2019 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.1.101,ping 10,ping-restart 120,ifconfig 192.168.1.100 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Wed May 29 14:19:29 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed May 29 14:19:29 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed May 29 14:19:29 2019 OPTIONS IMPORT: route-related options modified
Wed May 29 14:19:29 2019 OPTIONS IMPORT: peer-id set
Wed May 29 14:19:29 2019 OPTIONS IMPORT: adjusting link_mtu to 1656
Wed May 29 14:19:29 2019 OPTIONS IMPORT: data channel crypto options modified
Wed May 29 14:19:29 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed May 29 14:19:29 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 29 14:19:29 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed May 29 14:19:29 2019 interactive service msg_channel=0
Wed May 29 14:19:29 2019 open_tun
Wed May 29 14:19:29 2019 TAP-WIN32 device [Ethernet 10] opened: \\.\Global\{B0CBA03E-E94C-4505-ACE6-9EB2880CC35C}.tap
Wed May 29 14:19:29 2019 TAP-Windows Driver Version 9.21
Wed May 29 14:19:29 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.1.100/255.255.255.0 on interface {B0CBA03E-E94C-4505-ACE6-9EB2880CC35C} [DHCP-serv: 192.168.1.0, lease-time: 31536000]
Wed May 29 14:19:29 2019 Successful ARP Flush on interface [27] {B0CBA03E-E94C-4505-ACE6-9EB2880CC35C}
Wed May 29 14:19:30 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed May 29 14:19:30 2019 MANAGEMENT: >STATE:1559153970,ASSIGN_IP,,192.168.1.100,,,,
Wed May 29 14:19:30 2019 Block_DNS: WFP engine opened
Wed May 29 14:19:30 2019 Block_DNS: Using existing sublayer
Wed May 29 14:19:30 2019 Block_DNS: Added permit filters for exe_path
Wed May 29 14:19:30 2019 Block_DNS: Added block filters for all interfaces
Wed May 29 14:19:30 2019 Block_DNS: Added permit filters for TAP interface
Wed May 29 14:19:35 2019 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Wed May 29 14:19:35 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 29 14:19:35 2019 Initialization Sequence Completed
Wed May 29 14:19:35 2019 MANAGEMENT: >STATE:1559153975,CONNECTED,SUCCESS,192.168.1.100,[i]mon ip publique[/i],,
Merci pour votre aide.
botojo
Dernière modification par botojo (29-05-2019 19:49:50)