Beantwortet: Openvpn v. 2.4x

[abox360]

Hallo,

ich habe das Problem, dass ich mit der aktuellen Openvpn Version 2.4x keine VPN Verbindung mit den PP Servern aufbauen kann.

Das Problem scheint irgendeine IP v.6 Option zu sein.

Ich habe generell für alle meine Schnittstellen auf dem Rechner, Ipv.6 deaktiviert.

Scheinbar versucht er dann laut Log, trotzdem irgendwelche Ip v.6 Routen zu setzen.

Ich habe auch schon die Option

tun-ipv6

in der ovpn Config deaktiviert, allerdings treten die gleichen Fehlermeldungen auf.

Außerdem funktioniert mit Ubuntu 17.10 funktioniert der Openvpn Manger von PP nicht mehr.

Hier mal ein Auszug des Logs:


Sun Nov 12 12:16:02 2017 us=762109 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sun Nov 12 12:16:02 2017 us=762151 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Nov 12 12:16:02 2017 us=762935 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Nov 12 12:16:02 2017 us=762969 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Nov 12 12:16:02 2017 us=762983 LZO compression initializing
Sun Nov 12 12:16:02 2017 us=763104 Control Channel MTU parms [ L:1626 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Sun Nov 12 12:16:02 2017 us=830448 Data Channel MTU parms [ L:1626 D:1300 EF:126 EB:407 ET:0 EL:3 ]
Sun Nov 12 12:16:02 2017 us=830495 Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Sun Nov 12 12:16:02 2017 us=830555 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Sun Nov 12 12:16:02 2017 us=830575 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Sun Nov 12 12:16:02 2017 us=830599 TCP/UDP: Preserving recently used remote address: [AF_INET]85.17.28.145:150
Sun Nov 12 12:16:02 2017 us=830628 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Nov 12 12:16:02 2017 us=830645 UDP link local: (not bound)
Sun Nov 12 12:16:02 2017 us=830660 UDP link remote: [AF_INET]85.17.28.145:150
Sun Nov 12 12:16:02 2017 us=868467 TLS: Initial packet from [AF_INET]85.17.28.145:150, sid=f794cbbb 5287834d
Sun Nov 12 12:16:02 2017 us=868582 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 12 12:16:03 2017 us=9558 PID_ERR replay-window backtrack occurred [2] [TLS_WRAP-0] [00_01] 1510485183:5 1510485183:3 t=1510485363[0] r=[-1,64,15,2,1] sl=[59,5,64,528]
Sun Nov 12 12:16:03 2017 us=10216 VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
Sun Nov 12 12:16:03 2017 us=10774 VERIFY OK: nsCertType=SERVER
Sun Nov 12 12:16:03 2017 us=10795 VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_amsterdam.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
Sun Nov 12 12:16:03 2017 us=273881 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sun Nov 12 12:16:03 2017 us=274021 [Server_amsterdam.perfect-privacy.com] Peer Connection Initiated with [AF_INET]85.17.28.145:150
Sun Nov 12 12:16:04 2017 us=291204 SENT CONTROL [Server_amsterdam.perfect-privacy.com]: 'PUSH_REQUEST' (status=1)
Sun Nov 12 12:16:09 2017 us=328590 SENT CONTROL [Server_amsterdam.perfect-privacy.com]: 'PUSH_REQUEST' (status=1)
Sun Nov 12 12:16:09 2017 us=361231 PUSH: Received control message: 'PUSH_REPLY,topology subnet,redirect-gateway def1,sndbuf 131072,rcvbuf 131072,comp-lzo adaptive,route-gateway 10.3.4.1,redirect-gateway ipv6,route-ipv6 2000::/3,ping 10,ping-restart 60,dhcp-option DNS 95.211.146.77,dhcp-option DNS 31.204.152.232,ifconfig-ipv6 fdbf:1d37:bbe0:0:48:4:0:1240/112 fdbf:1d37:bbe0:0:48:4:0:1,ifconfig 10.3.4.240 255.255.255.0,peer-id 5'
Sun Nov 12 12:16:09 2017 us=361529 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 12 12:16:09 2017 us=361559 OPTIONS IMPORT: compression parms modified
Sun Nov 12 12:16:09 2017 us=361612 LZO compression initializing
Sun Nov 12 12:16:09 2017 us=361655 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Nov 12 12:16:09 2017 us=361685 Socket Buffers: R=[212992->262144] S=[212992->262144]
Sun Nov 12 12:16:09 2017 us=361701 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 12 12:16:09 2017 us=361721 OPTIONS IMPORT: route options modified
Sun Nov 12 12:16:09 2017 us=361742 OPTIONS IMPORT: route-related options modified
Sun Nov 12 12:16:09 2017 us=361761 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Nov 12 12:16:09 2017 us=361778 OPTIONS IMPORT: peer-id set
Sun Nov 12 12:16:09 2017 us=361795 OPTIONS IMPORT: adjusting link_mtu to 1629
Sun Nov 12 12:16:09 2017 us=361835 Data Channel MTU parms [ L:1609 D:1300 EF:109 EB:407 ET:0 EL:3 ]
Sun Nov 12 12:16:09 2017 us=362006 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Nov 12 12:16:09 2017 us=362030 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Nov 12 12:16:09 2017 us=362044 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Nov 12 12:16:09 2017 us=362058 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Nov 12 12:16:09 2017 us=362286 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp8s0 HWADDR=0c:54:a5:2b:44:34
Sun Nov 12 12:16:09 2017 us=362320 GDG6: remote_host_ipv6=n/a
Sun Nov 12 12:16:09 2017 us=362363 GDG6: NLSMG_ERROR: error -101

Sun Nov 12 12:16:09 2017 us=362384 ROUTE6: default_gateway=UNDEF
Sun Nov 12 12:16:09 2017 us=363012 TUN/TAP device tun0 opened
Sun Nov 12 12:16:09 2017 us=363069 TUN/TAP TX queue length set to 100
Sun Nov 12 12:16:09 2017 us=363111 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sun Nov 12 12:16:09 2017 us=363168 /sbin/ip link set dev tun0 up mtu 1500
Sun Nov 12 12:16:09 2017 us=365388 /sbin/ip addr add dev tun0 10.3.4.240/24 broadcast 10.3.4.255
Sun Nov 12 12:16:09 2017 us=367653 /sbin/ip -6 addr add fdbf:1d37:bbe0:0:48:4:0:1240/112 dev tun0
RTNETLINK answers: Permission denied
Sun Nov 12 12:16:09 2017 us=370028 Linux ip -6 addr add failed: external program exited with error status: 2
Sun Nov 12 12:16:09 2017 us=370067 Exiting due to fatal error

 

[PP Frank]

Ich habe generell für alle meine Schnittstellen auf dem Rechner, Ipv.6 deaktiviert.

Aktiviere IPv6, dann sollte das gehen. Es gibt keinen Grund IPv6 zu deaktivieren