mit pfSense weiterhin keine Verbinung mölich

vpncrow · Feb 11, 2024

Hallo,
ich bekomme PP mit pfsense nach wie vor nicht ans Laufen.

Seit meinem ersten Thread vor 2 Jahren hat sich die Version auf pfSense 2.7.2-RELEASE und die angezeigten Fehler (bzw ich erkenne keinen eindeutigen)

Ich bin der pfSense-Anleitung ( https://www.perfect-privacy.com/de/manuals/router_pfsense_openvpn ) gefolgt und möchte mich auf dem Frankfurt-Server verbinden.
Beim OpenVPN-Status wird "Waiting for response from peer" angezeigt. Local Address und Remote Host "pending". Reboot hatte ich auch schon.
Wäre cool wenn mir jemand helfen kann, so dass ich PP endlich nutzen (und nicht nur bezahlen) kann.

Muss "Server Certificate Key Usage Validation" aktiv oder deaktiv sein?

In den custom Options steht ja
"tls-cipher TLS_CHACHA20_POLY1305_SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS_AES_256_GCM_SHA384:TLS-RSA-WITH-AES-256-CBC-SHA"

dort findet sich aber nicht SHA512, was man weiter oben ausgewählt hat.

Code:

Feb 11 22:34:31     openvpn     20874     MANAGEMENT: Client disconnected
Feb 11 22:34:31     openvpn     20874     MANAGEMENT: CMD 'state 1'
Feb 11 22:34:31     openvpn     20874     MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Feb 11 22:34:26     openvpn     20874     UDPv4 link remote: [AF_INET]178.162.194.30:1194
Feb 11 22:34:26     openvpn     20874     UDPv4 link local (bound): [AF_INET]XXX:0
Feb 11 22:34:26     openvpn     20874     Socket Buffers: R=[42080->42080] S=[57344->57344]
Feb 11 22:34:26     openvpn     20874     TCP/UDP: Preserving recently used remote address: [AF_INET]178.162.194.30:1194
Feb 11 22:34:26     openvpn     20874     Fragmentation MTU parms [ mss_fix:1135 max_frag:1207 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb 11 22:34:26     openvpn     20874     Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb 11 22:34:26     openvpn     20874     Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Feb 11 22:34:26     openvpn     20874     WARNING: if you use --mssfix and --fragment, you should use the "mtu" flag for both or none of of them.
Feb 11 22:34:26     openvpn     20874     Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 11 22:34:26     openvpn     20874     Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 11 22:34:26     openvpn     20874     WARNING: experimental option --capath /var/etc/openvpn/client1/ca
Feb 11 22:34:26     openvpn     20874     No valid translation found for TLS cipher 'TLS_AES_256_GCM_SHA384'
Feb 11 22:34:26     openvpn     20874     No valid translation found for TLS cipher 'TLS_CHACHA20_POLY1305_SHA256'
Feb 11 22:34:26     openvpn     20874     NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 11 22:34:26     openvpn     20874     MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1/sock
Feb 11 22:34:26     openvpn     20543     DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
Feb 11 22:34:26     openvpn     20543     library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
Feb 11 22:34:26     openvpn     20543     OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
Feb 11 22:34:26     openvpn     20543     auth_user_pass_file = '/var/etc/openvpn/client1/up'
Feb 11 22:34:26     openvpn     20543     client = DISABLED
Feb 11 22:34:26     openvpn     20543     vlan_accept = all
Feb 11 22:34:26     openvpn     20543     vlan_tagging = DISABLED
Feb 11 22:34:26     openvpn     20543     port_share_host = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     auth_token_lifetime = 0
Feb 11 22:34:26     openvpn     20543     auth_token_generate = DISABLED
Feb 11 22:34:26     openvpn     20543     auth_user_pass_verify_script = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     max_clients = 1024
Feb 11 22:34:26     openvpn     20543     cf_initial_max = 100
Feb 11 22:34:26     openvpn     20543     cf_per = 0
Feb 11 22:34:26     openvpn     20543     duplicate_cn = DISABLED
Feb 11 22:34:26     openvpn     20543     push_ifconfig_ipv6_remote = ::
Feb 11 22:34:26     openvpn     20543     push_ifconfig_ipv6_local = ::/0
Feb 11 22:34:26     openvpn     20543     push_ifconfig_remote_netmask = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     push_ifconfig_local = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     tmp_dir = '/tmp'
Feb 11 22:34:26     openvpn     20543     client_config_dir = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     client_crresponse_script = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     learn_address_script = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     client_connect_script = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     real_hash_size = 256
Feb 11 22:34:26     openvpn     20543     n_bcast_buf = 256
Feb 11 22:34:26     openvpn     20543     ifconfig_ipv6_pool_netbits = 0
Feb 11 22:34:26     openvpn     20543     ifconfig_ipv6_pool_defined = DISABLED
Feb 11 22:34:26     openvpn     20543     ifconfig_pool_persist_filename = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     ifconfig_pool_netmask = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     ifconfig_pool_start = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     ifconfig_pool_defined = DISABLED
Feb 11 22:34:26     openvpn     20543     server_bridge_pool_start = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     server_bridge_netmask = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     server_bridge_ip = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     server_netbits_ipv6 = 0
Feb 11 22:34:26     openvpn     20543     server_network_ipv6 = ::
Feb 11 22:34:26     openvpn     20543     server_netmask = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     server_network = 0.0.0.0
Feb 11 22:34:26     openvpn     20543     pkcs11_id = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     pkcs11_pin_cache_period = -1
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_cert_private = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_private_mode = 00000000
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26     openvpn     20543     tls_exit = DISABLED
Feb 11 22:34:26     openvpn     20543     single_session = DISABLED
Feb 11 22:34:26     openvpn     20543     handshake_window = 120
Feb 11 22:34:26     openvpn     20543     renegotiate_seconds = 3600
Feb 11 22:34:26     openvpn     20543     renegotiate_bytes = -1
Feb 11 22:34:26     openvpn     20543     remote_cert_eku = 'TLS Web Server Authentication'
Feb 11 22:34:26     openvpn     20543     remote_cert_ku[i] = 0
Feb 11 22:34:26     openvpn     20543     remote_cert_ku[i] = 0
Feb 11 22:34:26     openvpn     20543     remote_cert_ku[i] = 0
Feb 11 22:34:26     openvpn     20543     remote_cert_ku[i] = 0
Feb 11 22:34:26     openvpn     20543     remote_cert_ku[i] = 0
Feb 11 22:34:26     openvpn     20543     remote_cert_ku[i] = 0
Feb 11 22:34:26     openvpn     20543     remote_cert_ku[i] = 0
Feb 11 22:34:26     openvpn     20543     ns_cert_type = 0
Feb 11 22:34:26     openvpn     20543     verify_x509_name = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     verify_x509_type = 0
Feb 11 22:34:26     openvpn     20543     tls_verify = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     extra_certs_file = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     dh_file = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     ca_file = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     tls_client = ENABLED
Feb 11 22:34:26     openvpn     20543     test_crypto = DISABLED
Feb 11 22:34:26     openvpn     20543     replay_time = 15
Feb 11 22:34:26     openvpn     20543     replay_window = 64
Feb 11 22:34:26     openvpn     20543     replay = ENABLED
Feb 11 22:34:26     openvpn     20543     authname = 'SHA512'
Feb 11 22:34:26     openvpn     20543     ncp_ciphers = 'AES-128-GCM:AES-128-CBC'
Feb 11 22:34:26     openvpn     20543     key_direction = 1
Feb 11 22:34:26     openvpn     20543     management_flags = 256
Feb 11 22:34:26     openvpn     20543     management_client_group = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     management_echo_buffer_size = 100
Feb 11 22:34:26     openvpn     20543     management_log_history_cache = 250
Feb 11 22:34:26     openvpn     20543     management_user_pass = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     management_port = 'unix'
Feb 11 22:34:26     openvpn     20543     management_addr = '/var/etc/openvpn/client1/sock'
Feb 11 22:34:26     openvpn     20543     allow_pull_fqdn = DISABLED
Feb 11 22:34:26     openvpn     20543     route_gateway_via_dhcp = DISABLED
Feb 11 22:34:26     openvpn     20543     route_nopull = DISABLED
Feb 11 22:34:26     openvpn     20543     route_delay_defined = DISABLED
Feb 11 22:34:26     openvpn     20543     route_delay_window = 30
Feb 11 22:34:26     openvpn     20543     route_delay = 0
Feb 11 22:34:26     openvpn     20543     route_noexec = DISABLED
Feb 11 22:34:26     openvpn     20543     route_default_metric = 0
Feb 11 22:34:26     openvpn     20543     route_default_gateway = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     route_script = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     comp.flags = 24
Feb 11 22:34:26     openvpn     20543     comp.alg = 0
Feb 11 22:34:26     openvpn     20543     fast_io = DISABLED
Feb 11 22:34:26     openvpn     20543     sockflags = 0
Feb 11 22:34:26     openvpn     20543     sndbuf = 0
Feb 11 22:34:26     openvpn     20543     rcvbuf = 0
Feb 11 22:34:26     openvpn     20543     occ = ENABLED
Feb 11 22:34:26     openvpn     20543     status_file_update_freq = 60
Feb 11 22:34:26     openvpn     20543     status_file_version = 1
Feb 11 22:34:26     openvpn     20543     status_file = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     gremlin = 0
Feb 11 22:34:26     openvpn     20543     mute = 0
Feb 11 22:34:26     openvpn     20543     verbosity = 4
Feb 11 22:34:26     openvpn     20543     nice = 0
Feb 11 22:34:26     openvpn     20543     machine_readable_output = DISABLED
Feb 11 22:34:26     openvpn     20543     suppress_timestamps = DISABLED
Feb 11 22:34:26     openvpn     20543     log = DISABLED
Feb 11 22:34:26     openvpn     20543     daemon = ENABLED
Feb 11 22:34:26     openvpn     20543     up_delay = DISABLED
Feb 11 22:34:26     openvpn     20543     up_restart = DISABLED
Feb 11 22:34:26     openvpn     20543     down_pre = DISABLED
Feb 11 22:34:26     openvpn     20543     down_script = '/usr/local/sbin/ovpn-linkdown'
Feb 11 22:34:26     openvpn     20543     up_script = '/usr/local/sbin/ovpn-linkup'
Feb 11 22:34:26     openvpn     20543     writepid = '/var/run/openvpn_client1.pid'
Feb 11 22:34:26     openvpn     20543     cd_dir = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     chroot_dir = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     groupname = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     username = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     resolve_in_advance = DISABLED
Feb 11 22:34:26     openvpn     20543     resolve_retry_seconds = 60
Feb 11 22:34:26     openvpn     20543     passtos = DISABLED
Feb 11 22:34:26     openvpn     20543     persist_key = ENABLED
Feb 11 22:34:26     openvpn     20543     persist_remote_ip = ENABLED
Feb 11 22:34:26     openvpn     20543     persist_local_ip = DISABLED
Feb 11 22:34:26     openvpn     20543     persist_tun = ENABLED
Feb 11 22:34:26     openvpn     20543     remap_sigusr1 = 0
Feb 11 22:34:26     openvpn     20543     ping_timer_remote = ENABLED
Feb 11 22:34:26     openvpn     20543     ping_rec_timeout_action = 2
Feb 11 22:34:26     openvpn     20543     ping_rec_timeout = 120
Feb 11 22:34:26     openvpn     20543     ping_send_timeout = 5
Feb 11 22:34:26     openvpn     20543     inactivity_minimum_bytes = 0
Feb 11 22:34:26     openvpn     20543     session_timeout = 0
Feb 11 22:34:26     openvpn     20543     inactivity_timeout = 604800
Feb 11 22:34:26     openvpn     20543     keepalive_timeout = 0
Feb 11 22:34:26     openvpn     20543     keepalive_ping = 0
Feb 11 22:34:26     openvpn     20543     mlock = DISABLED
Feb 11 22:34:26     openvpn     20543     mtu_test = 0
Feb 11 22:34:26     openvpn     20543     shaper = 0
Feb 11 22:34:26     openvpn     20543     ifconfig_ipv6_remote = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     ifconfig_ipv6_netbits = 0
Feb 11 22:34:26     openvpn     20543     ifconfig_ipv6_local = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     ifconfig_nowarn = DISABLED
Feb 11 22:34:26     openvpn     20543     ifconfig_noexec = DISABLED
Feb 11 22:34:26     openvpn     20543     ifconfig_remote_netmask = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     ifconfig_local = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     topology = 1
Feb 11 22:34:26     openvpn     20543     lladdr = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     tuntap_options.disable_dco = ENABLED
Feb 11 22:34:26     openvpn     20543     dev_node = '/dev/tun1'
Feb 11 22:34:26     openvpn     20543     dev_type = 'tun'
Feb 11 22:34:26     openvpn     20543     dev = 'ovpnc1'
Feb 11 22:34:26     openvpn     20543     ipchange = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     remote_random = DISABLED
Feb 11 22:34:26     openvpn     20543     Connection profiles END
Feb 11 22:34:26     openvpn     20543     tls_crypt_v2_file = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     tls_crypt_file = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     key_direction = 1
Feb 11 22:34:26     openvpn     20543     tls_auth_file = '[INLINE]'
Feb 11 22:34:26     openvpn     20543     explicit_exit_notification = 0
Feb 11 22:34:26     openvpn     20543     mssfix_fixed = DISABLED
Feb 11 22:34:26     openvpn     20543     mssfix_encap = ENABLED
Feb 11 22:34:26     openvpn     20543     mssfix = 1300
Feb 11 22:34:26     openvpn     20543     fragment = 1300
Feb 11 22:34:26     openvpn     20543     mtu_discover_type = -1
Feb 11 22:34:26     openvpn     20543     tls_mtu = 1250
Feb 11 22:34:26     openvpn     20543     tun_mtu_extra_defined = DISABLED
Feb 11 22:34:26     openvpn     20543     tun_mtu_extra = 0
Feb 11 22:34:26     openvpn     20543     link_mtu_defined = DISABLED
Feb 11 22:34:26     openvpn     20543     link_mtu = 1500
Feb 11 22:34:26     openvpn     20543     tun_mtu_defined = ENABLED
Feb 11 22:34:26     openvpn     20543     tun_mtu = 1500
Feb 11 22:34:26     openvpn     20543     socks_proxy_port = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     socks_proxy_server = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     connect_timeout = 120
Feb 11 22:34:26     openvpn     20543     connect_retry_seconds = 1
Feb 11 22:34:26     openvpn     20543     bind_ipv6_only = DISABLED
Feb 11 22:34:26     openvpn     20543     bind_local = ENABLED
Feb 11 22:34:26     openvpn     20543     bind_defined = DISABLED
Feb 11 22:34:26     openvpn     20543     remote_float = DISABLED
Feb 11 22:34:26     openvpn     20543     remote_port = '1194'
Feb 11 22:34:26     openvpn     20543     remote = '178.162.194.30'
Feb 11 22:34:26     openvpn     20543     local_port = '0'
Feb 11 22:34:26     openvpn     20543     local = 'XXX'
Feb 11 22:34:26     openvpn     20543     proto = udp4
Feb 11 22:34:26     openvpn     20543     Connection profiles [0]:
Feb 11 22:34:26     openvpn     20543     connect_retry_max = 0
Feb 11 22:34:26     openvpn     20543     show_tls_ciphers = DISABLED
Feb 11 22:34:26     openvpn     20543     key_pass_file = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     genkey_filename = '[UNDEF]'
Feb 11 22:34:26     openvpn     20543     genkey = DISABLED
Feb 11 22:34:26     openvpn     20543     show_engines = DISABLED
Feb 11 22:34:26     openvpn     20543     show_digests = DISABLED
Feb 11 22:34:26     openvpn     20543     show_ciphers = DISABLED
Feb 11 22:34:26     openvpn     20543     mode = 0
Feb 11 22:34:26     openvpn     20543     config = '/var/etc/openvpn/client1/config.ovpn'
Feb 11 22:34:26     openvpn     20543     Current Parameter Settings:
Feb 11 22:34:26     openvpn     20543     WARNING: file '/var/etc/openvpn/client1/up' is group or others accessible
Feb 11 22:34:26     openvpn     20543     Note: --data-cipher-fallback with cipher 'AES-128-CBC' disables data channel offload.

Deleted member 13382 · Feb 12, 2024

vpncrow said:
Beim OpenVPN-Status wird "Waiting for response from peer"

Nur mal so aus Neugierde: hattest du mal versucht alle FW-Rules mal zu deaktivieren? Bin zwar kein PFSense-Experte, aber es hört sich so an, als ob die eingehende Antword vom PP-Server blockiert wird. Solltest evtl. auch einen entsprechenden Eintrag in den FW-Logs finden.

vpncrow · Feb 12, 2024

seltsam. ausgehend habe ich keine speziellen regeln. durch die stateful fw wird ja zu einer ausgehenden die passende antwort ebenso durchgelassen.

im FW LOG finde ich kein eintrag zu 178.162.194.30

die Verbindung zu NordVPN läuft seit Jahren stabil und problemlos. ( State "MULTIPLE:MULTIPPLE" )

Mit den log-einträgen zu fragment , mtu / mssfix, No valid translation found for TLS cipher, hat es nix zu tun?

pfTop: Up State 1-2/2 (1982), View: default, Order: bytes
PR DIR SRC DEST STATE AGE EXP PKTS BYTES
udp Out XXX:31512 178.162.194.30:1194 SINGLE:NO_TRAFFIC 00:01:55 00:01:50 10 1280
udp Out XXX:53689 178.162.194.30:1194 SINGLE:NO_TRAFFIC 00:02:47 00:00:18 8 1024

..." SINGLE:NO_TRAFFIC which means it's getting passed in, and the target machine isn't replying or isn't routing its reply correctly. Guessing #2 or 3 here from the description."

mhhh
die SRC IP ist meine WAN IP ( telekom ftth )

vpncrow · Feb 17, 2024

Mit Port 1149 funktionierts.

.. was aber sofort auffällt, bei beiden aktiven verbindungen:
Der ping zu nordvpn ist deutlich besser, ca 21ms, bei PP 40 - 350ms

vpncrow · Apr 5, 2024

das ist schon verflixt. Ich habe die pfsensen nicht angefasst, dennoch geht es schon eine Weile wieder nicht.

(meine WAN IP ist durch 123.123.123.123 ersetzt)

Apr 5 22:34:59 openvpn 88715 MANAGEMENT: Client disconnected
Apr 5 22:34:59 openvpn 88715 MANAGEMENT: CMD 'state 1'
Apr 5 22:34:59 openvpn 88715 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Apr 5 22:34:23 openvpn 88715 MANAGEMENT: Client disconnected
Apr 5 22:34:23 openvpn 88715 MANAGEMENT: CMD 'state 1'
Apr 5 22:34:23 openvpn 88715 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Apr 5 22:34:22 openvpn 88715 MANAGEMENT: Client disconnected
Apr 5 22:34:22 openvpn 88715 MANAGEMENT: CMD 'state 1'
Apr 5 22:34:22 openvpn 88715 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Apr 5 22:34:17 openvpn 88715 UDPv4 link remote: [AF_INET]178.162.194.30:1149
Apr 5 22:34:17 openvpn 88715 UDPv4 link local (bound): [AF_INET]123.123.123.123:0
Apr 5 22:34:17 openvpn 88715 Socket Buffers: R=[42080->42080] S=[57344->57344]
Apr 5 22:34:17 openvpn 88715 TCP/UDP: Preserving recently used remote address: [AF_INET]178.162.194.30:1149
Apr 5 22:34:17 openvpn 88715 WARNING: if you use --mssfix and --fragment, you should use the "mtu" flag for both or none of of them.
Apr 5 22:34:17 openvpn 88715 WARNING: experimental option --capath /var/etc/openvpn/client1/ca
Apr 5 22:34:17 openvpn 88715 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 5 22:34:17 openvpn 88715 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1/sock
Apr 5 22:34:17 openvpn 88394 DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
Apr 5 22:34:17 openvpn 88394 library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
Apr 5 22:34:17 openvpn 88394 OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
Apr 5 22:34:17 openvpn 88394 WARNING: file '/var/etc/openvpn/client1/up' is group or others accessible
Apr 5 22:34:17 openvpn 88394 Note: --data-cipher-fallback with cipher 'AES-128-CBC' disables data channel offload.
Apr 5 22:34:17 openvpn 49671 SIGTERM[hard,] received, process exiting
Apr 5 22:34:17 openvpn 49671 event_wait : Interrupted system call (fd=-1,code=4)
Apr 5 22:34:16 openvpn 49671 MANAGEMENT: Client disconnected
Apr 5 22:34:16 openvpn 49671 MANAGEMENT: CMD 'state 1'
Apr 5 22:34:16 openvpn 49671 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Apr 5 22:33:45 openvpn 49671 MANAGEMENT: Client disconnected
Apr 5 22:33:45 openvpn 49671 MANAGEMENT: CMD 'state 1'
Apr 5 22:33:45 openvpn 49671 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Apr 5 22:33:36 openvpn 49671 UDPv4 link remote: [AF_INET]178.162.194.30:1149
Apr 5 22:33:36 openvpn 49671 UDPv4 link local (bound): [AF_INET]123.123.123.123:0
Apr 5 22:33:36 openvpn 49671 Socket Buffers: R=[42080->42080] S=[57344->57344]
Apr 5 22:33:36 openvpn 49671 TCP/UDP: Preserving recently used remote address: [AF_INET]178.162.194.30:1149
Apr 5 22:33:36 openvpn 49671 TCP/UDP: Preserving recently used remote address: [AF_INET]178.162.194.30:1149
Apr 5 22:33:36 openvpn 49671 WARNING: if you use --mssfix and --fragment, you should use the "mtu" flag for both or none of of them.
Apr 5 22:33:36 openvpn 49671 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 5 22:33:26 openvpn 49671 Restart pause, 10 second(s)
Apr 5 22:33:26 openvpn 49671 SIGUSR1[soft,ping-restart] received, process restarting
Apr 5 22:33:26 openvpn 49671 [UNDEF] Inactivity timeout (--ping-restart), restarting
Apr 5 22:33:08 openvpn 49671 MANAGEMENT: Client disconnected
Apr 5 22:33:08 openvpn 49671 MANAGEMENT: CMD 'state 1'
Apr 5 22:33:08 openvpn 49671 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock

mit pfSense weiterhin keine Verbinung mölich

vpncrow

New Member

Deleted member 13382

vpncrow

New Member

vpncrow

New Member

vpncrow

New Member