|
18505 | Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K) | 13/08/2015 | Anomalie | Serveur VPN | Nouveau | "Bad local IP" en tentant de connecter deux Freebox Ser... |
Description de la tâche
Bonjour,
Je tente de raccorder deux freebox server (une Révolution et un Mini, j’utiliserai ces noms pour distinguer le server et le client OpenVPN) dans l’optique de fusionner les deux LAN sur le même subnet (192.168.0.*) en utilisant OpenVPN en mode Bridge.
Je configure donc le Mini en tant que server, créé un utilisateur spécifique pour cette connexion et charge le fichier de configuration généré par le Mini dans le client VPN de la Révolution. Première erreur : il faut commenter la ligne dev-type tap qui empêche au client de la Révolution de charger le fichier le configuration (et aussi tls-remote qui n’est plus nécessaire et génère un warning dans les logs).
Une fois le fichier de configuration corrigé et chargé, toute tentative de connection retourne une erreur Bad local IP dont ne je n’ai pu trouver aucune référence sur le net (autre qu’une erreur de pppd). Le log indique aussi que le client tente la requête avec dev-type tun (puisque je l’ai commenté dans le fichier de config).
Log complet :
2015-08-13 14:26:18 l2 state change ‘l2_down’ ⇒ ‘l2_down’ 2015-08-13 14:26:18 l3 state change ‘l3_down’ ⇒ ‘l3_down’ 2015-08-13 14:26:18 state change ‘down’ ⇒ ‘down’ 2015-08-13 14:26:18 enabling connection 2015-08-13 14:26:18 state change ‘down’ ⇒ ‘wait_l2_up’ 2015-08-13 14:26:18 l2 state change ‘l2_down’ ⇒ ‘l2_up’ 2015-08-13 14:26:18 state change ‘wait_l2_up’ ⇒ ‘l2_up’ 2015-08-13 14:26:18 state change ‘l2_up’ ⇒ ‘wait_l3_up’ 2015-08-13 14:26:18 l3 state change ‘l3_down’ ⇒ ‘l3_start’ 2015-08-13 14:26:18 starting 2015-08-13 14:26:18 calling helper script at ‘/etc/fbxconnman/conn.pre-up’ 2015-08-13 14:26:18 l3 state change ‘l3_start’ ⇒ ‘l3_wait_preup_helper’ 2015-08-13 14:26:18 l3 state change ‘l3_wait_preup_helper’ ⇒ ‘l3_wait_stable’ 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 24 2015 2015-08-13 14:26:18 openvpn: connected to management interface 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: Connected to management server at unix_mgt.sock 2015-08-13 14:26:18 openvpn: rx: >INFO:OpenVPN Management Interface Version 1 – type ‘help’ for more info 2015-08-13 14:26:18 openvpn: rx: >HOLD:Waiting for hold release 2015-08-13 14:26:18 openvpn: tx: hold release 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: CMD ‘hold release’ 2015-08-13 14:26:18 openvpn: rx: SUCCESS: hold release succeeded 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: CMD ‘state on’ 2015-08-13 14:26:18 openvpn: rx: SUCCESS: real-time state notification set to ON 2015-08-13 14:26:18 openvpn: rx: >PASSWORD:Need ‘Auth’ username/password 2015-08-13 14:26:18 openvpn: tx: username “Auth” “[user]” 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: CMD ‘username “Auth” “[user]”’ 2015-08-13 14:26:18 openvpn: rx: SUCCESS: ‘Auth’ username entered, but not yet verified 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: CMD ‘password [...]’ 2015-08-13 14:26:18 openvpn: rx: SUCCESS: ‘Auth’ password entered, but not yet verified 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: >STATE:1439468778,WILL_CONNECT,[IP],,,,,0 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 Socket Buffers: R=[172032→131072] S=[172032→131072] 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 UDPv4 link local: [undef] 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 UDPv4 link remote: [AF_INET][IP]:[PORT] 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: >STATE:1439468778,WAIT,,,,,,0 2015-08-13 14:26:18 openvpn: rx: >STATE:1439468778,WILL_CONNECT,[IP],,,,,0 2015-08-13 14:26:18 openvpn: rx: >STATE:1439468778,WAIT,,,,,,0 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 MANAGEMENT: >STATE:1439468778,AUTH,,,,,,0 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 TLS: Initial packet from [AF_INET][IP]:[PORT], sid=7f32f5b5 869df738 2015-08-13 14:26:18 openvpn: rx: >STATE:1439468778,AUTH,,,,,,0 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for […] 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 Validating certificate key usage 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 ++ Certificate has key usage 00a0, expects 00a0 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 VERIFY KU OK 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 Validating certificate extended key usage 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 VERIFY EKU OK 2015-08-13 14:26:18 openvpn: output: Thu Aug 13 14:26:18 2015 VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server […] 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 WARNING: ‘dev-type’ is used inconsistently, local=’dev-type tun’, remote=’dev-type tap’ 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1557’, remote=’link-mtu 1589’ 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 WARNING: ‘tun-mtu’ is used inconsistently, local=’tun-mtu 1500’, remote=’tun-mtu 1532’ 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 Data Channel Encrypt: Cipher ‘AES-256-CBC’ initialized with 256 bit key 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 Data Channel Encrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 Data Channel Decrypt: Cipher ‘AES-256-CBC’ initialized with 256 bit key 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 Data Channel Decrypt: Using 160 bit message hash ‘SHA1’ for HMAC authentication 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA 2015-08-13 14:26:19 openvpn: output: Thu Aug 13 14:26:19 2015 [Freebox OpenVPN server […]] Peer Connection Initiated with [AF_INET][IP]:[PORT] 2015-08-13 14:26:20 openvpn: rx: >STATE:1439468780,GET_CONFIG,,,,,,0 2015-08-13 14:26:20 openvpn: output: Thu Aug 13 14:26:20 2015 MANAGEMENT: >STATE:1439468780,GET_CONFIG,,,,,,0 2015-08-13 14:26:21 openvpn: output: Thu Aug 13 14:26:21 2015 SENT CONTROL [Freebox OpenVPN server […]]: ‘PUSH_REQUEST’ (status=1) 2015-08-13 14:26:21 openvpn: rx: >STATE:1439468781,CONNECTED,SUCCESS,,[IP],,,1500 2015-08-13 14:26:21 openvpn: bad local ip 2015-08-13 14:26:21 l3 is now stable 2015-08-13 14:26:21 l3 does not fulfil config requirement 2015-08-13 14:26:21 l3 state change ‘l3_wait_stable’ ⇒ ‘l3_bring_down’ 2015-08-13 14:26:21 waiting for l3 providers to go down 2015-08-13 14:26:21 l3 state change ‘l3_bring_down’ ⇒ ‘l3_wait_down’ 2015-08-13 14:26:21 l3 state change ‘l3_wait_down’ ⇒ ‘l3_cleanup_start’ 2015-08-13 14:26:21 calling helper script at ‘/etc/fbxconnman/conn.post-down’ 2015-08-13 14:26:21 l3 state change ‘l3_cleanup_start’ ⇒ ‘l3_wait_postdown_helper’ 2015-08-13 14:26:21 openvpn: output: Thu Aug 13 14:26:21 2015 PUSH: Received control message: ‘PUSH_REPLY,ping 30,ping-restart 120’ 2015-08-13 14:26:21 openvpn: output: Thu Aug 13 14:26:21 2015 OPTIONS IMPORT: timers and/or timeouts modified 2015-08-13 14:26:21 openvpn: output: Thu Aug 13 14:26:21 2015 Initialization Sequence Completed 2015-08-13 14:26:21 openvpn: output: Thu Aug 13 14:26:21 2015 MANAGEMENT: >STATE:1439468781,CONNECTED,SUCCESS,,[IP],,,1500 2015-08-13 14:26:21 l3 state change ‘l3_wait_postdown_helper’ ⇒ ‘l3_cleanup_finish’ 2015-08-13 14:26:21 l3 state change ‘l3_cleanup_finish’ ⇒ ‘l3_finished’ 2015-08-13 14:26:21 state change ‘wait_l3_up’ ⇒ ‘wait_l3_down’ 2015-08-13 14:26:21 l3 state change ‘l3_finished’ ⇒ ‘l3_down’ 2015-08-13 14:26:21 state is now DOWN 2015-08-13 14:26:21 state change ‘wait_l3_down’ ⇒ ‘l3_finished’ 2015-08-13 14:26:21 state change ‘l3_finished’ ⇒ ‘wait_l2_down’ 2015-08-13 14:26:21 l2 state change ‘l2_up’ ⇒ ‘l2_cleanup’ 2015-08-13 14:26:21 l2 state change ‘l2_cleanup’ ⇒ ‘l2_down’ 2015-08-13 14:26:21 state change ‘wait_l2_down’ ⇒ ‘down’
|