[Problem] OpenVPN mit ivacy.com

Sidebar Sidebar
Upgrade 3CX to v18 and get it hosted free!
Ja, die beiden Zeilen gehören noch in die Config.
Starten wie bisher, ich muss gestehen, ich weiß nicht mehr genau, wie du das im Moment machst?!?
Auch bei einer eigenen Config für die "alte" GUI kannst du das über "Automatisch" in der GUI machen, das wird noch ausgewertet.
 
Ja das weiß ich schon, ich möchte nur gern den Dienst per rc.custom über einen Befehl starten, damit dieser verzögert gestartet wird?
 
Ach so, das geht, ähnlich wie oben der "verzögerte" Eintrag:

Code: 
# Openvpn nach 1 Minute starten
(sleep 60 && rc.openvpn start )&
 
Das mit den Config funktioniert leider nicht

Code: 
WARNING: Failed running command (--up/--down): could not execute external program

Was ich aber überhaupt nicht verstehe, die Verbindung zu den VPN openvpn.invacy.com funktioniert noch mit DNS-Auflösung, aber sobald ich per VPN verbunden bin geht nicht mehr mal ein ping openvpn.ivacy.com?
 
Fängt dein "up" script mit der Zeile
Code: 
#!/bin/sh
an? Oder, wie genau sieht es aus? Nutzt du momentan die Methode ohne "chroot", sonst funktionieren Shellskripte nicht so ohne weiteres...

Kannst du den zweiten Teil der Frage nochmal anders stellen? Das verstehe ich nicht. Von wo scheitert der Ping? Geht nur der Ping auf den Namen nicht, oder scheitert auch der ping auf die IP? Ich hatte gedacht, die DNS-Nummer wäre nun gelöst?!?
Oder betrifft das jetzt nur diesen einen Namen, denn für die IP, die du gerade nutzt, geht das ja immer noch durch das normale DSL, nicht durch das VPN.
 
Nach einen Reconnect funktioniert keine DNS Auflösung u. kein ping mehr, d. h. auch an IP-Adressen, wenn ich einen Reboot mache dann geht alles wieder?

Aber was ich nicht verstehe, jede Stunde passiert im Log eine Aktivität, kann da jemand erklären?

Code: 
Fri Nov  8 06:30:53 2013 OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Oct 16 2013
Fri Nov  8 06:30:53 2013 Socket Buffers: R=[110592->131072] S=[110592->131072]
Fri Nov  8 06:30:53 2013 UDPv4 link local: [undef]
Fri Nov  8 06:30:53 2013 UDPv4 link remote: [AF_INET]178.73.212.241:7004
Fri Nov  8 06:30:53 2013 TLS: Initial packet from [AF_INET]178.73.212.241:7004, sid=6bccabfd 59fcf808
Fri Nov  8 06:30:53 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov  8 06:30:53 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 06:30:53 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 06:30:53 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 06:30:57 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 06:30:57 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 06:30:57 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 06:30:57 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 06:30:57 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 06:30:57 2013 [server] Peer Connection Initiated with [AF_INET]178.73.212.241:7004
Fri Nov  8 06:30:59 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Nov  8 06:30:59 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route-gateway 5.254.137.97,topology subnet,ping 10,ping-restart 160,ifconfig 5.254.137.106 255.255.255.224'
Fri Nov  8 06:30:59 2013 OPTIONS IMPORT: timers and/or timeouts modified
Fri Nov  8 06:30:59 2013 OPTIONS IMPORT: --ifconfig/up options modified
Fri Nov  8 06:30:59 2013 OPTIONS IMPORT: route options modified
Fri Nov  8 06:30:59 2013 OPTIONS IMPORT: route-related options modified
Fri Nov  8 06:30:59 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Nov  8 06:30:59 2013 TUN/TAP device tun0 opened
Fri Nov  8 06:30:59 2013 TUN/TAP TX queue length set to 100
Fri Nov  8 06:30:59 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Nov  8 06:30:59 2013 /sbin/ifconfig tun0 5.254.137.106 netmask 255.255.255.224 mtu 1500 broadcast 5.254.137.127
Fri Nov  8 06:30:59 2013 /sbin/route add -net 178.73.212.241 netmask 255.255.255.255 gw 192.168.10.1
Fri Nov  8 06:30:59 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 5.254.137.97
Fri Nov  8 06:30:59 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 5.254.137.97
Fri Nov  8 06:31:00 2013 Initialization Sequence Completed
Fri Nov  8 07:30:57 2013 TLS: soft reset sec=0 bytes=411234/0 pkts=3389/0
Fri Nov  8 07:30:57 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 07:30:57 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 07:30:57 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 07:31:00 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 07:31:00 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 07:31:00 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 07:31:00 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 07:31:00 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 08:30:57 2013 TLS: tls_process: killed expiring key
Fri Nov  8 08:31:00 2013 TLS: soft reset sec=0 bytes=394028/0 pkts=3253/0
Fri Nov  8 08:31:01 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 08:31:01 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 08:31:01 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 08:31:04 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 08:31:04 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 08:31:04 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 08:31:04 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 08:31:04 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 09:31:00 2013 TLS: tls_process: killed expiring key
Fri Nov  8 09:31:04 2013 TLS: soft reset sec=0 bytes=404459/0 pkts=3319/0
Fri Nov  8 09:31:04 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 09:31:04 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 09:31:04 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 09:31:07 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 09:31:07 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 09:31:07 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 09:31:07 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 09:31:07 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 10:31:04 2013 TLS: tls_process: killed expiring key
Fri Nov  8 10:31:07 2013 TLS: soft reset sec=0 bytes=385425/0 pkts=3131/0
Fri Nov  8 10:31:07 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 10:31:07 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 10:31:07 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 10:31:10 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 10:31:10 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 10:31:10 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 10:31:10 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 10:31:10 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 11:31:07 2013 TLS: tls_process: killed expiring key
Fri Nov  8 11:31:10 2013 TLS: soft reset sec=0 bytes=386563/0 pkts=3160/0
Fri Nov  8 11:31:10 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 11:31:10 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 11:31:10 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 11:31:13 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 11:31:13 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 11:31:13 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 11:31:13 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 11:31:13 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 12:31:10 2013 TLS: tls_process: killed expiring key
Fri Nov  8 12:31:13 2013 TLS: soft reset sec=0 bytes=378584/0 pkts=3080/0
Fri Nov  8 12:31:14 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 12:31:14 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 12:31:14 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 12:31:17 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 12:31:17 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 12:31:17 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 12:31:17 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 12:31:17 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 13:31:14 2013 TLS: tls_process: killed expiring key
Fri Nov  8 13:31:17 2013 TLS: soft reset sec=0 bytes=382367/0 pkts=3099/0
Fri Nov  8 13:31:17 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 13:31:17 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 13:31:17 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 13:31:20 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 13:31:20 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 13:31:20 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 13:31:20 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 13:31:20 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 14:31:17 2013 TLS: tls_process: killed expiring key
Fri Nov  8 14:31:20 2013 TLS: soft reset sec=0 bytes=387001/0 pkts=3183/0
Fri Nov  8 14:31:20 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 14:31:20 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 14:31:20 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 14:31:23 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 14:31:23 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 14:31:23 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 14:31:23 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 14:31:23 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 15:31:20 2013 TLS: tls_process: killed expiring key
Fri Nov  8 15:31:23 2013 TLS: soft reset sec=0 bytes=409894/0 pkts=3383/0
Fri Nov  8 15:31:24 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 15:31:24 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 15:31:24 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 15:31:27 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 15:31:27 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 15:31:27 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 15:31:27 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 15:31:27 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 16:31:23 2013 TLS: tls_process: killed expiring key
Fri Nov  8 16:31:27 2013 TLS: soft reset sec=0 bytes=371382/0 pkts=3189/0
Fri Nov  8 16:31:27 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 16:31:27 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 16:31:27 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 16:31:30 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 16:31:30 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 16:31:30 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 16:31:30 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 16:31:30 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 17:31:27 2013 TLS: tls_process: killed expiring key
Fri Nov  8 17:31:30 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 17:31:30 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 17:31:30 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 17:31:34 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 17:31:34 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 17:31:34 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 17:31:34 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 17:31:34 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 18:31:30 2013 TLS: tls_process: killed expiring key
Fri Nov  8 18:31:34 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 18:31:34 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 18:31:34 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 18:31:37 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 18:31:37 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 18:31:37 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 18:31:37 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 18:31:37 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 19:31:34 2013 TLS: tls_process: killed expiring key
Fri Nov  8 19:31:37 2013 TLS: soft reset sec=0 bytes=377856/0 pkts=3185/0
Fri Nov  8 19:31:37 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 19:31:37 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 19:31:37 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 19:31:40 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 19:31:40 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 19:31:40 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 19:31:40 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 19:31:40 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 20:31:38 2013 TLS: tls_process: killed expiring key
Fri Nov  8 20:31:40 2013 TLS: soft reset sec=0 bytes=364080/0 pkts=3023/0
Fri Nov  8 20:31:40 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 20:31:40 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 20:31:40 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 20:31:44 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 20:31:44 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 20:31:44 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 20:31:44 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 20:31:44 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 21:31:40 2013 TLS: tls_process: killed expiring key
Fri Nov  8 21:31:44 2013 TLS: soft reset sec=0 bytes=270995/0 pkts=2479/0
Fri Nov  8 21:31:44 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 21:31:44 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 21:31:44 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 21:31:48 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 21:31:48 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 21:31:48 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 21:31:48 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 21:31:48 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 22:31:44 2013 TLS: tls_process: killed expiring key
Fri Nov  8 22:31:48 2013 TLS: soft reset sec=0 bytes=266545/0 pkts=2428/0
Fri Nov  8 22:31:48 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 22:31:48 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 22:31:48 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 22:31:52 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 22:31:52 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 22:31:52 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 22:31:52 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 22:31:52 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Nov  8 23:31:48 2013 TLS: tls_process: killed expiring key
Fri Nov  8 23:31:52 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Fri Nov  8 23:31:52 2013 VERIFY OK: nsCertType=SERVER
Fri Nov  8 23:31:52 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Fri Nov  8 23:31:55 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 23:31:55 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 23:31:55 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Nov  8 23:31:55 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov  8 23:31:55 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 00:31:52 2013 TLS: tls_process: killed expiring key
Sat Nov  9 00:31:55 2013 TLS: soft reset sec=0 bytes=343723/0 pkts=2830/0
Sat Nov  9 00:31:56 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 00:31:56 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 00:31:56 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 00:31:59 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 00:31:59 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 00:31:59 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 00:31:59 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 00:31:59 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 01:31:55 2013 TLS: tls_process: killed expiring key
Sat Nov  9 01:31:59 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 01:32:00 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 01:32:00 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 01:32:03 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 01:32:03 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 01:32:03 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 01:32:03 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 01:32:03 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 02:31:59 2013 TLS: tls_process: killed expiring key
Sat Nov  9 02:32:03 2013 TLS: soft reset sec=0 bytes=331678/0 pkts=2660/0
Sat Nov  9 02:32:03 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 02:32:03 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 02:32:03 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 02:32:07 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 02:32:07 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 02:32:07 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 02:32:07 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 02:32:07 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 03:32:03 2013 TLS: tls_process: killed expiring key
Sat Nov  9 03:32:08 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 03:32:08 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 03:32:08 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 03:32:11 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 03:32:11 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 03:32:11 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 03:32:11 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 03:32:11 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 04:32:07 2013 TLS: tls_process: killed expiring key
Sat Nov  9 04:32:11 2013 TLS: soft reset sec=0 bytes=356800/0 pkts=2856/0
Sat Nov  9 04:32:11 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 04:32:11 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 04:32:11 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 04:32:14 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 04:32:14 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 04:32:14 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 04:32:14 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 04:32:14 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 05:32:11 2013 TLS: tls_process: killed expiring key
Sat Nov  9 05:32:14 2013 TLS: soft reset sec=0 bytes=345846/0 pkts=2781/0
Sat Nov  9 05:33:15 2013 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Nov  9 05:33:15 2013 TLS Error: TLS handshake failed
Sat Nov  9 05:33:15 2013 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
Sat Nov  9 05:33:30 2013 TLS: Initial packet from [AF_INET]178.73.212.241:7004, sid=f3c6b633 8d5d6660
Sat Nov  9 05:33:31 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 05:33:31 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 05:33:31 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 05:33:34 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 05:33:34 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 05:33:34 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 05:33:34 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 05:33:34 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 06:32:14 2013 TLS: tls_multi_process: killed expiring key
Sat Nov  9 06:33:35 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 06:33:35 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 06:33:35 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 06:33:38 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 06:33:38 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 06:33:38 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 06:33:38 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 06:33:38 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 07:33:34 2013 TLS: tls_process: killed expiring key
Sat Nov  9 07:33:39 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 07:33:39 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 07:33:39 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 07:33:42 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 07:33:42 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 07:33:42 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 07:33:42 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 07:33:42 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 08:33:38 2013 TLS: tls_process: killed expiring key
Sat Nov  9 08:33:42 2013 TLS: soft reset sec=0 bytes=100968/0 pkts=1249/0
Sat Nov  9 08:33:43 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 08:33:43 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 08:33:43 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 08:33:46 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 08:33:46 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 08:33:46 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 08:33:46 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 08:33:46 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 09:33:42 2013 TLS: tls_process: killed expiring key
Sat Nov  9 09:33:46 2013 TLS: soft reset sec=0 bytes=113295/0 pkts=1292/0
Sat Nov  9 09:33:46 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 09:33:46 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 09:33:46 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 09:33:49 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 09:33:49 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 09:33:49 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 09:33:49 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 09:33:49 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 10:33:47 2013 TLS: tls_process: killed expiring key
Sat Nov  9 10:33:49 2013 TLS: soft reset sec=0 bytes=106221/0 pkts=1276/0
Sat Nov  9 10:33:49 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 10:33:49 2013 VERIFY OK: nsCertType=SERVER
Sat Nov  9 10:33:49 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 10:33:53 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 10:33:53 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 10:33:53 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 10:33:53 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 10:33:53 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
 
Zuletzt bearbeitet:
Die "Jede Stunde Aktivität" steht doch schön im Log beschrieben: "TLS: tls_process: killed expiring key"
Die Laufzeit des vereinbarten Schlüsselpaars ist abgelaufen, und es wird ein neues Schlüsselpaar ausgetauscht. Defaultwert ist bei OpenVPN 60Minuten (reneg-sec 3600).

Für das "Reconnect-Problem" brauchen wir wirklich mehr Informationen: Wie sieht die Routingtabelle aus, wie der Eintrag für den DNS, was steht dann im VPN-Log?
 
Das Log habt Ihr im vorherigen Log schon, da ist ein kompletter Tag (so zwischen 05.00 Uhr u. 06.00 Uhr). Die Zwangstrennung passierte um 05.31 Uhr.

Das Routing

Code: 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
178.73.212.241  192.168.10.1    255.255.255.255 UGH   0      0        0 lan
5.254.137.32    *               255.255.255.224 U     0      0        0 tun0
192.168.10.0    *               255.255.255.0   U     0      0        0 lan
169.254.0.0     *               255.255.0.0     U     0      0        0 lan
default         5.254.137.33    128.0.0.0       UG    0      0        0 tun0
128.0.0.0       5.254.137.33    128.0.0.0       UG    0      0        0 tun0
default         192.168.10.1    0.0.0.0         UG    9      0        0 lan

etc/resolv.conf

Code: 
nameserver 127.0.0.1
domain fonwlan.box

Box ist über Lan angeschlossen u. eingestellt auf Internet mitbenutzen.

Ich verstehe auch nicht warum ein Reconnect so ein Problem bereitet?

Viele schreiben bei diesen Problem, dass der Port 1194 nicht richtig vom VDSL Modem geforwarded wird?
Was meinen die damit?
 
Zuletzt bearbeitet:
Du hast keinen Server, deshalb brauchst du keinerlei "Forwardings".

Deine Informationen passen nicht zum Log (dort steht nur als Beispiel als Defaultgateway 5.254.137.97, im Routing 5.254.137.33).
Es gibt auch laut dem Log kein Problem, du siehst, dass weiterhin jede Stunde das Rekeying stattfindet, der OpenVPN-Tunnel steht also.

Bitte zusammengehörige Infos posten (Log, Routingtabelle, resolv.conf, ping, trace ...)
- Von einem Zeitpunkt, zu dem das VPN funktioniert
- nach der Zwangstrennung, wenn es nicht mehr funktioniert.

Ping und Trace dabei bitte einmal auf IP und einmal auf Namen.
 
trace kann ich nicht habe ich nicht mit im Freetz drin?
aber ich werde morgen mal das Log u. das Routing nach dem Fehler veröffentlichen, vielleicht kannst du damit was anfangen?

Zustand wo alles funktioniert

Config
Code: 
client
dev tun 
proto udp 
nobind


; CERT
#ns-cert-type server
cipher BF-CBC
ca /tmp/flash/openvpn/ca.crt


; HOST
remote-random
remote 178.73.212.241 7001
remote 178.73.212.241 7002
remote 178.73.212.241 7003
remote 178.73.212.241 7004


resolv-retry infinite


; AUTH
auth-user-pass /tmp/flash/openvpn/passfile
persist-key
persist-tun


reneg-sec 0 


comp-lzo
verb 3
log /var/tmp/debug_openvpn.out
<ca>
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIJAOezsSnjFcrvMA0GCSqGSIb3DQEBBQUAMIGnMQswCQYD
VQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0x
FTATBgNVBAoTDFZwbnR1bm5lbC5zZTERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNV
BAMTCGNoYW5nZW1lMREwDwYDVQQpEwhjaGFuZ2VtZTEgMB4GCSqGSIb3DQEJARYR
aW5mb0B2cG50dW5uZWwuc2UwHhcNMTExMjA5MTY1NTEwWhcNMjExMjA2MTY1NTEw
WjCBpzELMAkGA1UEBhMCU0UxEjAQBgNVBAgTCVN0b2NraG9sbTESMBAGA1UEBxMJ
U3RvY2tob2xtMRUwEwYDVQQKEwxWcG50dW5uZWwuc2UxETAPBgNVBAsTCGNoYW5n
ZW1lMREwDwYDVQQDEwhjaGFuZ2VtZTERMA8GA1UEKRMIY2hhbmdlbWUxIDAeBgkq
hkiG9w0BCQEWEWluZm9AdnBudHVubmVsLnNlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxGFFVamgXqDt4G+NUVFKLvpyl1o40LO5MNegXM3tJtmLR7Sx
2SXxk3H4Q8WdFmOIaYV+C/R6t+vaIP5fVUxy3eNQ5SGgU7be9HKS75NnAHoZTa3L
Wns9N5cvILNVoHw+ICL7HjX/OrrK0MjCOwBEyPO2xxdGnGtxBxVrdy7w2EYv/wys
cMyXm4ZDq9yzJMQtzKo6VBbgKLxxhmU0qyeVri5EKPO3ETE4p7VqUclLea3lZFVo
jHNQWp4phX6uQRqbeje4EfYKzVr6NtKFMbO/0XWdiqGhOtc8PXwHQkKz69xPcer9
hTb9vhiQY3gOvh3YZ5i1bSOW4CS3FBOZ2FTdFQIDAQABo4IBEDCCAQwwHQYDVR0O
BBYEFJ3WpENs1VrbZUzxPyDCKe008QudMIHcBgNVHSMEgdQwgdGAFJ3WpENs1Vrb
ZUzxPyDCKe008QudoYGtpIGqMIGnMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3Rv
Y2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xFTATBgNVBAoTDFZwbnR1bm5lbC5z
ZTERMA8GA1UECxMIY2hhbmdlbWUxETAPBgNVBAMTCGNoYW5nZW1lMREwDwYDVQQp
EwhjaGFuZ2VtZTEgMB4GCSqGSIb3DQEJARYRaW5mb0B2cG50dW5uZWwuc2WCCQDn
s7Ep4xXK7zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAltDUKVaua
YJurI5KSYyZpKme0TnrPZY5xJkoLsMNlb1FgWEG+RgvbRkdBqsAWoY4eljLcPa1y
a0YB2sp+SBAx+vp9k4ubdwQ9f/WTHhYcjHRixWOLk8EWSLpnTXzBiOXy1/tmbeXx
fTrf5ru5if/7pR25geLQYxwdYepBnFh7Iq0CVYTY2Yqoad/jinNIqy057E3uSFuJ
Acez5QLsdor6B3kprzNQJ45R2fIFJEXFsJw71+R3fZIvuWHnU4wVtVC2o6ijvVjw
Ny0h3LfI6NyBG9BiqPuhdGbsbYNYj005Y9mjw/nmvreSdI1qjS7MdO3hsDw7p9qx
Bg7n+L4OIE/a
-----END CERTIFICATE-----
</ca>

Routing-Tabelle
Code: 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
178.73.212.241  192.168.10.1    255.255.255.255 UGH   0      0        0 lan
5.254.137.0     *               255.255.255.224 U     0      0        0 tun0
192.168.10.0    *               255.255.255.0   U     0      0        0 lan
169.254.0.0     *               255.255.0.0     U     0      0        0 lan
default         5.254.137.1     128.0.0.0       UG    0      0        0 tun0
128.0.0.0       5.254.137.1     128.0.0.0       UG    0      0        0 tun0
default         192.168.10.1    0.0.0.0         UG    9      0        0 lan

Log
Code: 
Sat Nov  9 14:29:22 2013 OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Oct 16 2013
Sat Nov  9 14:29:22 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Nov  9 14:29:22 2013 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sat Nov  9 14:29:22 2013 UDPv4 link local: [undef]
Sat Nov  9 14:29:22 2013 UDPv4 link remote: [AF_INET]178.73.212.241:7001
Sat Nov  9 14:29:22 2013 TLS: Initial packet from [AF_INET]178.73.212.241:7001, sid=4fa0f013 c63bbfe2
Sat Nov  9 14:29:22 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Nov  9 14:29:23 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 14:29:23 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 14:29:26 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 14:29:26 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 14:29:26 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 14:29:26 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 14:29:26 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 14:29:26 2013 [server] Peer Connection Initiated with [AF_INET]178.73.212.241:7001
Sat Nov  9 14:29:28 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Nov  9 14:29:28 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route-gateway 5.254.137.1,topology subnet,ping 10,ping-restart 160,ifconfig 5.254.137.8 255.255.255.224'
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: route options modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: route-related options modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Nov  9 14:29:28 2013 TUN/TAP device tun0 opened
Sat Nov  9 14:29:28 2013 TUN/TAP TX queue length set to 100
Sat Nov  9 14:29:28 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov  9 14:29:28 2013 /sbin/ifconfig tun0 5.254.137.8 netmask 255.255.255.224 mtu 1500 broadcast 5.254.137.31
Sat Nov  9 14:29:28 2013 /sbin/route add -net 178.73.212.241 netmask 255.255.255.255 gw 192.168.10.1
Sat Nov  9 14:29:28 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 5.254.137.1
Sat Nov  9 14:29:28 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 5.254.137.1
Sat Nov  9 14:29:28 2013 Initialization Sequence Completed
Sat Nov  9 15:29:27 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 15:29:27 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 15:29:30 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 15:29:30 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 15:29:30 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 15:29:30 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 15:29:30 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 16:29:26 2013 TLS: tls_process: killed expiring key
Sat Nov  9 16:29:31 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 16:29:31 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 16:29:34 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 16:29:34 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 16:29:34 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 16:29:34 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 16:29:34 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Ping auf Google.de funktioniert nicht aber Ping auf die IP von Google funktioniert.

Morgen kommt dann das Log nach der Zwangstrennung
 
Zuletzt bearbeitet:
Nimm mal das anhängende "erweiterte" Busybox und bring es auf die Box und enpacke es, z.B. als /tmp/busybox_mipsel.
Dann lege in /mod/bin den passenden link an:

Code: 
# auspacken
gzip -d /tmp/busybox_mipsel.gz



ln -s /tmp/busybox_mipsel /mod/bin/traceroute

# oder in Langform für alle zusätzlichen Programme:
for X in $(/tmp/busybox_mipsel | sed  '1,/functions:/d') 
do 
	which ${X%,*} 2>/dev/null  \
	&& echo "${X%,*} gibts schon" \
	|| ln -s /tmp/busybox_mipsel /mod/bin/${X%,*} 
done

dann sollte "traceroute -n 8.8.8.8" auch funktionieren...
 

Anhänge

  • busybox_mipsel.gz
    303.2 KB · Aufrufe: 2
Wenn ich das über rudishell ausführe kommt immer

Code: 
[TABLE="width: 965"]
[TR]
[TD]sh: /tmp/busybox_mipsel: Permission denied[/TD]
[/TR]
[/TABLE]

und was meinst du mit "Dann lege in /mod/bin den passenden link an:"
 
Geht irgendwie trotzdem

hier ist die Traceroute vor der Zwangstrennung

Code: 
root@=:/var/mod/root# traceroute -n 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  5.254.137.1  63.884 ms  65.173 ms  61.874 ms
 2  178.73.212.225  63.552 ms  66.441 ms  66.177 ms
 3  193.110.13.102  65.376 ms  65.404 ms  74.069 ms
 4  216.239.43.122  65.880 ms  63.916 ms  63.704 ms
 5  209.85.254.13  64.622 ms  68.821 ms  209.85.253.180  66.732 ms
 6  209.85.243.136  73.360 ms  71.961 ms  71.901 ms
 7  72.14.233.172  74.410 ms  72.14.233.170  72.260 ms  72.14.233.172  73.284 ms
 8  *  *  *
 9  *  8.8.8.8  74.296 ms  72.783 ms
root@=:/var/mod/root#
 
So nach dem Reconnect, natürlich funktioniert heute alles (Der Vorführeffekt), aber vielleicht sieht man trotzdem etwas, aber das DNS Problem könnte man sich ja mal schon anschauen

Wichtig ich hatte gestern in der Config aber #ns-cert-type server auskommentiert, vielleicht war das schon die Lösung?

Frage: Könnte vielleicht auch noch ein float in der Config helfen, da sich ja immer auf der Gegenseite die IP ändert?

Log:
Code: 
Sat Nov  9 14:29:22 2013 OpenVPN 2.3.2 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Oct 16 2013
Sat Nov  9 14:29:22 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Nov  9 14:29:22 2013 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sat Nov  9 14:29:22 2013 UDPv4 link local: [undef]
Sat Nov  9 14:29:22 2013 UDPv4 link remote: [AF_INET]178.73.212.241:7001
Sat Nov  9 14:29:22 2013 TLS: Initial packet from [AF_INET]178.73.212.241:7001, sid=4fa0f013 c63bbfe2
Sat Nov  9 14:29:22 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Nov  9 14:29:23 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 14:29:23 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 14:29:26 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 14:29:26 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 14:29:26 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 14:29:26 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 14:29:26 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 14:29:26 2013 [server] Peer Connection Initiated with [AF_INET]178.73.212.241:7001
Sat Nov  9 14:29:28 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Nov  9 14:29:28 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route-gateway 5.254.137.1,topology subnet,ping 10,ping-restart 160,ifconfig 5.254.137.8 255.255.255.224'
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: route options modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: route-related options modified
Sat Nov  9 14:29:28 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Nov  9 14:29:28 2013 TUN/TAP device tun0 opened
Sat Nov  9 14:29:28 2013 TUN/TAP TX queue length set to 100
Sat Nov  9 14:29:28 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Nov  9 14:29:28 2013 /sbin/ifconfig tun0 5.254.137.8 netmask 255.255.255.224 mtu 1500 broadcast 5.254.137.31
Sat Nov  9 14:29:28 2013 /sbin/route add -net 178.73.212.241 netmask 255.255.255.255 gw 192.168.10.1
Sat Nov  9 14:29:28 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 5.254.137.1
Sat Nov  9 14:29:28 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 5.254.137.1
Sat Nov  9 14:29:28 2013 Initialization Sequence Completed
Sat Nov  9 15:29:27 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 15:29:27 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 15:29:30 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 15:29:30 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 15:29:30 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 15:29:30 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 15:29:30 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 16:29:26 2013 TLS: tls_process: killed expiring key
Sat Nov  9 16:29:31 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 16:29:31 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 16:29:34 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 16:29:34 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 16:29:34 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 16:29:34 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 16:29:34 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 17:29:31 2013 TLS: tls_process: killed expiring key
Sat Nov  9 17:29:35 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 17:29:35 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 17:29:38 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 17:29:38 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 17:29:38 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 17:29:38 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 17:29:38 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 18:29:35 2013 TLS: tls_process: killed expiring key
Sat Nov  9 18:29:39 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 18:29:39 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 18:29:42 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 18:29:42 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 18:29:42 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 18:29:42 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 18:29:42 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 19:29:38 2013 TLS: tls_process: killed expiring key
Sat Nov  9 19:29:44 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 19:29:44 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 19:29:47 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 19:29:47 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 19:29:47 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 19:29:47 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 19:29:47 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 20:29:43 2013 TLS: tls_process: killed expiring key
Sat Nov  9 20:29:47 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 20:29:47 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 20:29:50 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 20:29:50 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 20:29:50 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 20:29:50 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 20:29:50 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 21:29:47 2013 TLS: tls_process: killed expiring key
Sat Nov  9 21:29:52 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 21:29:52 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 21:29:55 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 21:29:55 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 21:29:55 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 21:29:55 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 21:29:55 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 22:29:51 2013 TLS: tls_process: killed expiring key
Sat Nov  9 22:29:56 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 22:29:56 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 22:29:59 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 22:29:59 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 22:29:59 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 22:29:59 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 22:29:59 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Nov  9 23:29:57 2013 TLS: tls_process: killed expiring key
Sat Nov  9 23:30:00 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sat Nov  9 23:30:00 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sat Nov  9 23:30:03 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 23:30:03 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 23:30:03 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Nov  9 23:30:03 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Nov  9 23:30:03 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 00:30:00 2013 TLS: tls_process: killed expiring key
Sun Nov 10 00:30:04 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 00:30:04 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 00:30:07 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 00:30:07 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 00:30:07 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 00:30:07 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 00:30:07 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 01:30:03 2013 TLS: tls_process: killed expiring key
Sun Nov 10 01:30:07 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 01:30:07 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 01:30:11 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 01:30:11 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 01:30:11 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 01:30:11 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 01:30:11 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 02:30:08 2013 TLS: tls_process: killed expiring key
Sun Nov 10 02:30:12 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 02:30:12 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 02:30:15 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 02:30:15 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 02:30:15 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 02:30:15 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 02:30:15 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 03:30:12 2013 TLS: tls_process: killed expiring key
Sun Nov 10 03:30:16 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 03:30:16 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 03:30:19 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 03:30:19 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 03:30:19 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 03:30:19 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 03:30:19 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 04:30:15 2013 TLS: tls_process: killed expiring key
Sun Nov 10 04:30:24 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 04:30:24 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 04:30:28 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 04:30:28 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 04:30:28 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 04:30:28 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 04:30:28 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 05:30:20 2013 TLS: tls_process: killed expiring key
Sun Nov 10 05:32:44 2013 [server] Inactivity timeout (--ping-restart), restarting
Sun Nov 10 05:32:44 2013 SIGUSR1[soft,ping-restart] received, process restarting
Sun Nov 10 05:32:44 2013 Restart pause, 2 second(s)
Sun Nov 10 05:32:46 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 10 05:32:46 2013 Socket Buffers: R=[110592->131072] S=[110592->131072]
Sun Nov 10 05:32:46 2013 UDPv4 link local: [undef]
Sun Nov 10 05:32:46 2013 UDPv4 link remote: [AF_INET]178.73.212.241:7001
Sun Nov 10 05:32:46 2013 TLS: Initial packet from [AF_INET]178.73.212.241:7001, sid=82980200 30950f9d
Sun Nov 10 05:32:46 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 05:32:46 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 05:32:49 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 05:32:49 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 05:32:49 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 05:32:49 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 05:32:49 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 05:32:49 2013 [server] Peer Connection Initiated with [AF_INET]178.73.212.241:7001
Sun Nov 10 05:32:52 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Nov 10 05:32:52 2013 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route-gateway 5.254.137.1,topology subnet,ping 10,ping-restart 160,ifconfig 5.254.137.6 255.255.255.224'
Sun Nov 10 05:32:52 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 10 05:32:52 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 10 05:32:52 2013 OPTIONS IMPORT: route options modified
Sun Nov 10 05:32:52 2013 OPTIONS IMPORT: route-related options modified
Sun Nov 10 05:32:52 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Nov 10 05:32:52 2013 Preserving previous TUN/TAP instance: tun0
Sun Nov 10 05:32:52 2013 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sun Nov 10 05:32:52 2013 /sbin/route del -net 178.73.212.241 netmask 255.255.255.255
Sun Nov 10 05:32:52 2013 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Nov 10 05:32:52 2013 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Nov 10 05:32:52 2013 Closing TUN/TAP interface
Sun Nov 10 05:32:52 2013 /sbin/ifconfig tun0 0.0.0.0
Sun Nov 10 05:32:53 2013 TUN/TAP device tun0 opened
Sun Nov 10 05:32:53 2013 TUN/TAP TX queue length set to 100
Sun Nov 10 05:32:53 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov 10 05:32:53 2013 /sbin/ifconfig tun0 5.254.137.6 netmask 255.255.255.224 mtu 1500 broadcast 5.254.137.31
Sun Nov 10 05:32:53 2013 /sbin/route add -net 178.73.212.241 netmask 255.255.255.255 gw 192.168.10.1
Sun Nov 10 05:32:53 2013 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 5.254.137.1
Sun Nov 10 05:32:53 2013 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 5.254.137.1
Sun Nov 10 05:32:53 2013 Initialization Sequence Completed
Sun Nov 10 06:32:51 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 06:32:51 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 06:32:54 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 06:32:54 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 06:32:54 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 06:32:54 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 06:32:54 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 07:32:50 2013 TLS: tls_process: killed expiring key
Sun Nov 10 07:32:55 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 07:32:55 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 07:32:59 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 07:32:59 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 07:32:59 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 07:32:59 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 07:32:59 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 08:32:55 2013 TLS: tls_process: killed expiring key
Sun Nov 10 08:32:59 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 08:32:59 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 08:33:02 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 08:33:02 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 08:33:02 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 08:33:02 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 08:33:02 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 09:32:58 2013 TLS: tls_process: killed expiring key
Sun Nov 10 09:33:04 2013 VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, O=Vpntunnel.se, OU=changeme, CN=changeme, name=changeme, [email protected]
Sun Nov 10 09:33:04 2013 VERIFY OK: depth=0, C=SE, ST=Stockholm, L=Stockholm, O=vpntunnel.se, OU=changeme, CN=server, name=changeme, [email protected]
Sun Nov 10 09:33:07 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 09:33:07 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 09:33:07 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 09:33:07 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 09:33:07 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Traceroute
Code: 
root@=:/var/mod/root# traceroute -n 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  5.254.137.1  54.797 ms  56.849 ms  54.361 ms
 2  *  178.73.212.225  57.805 ms  57.808 ms
 3  193.110.13.102  56.866 ms  57.759 ms  58.979 ms
 4  216.239.43.122  88.963 ms  209.85.250.192  79.471 ms  57.792 ms
 5  209.85.254.31  61.939 ms  209.85.254.33  59.330 ms  209.85.254.31  59.371 ms
 6  72.14.233.180  67.209 ms  209.85.243.136  76.756 ms  74.596 ms
 7  72.14.233.170  70.009 ms  67.120 ms  72.14.233.172  66.769 ms
 8  *  *  *
 9  8.8.8.8  67.368 ms  67.848 ms  66.783 ms
root@=:/var/mod/root#

Routing Tabelle

Code: 
root@=:/var/mod/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
178.73.212.241  192.168.10.1    255.255.255.255 UGH   0      0        0 lan
5.254.137.0     *               255.255.255.224 U     0      0        0 tun0
192.168.10.0    *               255.255.255.0   U     0      0        0 lan
169.254.0.0     *               255.255.0.0     U     0      0        0 lan
default         5.254.137.1     128.0.0.0       UG    0      0        0 tun0
128.0.0.0       5.254.137.1     128.0.0.0       UG    0      0        0 tun0
default         192.168.10.1    0.0.0.0         UG    9      0        0 lan
root@=:/var/mod/root#
 
Zuletzt bearbeitet:
DoctorUltra schrieb:
Wichtig ich hatte gestern in der Config aber #ns-cert-type server auskommentiert, vielleicht war das schon die Lösung?
Zum Vergrößern anklicken....
Nee, die Verbindung kommt ja im Log davor (wo es nicht funktioniert hat) weiter normal zustande und der Server hat ein Server-Zertifikat:
DoctorUltra schrieb:
Code: 
...
Fri Nov  8 06:30:53 2013 VERIFY OK: nsCertType=SERVER
...
Sat Nov  9 05:33:31 2013 VERIFY OK: nsCertType=SERVER
...
Zum Vergrößern anklicken....

DoctorUltra schrieb:
Frage: Könnte vielleicht auch noch ein float in der Config helfen, da sich ja immer auf der Gegenseite die IP ändert?[/COLOR]
Zum Vergrößern anklicken....
Nein, die IP der Gegenseite bleibt immer gleich (178.73.212.241)
 
Hast du dir mal die Logs angesehen?
 
Klar, was denkst du, wo ich all die Informationen her habe?
 
Ich meine stimmt da irgendwas wegen den DNS nicht?
 
Nein, das hat ja nichts damit zu tun. Ich werde jetzt nicht in eine Schleife abtauchen, das Thema DNS haben wir komplett abgearbeitet:
DoctorUltra schrieb:
Ok das mit den dns funktioniert.
Zum Vergrößern anklicken....
Lies das gerne selbst nochmal nach (ab #38 ).
 
Um antworten zu können musst du eingeloggt sein.

Zurzeit aktive Besucher

Gesamt: 864 (Mitglieder: 39, Gäste: 825)

Neueste Beiträge

Statistik des Forums

Themen
246,161
Beiträge
2,247,133
Mitglieder
373,685
Neuestes Mitglied
Naido
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.
Ihr E-Mail-Adresse verifizieren

Ihr E-Mail-Adresse verifizieren

Wir haben Ihnen eine E-Mail geschickt. Klicken Sie auf die Schaltfläche im E-Mail-Text, um Ihre E-Mail-Adresse zu verifizieren – (Können Sie diese nicht finden können, dann überprüfen Sie Ihren Spam-Ordner).

IPPF im Überblick

Neueste Beiträge

Direktlinks Telefonanlage

Website-Sponsoren

3CX sponsor
KONTAKTIEREN SIE UNS BEI INTERESSE
| Style by ThemeHouse
XenPorta 2 PRO © Jason Axelrod of 8WAYRUN
Oben Unten
Zurück