Hi,
I installed OpenVPN plugin (via "OMV-Extras.org", I ticked "VPN", and then installed"openmediavault-openvpn 1.1" from Plugins).
Then, I create certificates with the following commands via SSH :
1/ Edit vars (export KEY_DIR, export KEY_COUTRY, etc.)
2/ Open the folder
3/ Use vars
4/ Delete existing certificates
5/ Generate certificate authority and certificate key (client):
6/ Generate certificate authority and certificate key (server):
7/ Generate BUILD DIFFIE-HELLMAN PARAMETERS (necessary for the server end of a SSL/TLS connection)
8/Generate a key to use with tls-auth which adds an additional HMAC signature to all SSL/TLS handshake packets
9/ Change permisssions to see certificates and keys from eXtplorer
Then, I forwarded 1194 UDP port on my router. Should I do the same with the firewall of OMV? If yes, how to populate 'source', 'destination', etc. fields?
For information, here below the content of "/etc/openvpn/server.conf" (with comments removed):
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
;client-to-client
keepalive 10 120
comp-lzo
;plugin /usr/lib/openvpn/openvpn-auth-pam.so login
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 2
mute 10
crl-verify /etc/openvpn/keys/crl.pem
Alles anzeigen
When trying to connect using "OpenVPN GUI v5" on Windows, the following log is displayed:
Thu May 14 14:08:02 2015 OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 4 2015
Thu May 14 14:08:02 2015 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.08
Thu May 14 14:08:02 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu May 14 14:08:02 2015 Need hold release from management interface, waiting...
Thu May 14 14:08:02 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu May 14 14:08:03 2015 MANAGEMENT: CMD 'state on'
Thu May 14 14:08:03 2015 MANAGEMENT: CMD 'log all on'
Thu May 14 14:08:03 2015 MANAGEMENT: CMD 'hold off'
Thu May 14 14:08:03 2015 MANAGEMENT: CMD 'hold release'
Thu May 14 14:08:03 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu May 14 14:08:03 2015 MANAGEMENT: >STATE:1431605283,RESOLVE,,,
Thu May 14 14:08:03 2015 UDPv4 link local: [undef]
Thu May 14 14:08:03 2015 UDPv4 link remote: [AF_INET]XX.212.126.152:1194
Thu May 14 14:08:03 2015 MANAGEMENT: >STATE:1431605283,WAIT,,,
Thu May 14 14:08:03 2015 MANAGEMENT: >STATE:1431605283,AUTH,,,
Thu May 14 14:08:03 2015 TLS: Initial packet from [AF_INET]XX.212.126.152:1194, sid=25c45403 2b00edda
Alles anzeigen
On OMV side, I had the following log:
Tue Jul 7 07:56:03 2015 192.168.1.1:58942 Re-using SSL/TLS context
Tue Jul 7 07:56:03 2015 192.168.1.1:58942 LZO compression initialized
Tue Jul 7 07:56:03 2015 192.168.1.1:58942 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 7 07:56:03 2015 192.168.1.1:58942 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jul 7 07:56:03 2015 192.168.1.1:58942 Local Options hash (VER=V4): '530fdded'
Tue Jul 7 07:56:03 2015 192.168.1.1:58942 Expected Remote Options hash (VER=V4): '41690919'
Tue Jul 7 07:56:24 2015 192.168.1.1:58922 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jul 7 07:56:24 2015 192.168.1.1:58922 TLS Error: TLS handshake failed
Tue Jul 7 07:56:27 2015 80.12.39.138:36654 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jul 7 07:56:27 2015 80.12.39.138:36654 TLS Error: TLS handshake failed
Tue Jul 7 07:57:03 2015 192.168.1.1:58942 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jul 7 07:57:03 2015 192.168.1.1:58942 TLS Error: TLS handshake failed
Tue Jul 7 07:57:05 2015 192.168.1.1:62717 Re-using SSL/TLS context
Tue Jul 7 07:57:05 2015 192.168.1.1:62717 LZO compression initialized
Tue Jul 7 07:57:05 2015 192.168.1.1:62717 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Jul 7 07:57:05 2015 192.168.1.1:62717 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jul 7 07:57:05 2015 192.168.1.1:62717 Local Options hash (VER=V4): '530fdded'
Tue Jul 7 07:57:05 2015 192.168.1.1:62717 Expected Remote Options hash (VER=V4): '41690919'
Alles anzeigen
Besides, On Android 5.1 when using OpenVPN Connect, the following message is displayed:
OpenVPN server certificate verification failed : PolarSSL: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed.
I have tried several time to find information but still no solved. Any reason why the connection does not work?
Regards