Hallo,
ich bekomme PP mit pfsense nach wie vor nicht ans Laufen.
Seit meinem ersten Thread vor 2 Jahren hat sich die Version auf pfSense 2.7.2-RELEASE und die angezeigten Fehler (bzw ich erkenne keinen eindeutigen)
Ich bin der pfSense-Anleitung ( https://www.perfect-privacy.com/de/manuals/router_pfsense_openvpn ) gefolgt und möchte mich auf dem Frankfurt-Server verbinden.
Beim OpenVPN-Status wird "Waiting for response from peer" angezeigt. Local Address und Remote Host "pending". Reboot hatte ich auch schon.
Wäre cool wenn mir jemand helfen kann, so dass ich PP endlich nutzen (und nicht nur bezahlen) kann.
Muss "Server Certificate Key Usage Validation" aktiv oder deaktiv sein?
In den custom Options steht ja
"tls-cipher TLS_CHACHA20_POLY1305_SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS_AES_256_GCM_SHA384:TLS-RSA-WITH-AES-256-CBC-SHA"
dort findet sich aber nicht SHA512, was man weiter oben ausgewählt hat.
ich bekomme PP mit pfsense nach wie vor nicht ans Laufen.
Seit meinem ersten Thread vor 2 Jahren hat sich die Version auf pfSense 2.7.2-RELEASE und die angezeigten Fehler (bzw ich erkenne keinen eindeutigen)
Ich bin der pfSense-Anleitung ( https://www.perfect-privacy.com/de/manuals/router_pfsense_openvpn ) gefolgt und möchte mich auf dem Frankfurt-Server verbinden.
Beim OpenVPN-Status wird "Waiting for response from peer" angezeigt. Local Address und Remote Host "pending". Reboot hatte ich auch schon.
Wäre cool wenn mir jemand helfen kann, so dass ich PP endlich nutzen (und nicht nur bezahlen) kann.
Muss "Server Certificate Key Usage Validation" aktiv oder deaktiv sein?
In den custom Options steht ja
"tls-cipher TLS_CHACHA20_POLY1305_SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS_AES_256_GCM_SHA384:TLS-RSA-WITH-AES-256-CBC-SHA"
dort findet sich aber nicht SHA512, was man weiter oben ausgewählt hat.
Code:
Feb 11 22:34:31 openvpn 20874 MANAGEMENT: Client disconnected
Feb 11 22:34:31 openvpn 20874 MANAGEMENT: CMD 'state 1'
Feb 11 22:34:31 openvpn 20874 MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Feb 11 22:34:26 openvpn 20874 UDPv4 link remote: [AF_INET]178.162.194.30:1194
Feb 11 22:34:26 openvpn 20874 UDPv4 link local (bound): [AF_INET]XXX:0
Feb 11 22:34:26 openvpn 20874 Socket Buffers: R=[42080->42080] S=[57344->57344]
Feb 11 22:34:26 openvpn 20874 TCP/UDP: Preserving recently used remote address: [AF_INET]178.162.194.30:1194
Feb 11 22:34:26 openvpn 20874 Fragmentation MTU parms [ mss_fix:1135 max_frag:1207 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb 11 22:34:26 openvpn 20874 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Feb 11 22:34:26 openvpn 20874 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Feb 11 22:34:26 openvpn 20874 WARNING: if you use --mssfix and --fragment, you should use the "mtu" flag for both or none of of them.
Feb 11 22:34:26 openvpn 20874 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 11 22:34:26 openvpn 20874 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Feb 11 22:34:26 openvpn 20874 WARNING: experimental option --capath /var/etc/openvpn/client1/ca
Feb 11 22:34:26 openvpn 20874 No valid translation found for TLS cipher 'TLS_AES_256_GCM_SHA384'
Feb 11 22:34:26 openvpn 20874 No valid translation found for TLS cipher 'TLS_CHACHA20_POLY1305_SHA256'
Feb 11 22:34:26 openvpn 20874 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 11 22:34:26 openvpn 20874 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1/sock
Feb 11 22:34:26 openvpn 20543 DCO version: FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
Feb 11 22:34:26 openvpn 20543 library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
Feb 11 22:34:26 openvpn 20543 OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO]
Feb 11 22:34:26 openvpn 20543 auth_user_pass_file = '/var/etc/openvpn/client1/up'
Feb 11 22:34:26 openvpn 20543 client = DISABLED
Feb 11 22:34:26 openvpn 20543 vlan_accept = all
Feb 11 22:34:26 openvpn 20543 vlan_tagging = DISABLED
Feb 11 22:34:26 openvpn 20543 port_share_host = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 auth_token_lifetime = 0
Feb 11 22:34:26 openvpn 20543 auth_token_generate = DISABLED
Feb 11 22:34:26 openvpn 20543 auth_user_pass_verify_script = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 max_clients = 1024
Feb 11 22:34:26 openvpn 20543 cf_initial_max = 100
Feb 11 22:34:26 openvpn 20543 cf_per = 0
Feb 11 22:34:26 openvpn 20543 duplicate_cn = DISABLED
Feb 11 22:34:26 openvpn 20543 push_ifconfig_ipv6_remote = ::
Feb 11 22:34:26 openvpn 20543 push_ifconfig_ipv6_local = ::/0
Feb 11 22:34:26 openvpn 20543 push_ifconfig_remote_netmask = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 push_ifconfig_local = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 tmp_dir = '/tmp'
Feb 11 22:34:26 openvpn 20543 client_config_dir = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 client_crresponse_script = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 learn_address_script = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 client_connect_script = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 real_hash_size = 256
Feb 11 22:34:26 openvpn 20543 n_bcast_buf = 256
Feb 11 22:34:26 openvpn 20543 ifconfig_ipv6_pool_netbits = 0
Feb 11 22:34:26 openvpn 20543 ifconfig_ipv6_pool_defined = DISABLED
Feb 11 22:34:26 openvpn 20543 ifconfig_pool_persist_filename = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 ifconfig_pool_netmask = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 ifconfig_pool_start = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 ifconfig_pool_defined = DISABLED
Feb 11 22:34:26 openvpn 20543 server_bridge_pool_start = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 server_bridge_netmask = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 server_bridge_ip = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 server_netbits_ipv6 = 0
Feb 11 22:34:26 openvpn 20543 server_network_ipv6 = ::
Feb 11 22:34:26 openvpn 20543 server_netmask = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 server_network = 0.0.0.0
Feb 11 22:34:26 openvpn 20543 pkcs11_id = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 pkcs11_pin_cache_period = -1
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_cert_private = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_private_mode = 00000000
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 pkcs11_protected_authentication = DISABLED
Feb 11 22:34:26 openvpn 20543 tls_exit = DISABLED
Feb 11 22:34:26 openvpn 20543 single_session = DISABLED
Feb 11 22:34:26 openvpn 20543 handshake_window = 120
Feb 11 22:34:26 openvpn 20543 renegotiate_seconds = 3600
Feb 11 22:34:26 openvpn 20543 renegotiate_bytes = -1
Feb 11 22:34:26 openvpn 20543 remote_cert_eku = 'TLS Web Server Authentication'
Feb 11 22:34:26 openvpn 20543 remote_cert_ku[i] = 0
Feb 11 22:34:26 openvpn 20543 remote_cert_ku[i] = 0
Feb 11 22:34:26 openvpn 20543 remote_cert_ku[i] = 0
Feb 11 22:34:26 openvpn 20543 remote_cert_ku[i] = 0
Feb 11 22:34:26 openvpn 20543 remote_cert_ku[i] = 0
Feb 11 22:34:26 openvpn 20543 remote_cert_ku[i] = 0
Feb 11 22:34:26 openvpn 20543 remote_cert_ku[i] = 0
Feb 11 22:34:26 openvpn 20543 ns_cert_type = 0
Feb 11 22:34:26 openvpn 20543 verify_x509_name = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 verify_x509_type = 0
Feb 11 22:34:26 openvpn 20543 tls_verify = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 extra_certs_file = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 dh_file = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 ca_file = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 tls_client = ENABLED
Feb 11 22:34:26 openvpn 20543 test_crypto = DISABLED
Feb 11 22:34:26 openvpn 20543 replay_time = 15
Feb 11 22:34:26 openvpn 20543 replay_window = 64
Feb 11 22:34:26 openvpn 20543 replay = ENABLED
Feb 11 22:34:26 openvpn 20543 authname = 'SHA512'
Feb 11 22:34:26 openvpn 20543 ncp_ciphers = 'AES-128-GCM:AES-128-CBC'
Feb 11 22:34:26 openvpn 20543 key_direction = 1
Feb 11 22:34:26 openvpn 20543 management_flags = 256
Feb 11 22:34:26 openvpn 20543 management_client_group = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 management_echo_buffer_size = 100
Feb 11 22:34:26 openvpn 20543 management_log_history_cache = 250
Feb 11 22:34:26 openvpn 20543 management_user_pass = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 management_port = 'unix'
Feb 11 22:34:26 openvpn 20543 management_addr = '/var/etc/openvpn/client1/sock'
Feb 11 22:34:26 openvpn 20543 allow_pull_fqdn = DISABLED
Feb 11 22:34:26 openvpn 20543 route_gateway_via_dhcp = DISABLED
Feb 11 22:34:26 openvpn 20543 route_nopull = DISABLED
Feb 11 22:34:26 openvpn 20543 route_delay_defined = DISABLED
Feb 11 22:34:26 openvpn 20543 route_delay_window = 30
Feb 11 22:34:26 openvpn 20543 route_delay = 0
Feb 11 22:34:26 openvpn 20543 route_noexec = DISABLED
Feb 11 22:34:26 openvpn 20543 route_default_metric = 0
Feb 11 22:34:26 openvpn 20543 route_default_gateway = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 route_script = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 comp.flags = 24
Feb 11 22:34:26 openvpn 20543 comp.alg = 0
Feb 11 22:34:26 openvpn 20543 fast_io = DISABLED
Feb 11 22:34:26 openvpn 20543 sockflags = 0
Feb 11 22:34:26 openvpn 20543 sndbuf = 0
Feb 11 22:34:26 openvpn 20543 rcvbuf = 0
Feb 11 22:34:26 openvpn 20543 occ = ENABLED
Feb 11 22:34:26 openvpn 20543 status_file_update_freq = 60
Feb 11 22:34:26 openvpn 20543 status_file_version = 1
Feb 11 22:34:26 openvpn 20543 status_file = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 gremlin = 0
Feb 11 22:34:26 openvpn 20543 mute = 0
Feb 11 22:34:26 openvpn 20543 verbosity = 4
Feb 11 22:34:26 openvpn 20543 nice = 0
Feb 11 22:34:26 openvpn 20543 machine_readable_output = DISABLED
Feb 11 22:34:26 openvpn 20543 suppress_timestamps = DISABLED
Feb 11 22:34:26 openvpn 20543 log = DISABLED
Feb 11 22:34:26 openvpn 20543 daemon = ENABLED
Feb 11 22:34:26 openvpn 20543 up_delay = DISABLED
Feb 11 22:34:26 openvpn 20543 up_restart = DISABLED
Feb 11 22:34:26 openvpn 20543 down_pre = DISABLED
Feb 11 22:34:26 openvpn 20543 down_script = '/usr/local/sbin/ovpn-linkdown'
Feb 11 22:34:26 openvpn 20543 up_script = '/usr/local/sbin/ovpn-linkup'
Feb 11 22:34:26 openvpn 20543 writepid = '/var/run/openvpn_client1.pid'
Feb 11 22:34:26 openvpn 20543 cd_dir = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 chroot_dir = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 groupname = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 username = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 resolve_in_advance = DISABLED
Feb 11 22:34:26 openvpn 20543 resolve_retry_seconds = 60
Feb 11 22:34:26 openvpn 20543 passtos = DISABLED
Feb 11 22:34:26 openvpn 20543 persist_key = ENABLED
Feb 11 22:34:26 openvpn 20543 persist_remote_ip = ENABLED
Feb 11 22:34:26 openvpn 20543 persist_local_ip = DISABLED
Feb 11 22:34:26 openvpn 20543 persist_tun = ENABLED
Feb 11 22:34:26 openvpn 20543 remap_sigusr1 = 0
Feb 11 22:34:26 openvpn 20543 ping_timer_remote = ENABLED
Feb 11 22:34:26 openvpn 20543 ping_rec_timeout_action = 2
Feb 11 22:34:26 openvpn 20543 ping_rec_timeout = 120
Feb 11 22:34:26 openvpn 20543 ping_send_timeout = 5
Feb 11 22:34:26 openvpn 20543 inactivity_minimum_bytes = 0
Feb 11 22:34:26 openvpn 20543 session_timeout = 0
Feb 11 22:34:26 openvpn 20543 inactivity_timeout = 604800
Feb 11 22:34:26 openvpn 20543 keepalive_timeout = 0
Feb 11 22:34:26 openvpn 20543 keepalive_ping = 0
Feb 11 22:34:26 openvpn 20543 mlock = DISABLED
Feb 11 22:34:26 openvpn 20543 mtu_test = 0
Feb 11 22:34:26 openvpn 20543 shaper = 0
Feb 11 22:34:26 openvpn 20543 ifconfig_ipv6_remote = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 ifconfig_ipv6_netbits = 0
Feb 11 22:34:26 openvpn 20543 ifconfig_ipv6_local = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 ifconfig_nowarn = DISABLED
Feb 11 22:34:26 openvpn 20543 ifconfig_noexec = DISABLED
Feb 11 22:34:26 openvpn 20543 ifconfig_remote_netmask = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 ifconfig_local = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 topology = 1
Feb 11 22:34:26 openvpn 20543 lladdr = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 tuntap_options.disable_dco = ENABLED
Feb 11 22:34:26 openvpn 20543 dev_node = '/dev/tun1'
Feb 11 22:34:26 openvpn 20543 dev_type = 'tun'
Feb 11 22:34:26 openvpn 20543 dev = 'ovpnc1'
Feb 11 22:34:26 openvpn 20543 ipchange = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 remote_random = DISABLED
Feb 11 22:34:26 openvpn 20543 Connection profiles END
Feb 11 22:34:26 openvpn 20543 tls_crypt_v2_file = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 tls_crypt_file = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 key_direction = 1
Feb 11 22:34:26 openvpn 20543 tls_auth_file = '[INLINE]'
Feb 11 22:34:26 openvpn 20543 explicit_exit_notification = 0
Feb 11 22:34:26 openvpn 20543 mssfix_fixed = DISABLED
Feb 11 22:34:26 openvpn 20543 mssfix_encap = ENABLED
Feb 11 22:34:26 openvpn 20543 mssfix = 1300
Feb 11 22:34:26 openvpn 20543 fragment = 1300
Feb 11 22:34:26 openvpn 20543 mtu_discover_type = -1
Feb 11 22:34:26 openvpn 20543 tls_mtu = 1250
Feb 11 22:34:26 openvpn 20543 tun_mtu_extra_defined = DISABLED
Feb 11 22:34:26 openvpn 20543 tun_mtu_extra = 0
Feb 11 22:34:26 openvpn 20543 link_mtu_defined = DISABLED
Feb 11 22:34:26 openvpn 20543 link_mtu = 1500
Feb 11 22:34:26 openvpn 20543 tun_mtu_defined = ENABLED
Feb 11 22:34:26 openvpn 20543 tun_mtu = 1500
Feb 11 22:34:26 openvpn 20543 socks_proxy_port = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 socks_proxy_server = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 connect_timeout = 120
Feb 11 22:34:26 openvpn 20543 connect_retry_seconds = 1
Feb 11 22:34:26 openvpn 20543 bind_ipv6_only = DISABLED
Feb 11 22:34:26 openvpn 20543 bind_local = ENABLED
Feb 11 22:34:26 openvpn 20543 bind_defined = DISABLED
Feb 11 22:34:26 openvpn 20543 remote_float = DISABLED
Feb 11 22:34:26 openvpn 20543 remote_port = '1194'
Feb 11 22:34:26 openvpn 20543 remote = '178.162.194.30'
Feb 11 22:34:26 openvpn 20543 local_port = '0'
Feb 11 22:34:26 openvpn 20543 local = 'XXX'
Feb 11 22:34:26 openvpn 20543 proto = udp4
Feb 11 22:34:26 openvpn 20543 Connection profiles [0]:
Feb 11 22:34:26 openvpn 20543 connect_retry_max = 0
Feb 11 22:34:26 openvpn 20543 show_tls_ciphers = DISABLED
Feb 11 22:34:26 openvpn 20543 key_pass_file = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 genkey_filename = '[UNDEF]'
Feb 11 22:34:26 openvpn 20543 genkey = DISABLED
Feb 11 22:34:26 openvpn 20543 show_engines = DISABLED
Feb 11 22:34:26 openvpn 20543 show_digests = DISABLED
Feb 11 22:34:26 openvpn 20543 show_ciphers = DISABLED
Feb 11 22:34:26 openvpn 20543 mode = 0
Feb 11 22:34:26 openvpn 20543 config = '/var/etc/openvpn/client1/config.ovpn'
Feb 11 22:34:26 openvpn 20543 Current Parameter Settings:
Feb 11 22:34:26 openvpn 20543 WARNING: file '/var/etc/openvpn/client1/up' is group or others accessible
Feb 11 22:34:26 openvpn 20543 Note: --data-cipher-fallback with cipher 'AES-128-CBC' disables data channel offload.