Hallo,
ich habe unserem Synology einen statische IP direkt von UnityMedia zugeordnet. Wenn ich die IP prüfe, bin ich tatsächlich damit unterwegs:
Ich habe für einen User OpenVPN Config exportiert, den Server gestartet und den OpenVPN Client heruntergeladen:
Wenn ich verbinden möchte kommt die folgende Fehlermeldung:
===================================================
Thu Nov 15 21:01:32 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 15 21:01:32 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXX.130:1194
Thu Nov 15 21:01:32 2018 UDP link local (bound): [AF_INET][undef]:1194
Thu Nov 15 21:01:32 2018 UDP link remote: [AF_INET]XXXXXXXX.130:1194
Thu Nov 15 21:02:32 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Nov 15 21:02:32 2018 TLS Error: TLS handshake failed
Thu Nov 15 21:02:32 2018 SIGUSR1[soft,tls-error] received, process restarting
Thu Nov 15 21:02:42 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 15 21:02:42 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXX.130:1194
Thu Nov 15 21:02:42 2018 UDP link local (bound): [AF_INET][undef]:1194
Thu Nov 15 21:02:42 2018 UDP link remote: [AF_INET]XXXXXXX.130:1194
Thu Nov 15 21:03:42 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Nov 15 21:03:42 2018 TLS Error: TLS handshake failed
Thu Nov 15 21:03:42 2018 SIGUSR1[soft,tls-error] received, process restarting
=========================================================
Es scheint hier ein Netzwerkproblem zu geben, was ich nicht verstehe, weil
- der Router ist in Exposed Mode, die Fritzbox blockiert hier also nicht mehr
- in dem Synology Firewall ist der OpenVPN spezifische Port zu SRM ist frei!
Wenn ich die IP anpinge, erreiche ich den Host nicht, was an sich OK ist. die Firewall blockiert vermutlich ICMP.
Hat jemand eine Idee, warum die OpenVPN Verbindung nicht aufgebaut werden kann? Username wird noch abgefragt und vermutlich auch akzeptiert danach kommt nur noch die Fehlermeldung.
Hier ist die Config:
=========================================
dev tun
tls-client
remote XXXXXXXXX.130 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
reneg-sec 0
auth SHA512
cipher AES-256-CBC
auth-user-pass
key-direction 1
comp-lzo
explicit-exit-notify
<ca>
-----BEGIN CERTIFICATE-----
MIIDTTCCAragAwIBAgIJAMck8SOLwJLJMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD
VQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkxFjAUBgNV
BAoMDVN5bm9sb2d5IEluYy4xHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
eTEZMBcGA1UEAwwQU3lub2xvZ3kgSW5jLiBDQTEjMCEGCSqGSIb3DQEJARYUcHJv
ZHVjdEBzeW5vbG9neS5jb20wHhcNMTcwMTAxMDAwMTAwWhcNMzYwOTE4MDAwMTAw
WjCBpzELMAkGA1UEBhMCVFcxDzANBgNVBAgMBlRhaXdhbjEPMA0GA1UEBwwGVGFp
cGVpMRYwFAYDVQQKDA1TeW5vbG-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d7389d1dd2994d9cc273d6c54558c6bd
8b35a06fe0663329fb893a32109db29b
403c4da54f896177104fe3403d1c0655
d190558bac9aab5c2c48c79c9b976206
9bf6799dd3b066079921075bb5aff797
-----END OpenVPN Static key V1-----
</tls-auth>
============================
========================================
Vielen Dank.
Gr. I.
ich habe unserem Synology einen statische IP direkt von UnityMedia zugeordnet. Wenn ich die IP prüfe, bin ich tatsächlich damit unterwegs:
Ich habe für einen User OpenVPN Config exportiert, den Server gestartet und den OpenVPN Client heruntergeladen:
Wenn ich verbinden möchte kommt die folgende Fehlermeldung:
===================================================
Thu Nov 15 21:01:32 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 15 21:01:32 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXX.130:1194
Thu Nov 15 21:01:32 2018 UDP link local (bound): [AF_INET][undef]:1194
Thu Nov 15 21:01:32 2018 UDP link remote: [AF_INET]XXXXXXXX.130:1194
Thu Nov 15 21:02:32 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Nov 15 21:02:32 2018 TLS Error: TLS handshake failed
Thu Nov 15 21:02:32 2018 SIGUSR1[soft,tls-error] received, process restarting
Thu Nov 15 21:02:42 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 15 21:02:42 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXX.130:1194
Thu Nov 15 21:02:42 2018 UDP link local (bound): [AF_INET][undef]:1194
Thu Nov 15 21:02:42 2018 UDP link remote: [AF_INET]XXXXXXX.130:1194
Thu Nov 15 21:03:42 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Nov 15 21:03:42 2018 TLS Error: TLS handshake failed
Thu Nov 15 21:03:42 2018 SIGUSR1[soft,tls-error] received, process restarting
=========================================================
Es scheint hier ein Netzwerkproblem zu geben, was ich nicht verstehe, weil
- der Router ist in Exposed Mode, die Fritzbox blockiert hier also nicht mehr
- in dem Synology Firewall ist der OpenVPN spezifische Port zu SRM ist frei!
Wenn ich die IP anpinge, erreiche ich den Host nicht, was an sich OK ist. die Firewall blockiert vermutlich ICMP.
Hat jemand eine Idee, warum die OpenVPN Verbindung nicht aufgebaut werden kann? Username wird noch abgefragt und vermutlich auch akzeptiert danach kommt nur noch die Fehlermeldung.
Hier ist die Config:
=========================================
dev tun
tls-client
remote XXXXXXXXX.130 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
reneg-sec 0
auth SHA512
cipher AES-256-CBC
auth-user-pass
key-direction 1
comp-lzo
explicit-exit-notify
<ca>
-----BEGIN CERTIFICATE-----
MIIDTTCCAragAwIBAgIJAMck8SOLwJLJMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD
VQQGEwJUVzEPMA0GA1UECAwGVGFpd2FuMQ8wDQYDVQQHDAZUYWlwZWkxFjAUBgNV
BAoMDVN5bm9sb2d5IEluYy4xHjAcBgNVBAsMFUNlcnRpZmljYXRlIEF1dGhvcml0
eTEZMBcGA1UEAwwQU3lub2xvZ3kgSW5jLiBDQTEjMCEGCSqGSIb3DQEJARYUcHJv
ZHVjdEBzeW5vbG9neS5jb20wHhcNMTcwMTAxMDAwMTAwWhcNMzYwOTE4MDAwMTAw
WjCBpzELMAkGA1UEBhMCVFcxDzANBgNVBAgMBlRhaXdhbjEPMA0GA1UEBwwGVGFp
cGVpMRYwFAYDVQQKDA1TeW5vbG-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
d7389d1dd2994d9cc273d6c54558c6bd
8b35a06fe0663329fb893a32109db29b
403c4da54f896177104fe3403d1c0655
d190558bac9aab5c2c48c79c9b976206
9bf6799dd3b066079921075bb5aff797
-----END OpenVPN Static key V1-----
</tls-auth>
============================
========================================
Vielen Dank.
Gr. I.