Bonjour,
étant souvent en déplacement j'utilise des VPN.
J'utilise le plus souvent network-manager-openvpn-gnome , seulement network-manager-openvpn ne prend pas en charge toutes les options des fichiers de configurations openvpn et rend certains VPN inaccessibles.
Lorsque j’essaie de me connecter en utilisant directement openvpn le log m'affiche "Initialization Sequence Completed" et aucun message d’erreur, pourtant la connexion ne fonctionne pas (traceroute et ping ne répondes pas), et ce avec n'importe quel serveur VPN y compris ceux fonctionnel avec network-manager.
Je pense que le problème viens de la table de routage qui diffère entre network-manager-openvpn et openvpn.
Pour vous donner un exemple je vais prendre
www.vpnbook.com un serveur vpn gratuit dont je ne connais absolument pas la fiabilité,
je vais me connecter avec network-manager-openvpn puis avec openvpn et poster les
logs openvpn,
/var/log/daemon.log ,
ifconfig et
route -n et ainsi tenter de comprendre avec votre aide pourquoi la connexion fonctionne dans un cas et pas dans l'autre.
avec
network-manager____________________________________________________________________________________________________________________________________________________________________
/var/log/daemon.log NetworkManager[3342]: <info> Starting VPN service 'openvpn'...
NetworkManager[3342]: <info> VPN service 'openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 7446
NetworkManager[3342]: <info> VPN service 'openvpn' appeared; activating connections
NetworkManager[3342]: <info> VPN plugin state changed: init (1)
NetworkManager[3342]: <info> VPN plugin state changed: starting (3)
NetworkManager[3342]: <info> VPN connection 'vpnbook-UDP25000' (Connect) reply received.
nm-openvpn[7450]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 23 2012
nm-openvpn[7450]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
nm-openvpn[7450]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
nm-openvpn[7450]: LZO compression initialized
nm-openvpn[7450]: UDPv4 link local: [undef]
nm-openvpn[7450]: UDPv4 link remote: [AF_INET]93.114.44.253:25000
nm-openvpn[7450]: [ns.vpnbook.com] Peer Connection Initiated with [AF_INET]93.114.44.253:25000
nm-openvpn[7450]: TUN/TAP device tun0 opened
nm-openvpn[7450]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper tun0 1500 1558 10.10.0.54 10.10.0.53 init
NetworkManager[3342]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
NetworkManager[3342]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
NetworkManager[3342]: <info> VPN connection 'vpnbook-UDP25000' (IP Config Get) reply received.
NetworkManager[3342]: <info> VPN Gateway: 93.114.44.253
NetworkManager[3342]: <info> Internal Gateway: 10.10.0.53
NetworkManager[3342]: <info> Tunnel Device: tun0
NetworkManager[3342]: <info> Internal IP4 Address: 10.10.0.54
NetworkManager[3342]: <info> Internal IP4 Prefix: 32
NetworkManager[3342]: <info> Internal IP4 Point-to-Point Address: 10.10.0.53
NetworkManager[3342]: <info> Maximum Segment Size (MSS): 0
NetworkManager[3342]: <info> Static Route: 10.10.0.1/32 Next Hop: 10.10.0.1
NetworkManager[3342]: <info> Forbid Default Route: no
NetworkManager[3342]: <info> Internal IP4 DNS: 195.60.76.114
NetworkManager[3342]: <info> Internal IP4 DNS: 195.60.76.115
NetworkManager[3342]: <info> DNS Domain: '(none)'
nm-openvpn[7450]: Initialization Sequence Completed
ifconfig
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:138 errors:0 dropped:0 overruns:0 frame:0
TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:24927 (24.3 KiB) TX bytes:24927 (24.3 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:10.10.0.54 P-t-P:10.10.0.53 Masque:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:252 (252.0 B) TX bytes:102 (102.0 B)
wlan0 Link encap:Ethernet HWaddr 28:6A:BA:70:18:68
inet adr:10.35.201.108 Bcast:10.35.201.255 Masque:255.255.255.0
adr inet6: fe80::de85:deff:fe04:e052/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26345 errors:0 dropped:0 overruns:0 frame:0
TX packets:7040 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:10113919 (9.6 MiB) TX bytes:1068474 (1.0 MiB)
route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 10.10.0.53 0.0.0.0 UG 0 0 0 tun0
10.10.0.1 10.10.0.53 255.255.255.255 UGH 0 0 0 tun0
10.10.0.53 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.35.201.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
93.114.44.253 10.35.201.10 255.255.255.255 UGH 0 0 0 wlan0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 tun0
______________________________________________________________________________________________________________________________________________________________________
avec openvpn
______________________________________________________________________________________________________________________________________________________________________
log openvpn
Mon OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Mar 23 2012
Enter Auth Username:freeopenvpn
Enter Auth Password:
Mon WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon LZO compression initialized
Mon Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Socket Buffers: R=[229376->131072] S=[229376->131072]
Mon Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Local Options hash (VER=V4): '66096c33'
Mon Expected Remote Options hash (VER=V4): '691e95c7'
Mon UDPv4 link local: [undef]
Mon UDPv4 link remote: [AF_INET]93.114.44.253:25000
Mon TLS: Initial packet from [AF_INET]93.114.44.253:25000, sid=8cebce04 08b790c0
Mon WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon VERIFY OK: depth=1, /C=EU/ST=RO/L=Bucharest/O=VPNBook.com/OU=changeme/CN=ns.vpnbook.com/name=changeme/emailAddress=contact@vpnbook.com
Mon VERIFY OK: depth=0, /C=EU/ST=RO/L=Bucharest/O=VPNBook.com/OU=changeme/CN=ns.vpnbook.com/name=changeme/emailAddress=contact@vpnbook.com
Mon Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon [ns.vpnbook.com] Peer Connection Initiated with [AF_INET]93.114.44.253:25000
Mon SENT CONTROL [ns.vpnbook.com]: 'PUSH_REQUEST' (status=1)
Mon PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 195.60.76.114,dhcp-option DNS 195.60.76.115,route 10.10.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.10.0.10 10.10.0.9'
Mon OPTIONS IMPORT: timers and/or timeouts modified
Mon OPTIONS IMPORT: --ifconfig/up options modified
Mon OPTIONS IMPORT: route options modified
Mon OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon ROUTE default_gateway=10.35.201.10
Mon TUN/TAP device tun2 opened
Mon TUN/TAP TX queue length set to 100
Mon do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon /sbin/ifconfig tun2 10.10.0.10 pointopoint 10.10.0.9 mtu 1500
Mon /sbin/route add -net 93.114.44.253 netmask 255.255.255.255 gw 10.35.201.10
Mon /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.10.0.9
Mon /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.10.0.9
Mon /sbin/route add -net 10.10.0.1 netmask 255.255.255.255 gw 10.10.0.9
Mon Initialization Sequence Completed
ifconfig
lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:142 errors:0 dropped:0 overruns:0 frame:0
TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:25135 (24.5 KiB) TX bytes:25135 (24.5 KiB)
tun2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet adr:10.10.0.10 P-t-P:10.10.0.9 Masque:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 28:6A:BA:70:18:68
inet adr:10.35.201.108 Bcast:10.35.201.255 Masque:255.255.255.0
adr inet6: fe80::de85:deff:fe04:e052/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30701 errors:0 dropped:0 overruns:0 frame:0
TX packets:7387 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:10932314 (10.4 MiB) TX bytes:1116315 (1.0 MiB)
route -n
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use Iface
0.0.0.0 10.10.0.9 128.0.0.0 UG 0 0 0 tun2
0.0.0.0 10.35.201.10 0.0.0.0 UG 0 0 0 wlan0
10.10.0.1 10.10.0.9 255.255.255.255 UGH 0 0 0 tun2
10.10.0.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun2
10.35.201.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
93.114.44.253 10.35.201.10 255.255.255.255 UGH 0 0 0 wlan0
128.0.0.0 10.10.0.9 128.0.0.0 UG 0 0 0 tun2
/var/log/daemon.log
NetworkManager[3342]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/tun2, iface: tun2)
NetworkManager[3342]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/tun2, iface: tun2): no ifupdown configuration found.
______________________________________________________________________________________________________________________________________________________________________
Voici le fichier config ovpn du serveur
client
dev tun2
proto udp
remote 93.115.84.198 25000 # - Server1
remote 93.114.44.253 25000 # - Server2
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpnbook.crt
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
remote-random
route-delay 2
redirect-gateway
Si quelqu'un pouvait m'expliquer pourquoi network-manger et openvpn configure la table de routage différemment et comment faire en sorte que openvpn la gére correctement je vous en saurais gré.
Par avance merci de vos réponse.
Dernière modification par anguille_sous_roche (20-03-2013 14:22:49)