OpenVPN Konfigurationsdatei für Router AES-128

mxq

New Member
Hallo,
ich habe mir die ovpn Files für Router geladen (UDP als Gruppe mit AES-128-CBC). Auf meinem Router (openWRT 15.05, openvpn 2.3.6) habe ich mit einer dieser Dateien einen Tunnel Aufgebaut und es scheint zunächst alles zu funktionieren, es kommt sogar noch "Initialization Sequence Completed". Dann kommt allerdings die Meldung: "Authenticate/Decrypt packet error: cipher final failed".

Hier mal die Terminal Ausgabe des Verbindungsaufbaues:

Code:
root@turris:/etc/openvpn# openvpn Amsterdam128.ovpn
Tue Mar 28 21:12:23 2017 Unrecognized option or missing parameter(s) in Amsterdam128.ovpn:7: ncp-disable (2.3.6)
Tue Mar 28 21:12:23 2017 us=743912 OpenVPN 2.3.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct  5 2016
Tue Mar 28 21:12:23 2017 us=744001 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Tue Mar 28 21:12:23 2017 us=745761 Control Channel Authentication: tls-auth using INLINE static key file
Tue Mar 28 21:12:23 2017 us=745853 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Mar 28 21:12:23 2017 us=745934 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Mar 28 21:12:23 2017 us=745996 LZO compression initialized
Tue Mar 28 21:12:23 2017 us=746197 Control Channel MTU parms [ L:1606 D:210 EF:110 EB:0 ET:0 EL:0 ]
Tue Mar 28 21:12:23 2017 us=746406 Socket Buffers: R=[163840->131072] S=[163840->131072]
Tue Mar 28 21:12:23 2017 us=766929 Data Channel MTU parms [ L:1606 D:1450 EF:106 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 28 21:12:23 2017 us=767018 Fragmentation MTU parms [ L:1606 D:1300 EF:105 EB:135 ET:1 EL:0 AF:3/1 ]
Tue Mar 28 21:12:23 2017 us=767080 UDPv4 link local: [undef]
Tue Mar 28 21:12:23 2017 us=767171 UDPv4 link remote: [AF_INET]5.79.71.195:1149
Tue Mar 28 21:12:23 2017 us=786421 TLS: Initial packet from [AF_INET]5.79.71.195:1149, sid=17a0138c 997241c8
Tue Mar 28 21:12:23 2017 us=786641 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 28 21:12:23 2017 us=898590 VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
Tue Mar 28 21:12:23 2017 us=902551 VERIFY OK: nsCertType=SERVER
Tue Mar 28 21:12:23 2017 us=902618 VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_amsterdam.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
Tue Mar 28 21:12:26 2017 us=104592 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Mar 28 21:12:26 2017 us=104720 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Mar 28 21:12:26 2017 us=104785 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Mar 28 21:12:26 2017 us=104856 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Mar 28 21:12:26 2017 us=104974 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Tue Mar 28 21:12:26 2017 us=105057 [Server_amsterdam.perfect-privacy.com] Peer Connection Initiated with [AF_INET]5.79.71.195:1149
Tue Mar 28 21:12:28 2017 us=463605 SENT CONTROL [Server_amsterdam.perfect-privacy.com]: 'PUSH_REQUEST' (status=1)
Tue Mar 28 21:12:28 2017 us=482615 PUSH: Received control message: 'PUSH_REPLY,topology subnet,redirect-gateway def1,sndbuf 131072,rcvbuf 131072,comp-lzo adaptive,route-gateway 10.0.48.1,redirect-gateway ipv6,route-ipv6 2000::/3,ping 10,ping-restart 60,dhcp-option DNS 37.48.65.178,dhcp-option DNS 31.204.153.87,ifconfig-ipv6 fdbf:1d37:bbe0:0:3::137/112 fdbf:1d37:bbe0:0:3::1,ifconfig 10.0.48.37 255.255.255.0,peer-id 18'
Tue Mar 28 21:12:28 2017 us=482748 Options error: unknown --redirect-gateway flag: ipv6
Tue Mar 28 21:12:28 2017 us=482884 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 28 21:12:28 2017 us=482930 OPTIONS IMPORT: LZO parms modified
Tue Mar 28 21:12:28 2017 us=482966 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Mar 28 21:12:28 2017 us=483010 Socket Buffers: R=[131072->262144] S=[131072->262144]
Tue Mar 28 21:12:28 2017 us=483045 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 28 21:12:28 2017 us=483079 OPTIONS IMPORT: route options modified
Tue Mar 28 21:12:28 2017 us=483114 OPTIONS IMPORT: route-related options modified
Tue Mar 28 21:12:28 2017 us=483147 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 28 21:12:28 2017 us=483181 OPTIONS IMPORT: peer-id set
Tue Mar 28 21:12:28 2017 us=483874 TUN/TAP device tun0 opened
Tue Mar 28 21:12:28 2017 us=483954 TUN/TAP TX queue length set to 100
Tue Mar 28 21:12:28 2017 us=484006 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=1
Tue Mar 28 21:12:28 2017 us=484077 /sbin/ifconfig tun0 10.0.48.37 netmask 255.255.255.0 mtu 1500 broadcast 10.0.48.255
Tue Mar 28 21:12:30 2017 us=673399 /sbin/route add -net 5.79.71.195 netmask 255.255.255.255 gw 62.155.241.168
Tue Mar 28 21:12:30 2017 us=675193 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.0.48.1
Tue Mar 28 21:12:30 2017 us=676781 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.0.48.1
Tue Mar 28 21:12:30 2017 us=678290 add_route_ipv6(): not adding 2000::/3, no IPv6 on if tun0
Tue Mar 28 21:12:30 2017 us=678372 Initialization Sequence Completed
Tue Mar 28 21:12:37 2017 us=968465 Authenticate/Decrypt packet error: cipher final failed
Tue Mar 28 21:12:47 2017 us=986490 Authenticate/Decrypt packet error: cipher final failed
 

PP Frank

Staff member
Versuch mal die Legacy Config aus dem Mitgliedsbereich.... Das was ich bei google bei dem Fehler finden konnte, half mir jetzt nicht, denn die cipher Zeile ist ja im Config und wird nicht gepushed bei uns.....
 

privacy

Junior Member
Teste mal das was PPmen geschrieben hatt (asus wrt Merlin thread)

Die 2 Zeilen unter Advanced config kopieren

pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
 

mxq

New Member
@PP Frank , mit den Legacy Confs bekomme ich den selben Fehler.

@privacy, ich habe Open VPN 2.3.6 im Einsatz, PPmen 2.4.
Was genau meinst du mit "Advanced config kopieren", in welche Advanced config?
 
Top