Im Dez 2014 haben wir neue Zertifikate auf der Synology selbst erstellt. Alles funktionierte.
Jetzt geht es wieder nicht mehr. TLS handshake failed.
Lokal ist eine Verbindung möglich. ABER Bei erfolgreicher lokaler VPN Verbindung ist keine Internetverbindung mehr möglich.
Per Router Fritzbox 7490 und weitergeleitetem UDP Port 1194 nicht .
Hat jemand eine Idee?
Welche Konfigprobleme kann man auf Grund der erfolgreichen lokalen Verbindung ausschliessen?
Gibt es Tools mit denen ich die Port online checken kann?
Config:
dev tun
tls-client
remote 87.192.xxx 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
Fail log:
Sun Feb 22 19:25:51 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov 7 2014
Sun Feb 22 19:25:51 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Sun Feb 22 19:25:58 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 22 19:25:58 2015 UDPv4 link local (bound): [undef]
Sun Feb 22 19:25:58 2015 UDPv4 link remote: [AF_INET]87.192.xxx:1194
Sun Feb 22 19:26:58 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Feb 22 19:26:58 2015 TLS Error: TLS handshake failed
Sun Feb 22 19:26:58 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 22 19:27:00 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 22 19:27:00 2015 UDPv4 link local (bound): [undef]
Sun Feb 22 19:27:00 2015 UDPv4 link remote: [AF_INET]87.192.xxx:1194
Successful log:
Sun Feb 22 19:30:26 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov 7 2014
Sun Feb 22 19:30:26 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Sun Feb 22 19:30:34 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 22 19:30:34 2015 UDPv4 link local (bound): [undef]
Sun Feb 22 19:30:34 2015 UDPv4 link remote: [AF_INET]192.168.178.12:1194
Sun Feb 22 19:30:34 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Feb 22 19:30:34 2015 [abxxxb.de] Peer Connection Initiated with [AF_INET]192.168.xxx.12:1194
Sun Feb 22 19:30:37 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Feb 22 19:30:37 2015 open_tun, tt->ipv6=0
Sun Feb 22 19:30:37 2015 TAP-WIN32 device [LAN-Verbindung 4] opened: \\.\Global\{3FC181DB-DBDF-4862-841B-FE9F01827287}.tap
Sun Feb 22 19:30:37 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.24.6/255.255.255.252 on interface {3FC181DB-DBDF-4862-841B-FE9F01827287} [DHCP-serv: 10.8.24.5, lease-time: 31536000]
Sun Feb 22 19:30:37 2015 Successful ARP Flush on interface [17] {3FC181DB-DBDF-4862-841B-FE9F01827287}
Sun Feb 22 19:30:42 2015 Initialization Sequence Completed
Jetzt geht es wieder nicht mehr. TLS handshake failed.
Lokal ist eine Verbindung möglich. ABER Bei erfolgreicher lokaler VPN Verbindung ist keine Internetverbindung mehr möglich.
Per Router Fritzbox 7490 und weitergeleitetem UDP Port 1194 nicht .
Hat jemand eine Idee?
Welche Konfigprobleme kann man auf Grund der erfolgreichen lokalen Verbindung ausschliessen?
Gibt es Tools mit denen ich die Port online checken kann?
Config:
dev tun
tls-client
remote 87.192.xxx 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
Fail log:
Sun Feb 22 19:25:51 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov 7 2014
Sun Feb 22 19:25:51 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Sun Feb 22 19:25:58 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 22 19:25:58 2015 UDPv4 link local (bound): [undef]
Sun Feb 22 19:25:58 2015 UDPv4 link remote: [AF_INET]87.192.xxx:1194
Sun Feb 22 19:26:58 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Feb 22 19:26:58 2015 TLS Error: TLS handshake failed
Sun Feb 22 19:26:58 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Feb 22 19:27:00 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 22 19:27:00 2015 UDPv4 link local (bound): [undef]
Sun Feb 22 19:27:00 2015 UDPv4 link remote: [AF_INET]87.192.xxx:1194
Successful log:
Sun Feb 22 19:30:26 2015 OpenVPN 2.3.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Nov 7 2014
Sun Feb 22 19:30:26 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.05
Sun Feb 22 19:30:34 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Feb 22 19:30:34 2015 UDPv4 link local (bound): [undef]
Sun Feb 22 19:30:34 2015 UDPv4 link remote: [AF_INET]192.168.178.12:1194
Sun Feb 22 19:30:34 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Feb 22 19:30:34 2015 [abxxxb.de] Peer Connection Initiated with [AF_INET]192.168.xxx.12:1194
Sun Feb 22 19:30:37 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Feb 22 19:30:37 2015 open_tun, tt->ipv6=0
Sun Feb 22 19:30:37 2015 TAP-WIN32 device [LAN-Verbindung 4] opened: \\.\Global\{3FC181DB-DBDF-4862-841B-FE9F01827287}.tap
Sun Feb 22 19:30:37 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.24.6/255.255.255.252 on interface {3FC181DB-DBDF-4862-841B-FE9F01827287} [DHCP-serv: 10.8.24.5, lease-time: 31536000]
Sun Feb 22 19:30:37 2015 Successful ARP Flush on interface [17] {3FC181DB-DBDF-4862-841B-FE9F01827287}
Sun Feb 22 19:30:42 2015 Initialization Sequence Completed