Check alle échte Black Friday-deals Ook zo moe van nepaanbiedingen? Wij laten alleen échte deals zien
Toon posts:

OpenVPN door proxy: vergelijkbare config werkt niet

Pagina: 1
Acties:

Vraag

vrijdag 16 september 2016 18:46

Acties:
  • Korakal
  • Registratie: Oktober 2001
  • Laatst online: 25-11 17:03

Korakal

Up up up!

Topicstarter
Hi tweakers,

Wellicht ziet iemand van jullie het lichtpuntje :)
Vanaf mijn werkplek zit ik achter een proxy/firewall. Ik kan naar sommige omgevingen uitsluitend verbinden met OpenVPN. Ik heb nu een situatie die ik niet begrijp. Twee OpenVPN servers, zeg server1 en server2, waarbij:
situatie 1) vanaf een externe plek (zonder proxy) kan ik met server1 en server2 verbinden
situatie 2) vanaf mijn werkplek kan ik alleen met server1 verbinden, server2 mislukt de connectie

De OpenVPN servers gebruiken iets van elkaar verschillende configuratie. Ik heb aan beide configfiles (die bij situatie 1 werken) de proxyconfig toegevoegd (beiden op dezelfde manier; met http-proxy xxx.proxyserver.ip.xxx 9090), daaruit onstaan de configfiles voor situatie 2.

Ik begrijp echter niet waarom in situatie 2 niet ook allebei werken; het enige verschil met situatie 1 is de proxy.

De logging meldt respectievelijk (alle IP's vervangen door een beschrijvende naam):
server 1 achter proxy:
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

Fri Sep 16 18:11:55 2016 us=315732 Control Channel MTU parms [ L:1544 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Fri Sep 16 18:11:55 2016 us=315732 Socket Buffers: R=[8192->8192] S=[64512->64512]
Fri Sep 16 18:11:55 2016 us=315732 MANAGEMENT: >STATE:1474042315,RESOLVE,,,
Fri Sep 16 18:11:55 2016 us=319732 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:143 ET:0 EL:3 AF:3/1 ]
Fri Sep 16 18:11:55 2016 us=319732 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Sep 16 18:11:55 2016 us=319732 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Sep 16 18:11:55 2016 us=319732 Local Options hash (VER=V4): '69109d17'
Fri Sep 16 18:11:55 2016 us=319732 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri Sep 16 18:11:55 2016 us=320732 Attempting to establish TCP connection with [AF_INET]xxx.proxyserver.ip.xxx:9090 [nonblock]
Fri Sep 16 18:11:55 2016 us=320732 MANAGEMENT: >STATE:1474042315,TCP_CONNECT,,,
Fri Sep 16 18:11:56 2016 us=320832 TCP connection established with [AF_INET]xxx.proxyserver.ip.xxx:9090
Fri Sep 16 18:11:56 2016 us=320832 Send to HTTP proxy: 'CONNECT server1.address:443 HTTP/1.0'
Fri Sep 16 18:11:56 2016 us=385839 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Fri Sep 16 18:11:58 2016 us=387039 TCPv4_CLIENT link local: [undef]
Fri Sep 16 18:11:58 2016 us=387039 TCPv4_CLIENT link remote: [AF_INET]xxx.proxyserver.ip.xxx:9090
Fri Sep 16 18:11:58 2016 us=388039 MANAGEMENT: >STATE:1474042318,WAIT,,,
Fri Sep 16 18:11:58 2016 us=415042 MANAGEMENT: >STATE:1474042318,AUTH,,,
Fri Sep 16 18:11:58 2016 us=415042 TLS: Initial packet from [AF_INET]xxx.proxyserver.ip.xxx:9090, sid=69b8b610 f364a597
Fri Sep 16 18:11:58 2016 us=897090 VERIFY OK: depth=1, C=NL, ST=NH, L=XXX, O=XXX, OU=XXX, CN=OpenVPN-CA, name=XXX, emailAddress=XXX@XXX.nl
Fri Sep 16 18:11:58 2016 us=898090 Validating certificate key usage
Fri Sep 16 18:11:58 2016 us=899090 ++ Certificate has key usage  00a0, expects 00a0
Fri Sep 16 18:11:58 2016 us=899090 VERIFY KU OK
Fri Sep 16 18:11:58 2016 us=899090 Validating certificate extended key usage
Fri Sep 16 18:11:58 2016 us=899090 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Sep 16 18:11:58 2016 us=899090 VERIFY EKU OK
Fri Sep 16 18:11:58 2016 us=899090 VERIFY OK: depth=0, C=NL, ST=NH, L=XXX, O=XXX, OU=XXX, CN=server, name=XXX, emailAddress=XXX@XXX.nl
Fri Sep 16 18:11:59 2016 us=137114 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Sep 16 18:11:59 2016 us=137114 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 16 18:11:59 2016 us=137114 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Sep 16 18:11:59 2016 us=137114 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 16 18:11:59 2016 us=138114 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Fri Sep 16 18:11:59 2016 us=138114 [server] Peer Connection Initiated with [AF_INET]xxx.proxyserver.ip.xxx:9090
Fri Sep 16 18:12:00 2016 us=397240 MANAGEMENT: >STATE:1474042320,GET_CONFIG,,,
Fri Sep 16 18:12:01 2016 us=656366 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Sep 16 18:12:01 2016 us=723372 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Sep 16 18:12:01 2016 us=724373 OPTIONS IMPORT: timers and/or timeouts modified
Fri Sep 16 18:12:01 2016 us=724373 OPTIONS IMPORT: --ifconfig/up options modified
Fri Sep 16 18:12:01 2016 us=724373 OPTIONS IMPORT: route options modified
Fri Sep 16 18:12:01 2016 us=732373 ROUTE_GATEWAY xxx.gateway.ip.xxx/255.255.255.255 I=17 HWADDR=00:ff:c0:e7:b8:09
Fri Sep 16 18:12:01 2016 us=738374 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 16 18:12:01 2016 us=738374 MANAGEMENT: >STATE:1474042321,ASSIGN_IP,,10.8.0.6,
Fri Sep 16 18:12:01 2016 us=739374 open_tun, tt->ipv6=0
Fri Sep 16 18:12:01 2016 us=744375 TAP-WIN32 device [TAP Adapter] opened: \\.\Global\{DE46467B-9D98-46A3-BB79-FEB8A840F495}.tap
Fri Sep 16 18:12:01 2016 us=745375 TAP-Windows Driver Version 9.21 
Fri Sep 16 18:12:01 2016 us=745375 TAP-Windows MTU=1500
Fri Sep 16 18:12:01 2016 us=748375 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {DE46467B-9D98-46A3-BB79-FEB8A840F495} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri Sep 16 18:12:01 2016 us=748375 Successful ARP Flush on interface [16] {DE46467B-9D98-46A3-BB79-FEB8A840F495}
Fri Sep 16 18:12:06 2016 us=250825 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Fri Sep 16 18:12:06 2016 us=250825 MANAGEMENT: >STATE:1474042326,ADD_ROUTES,,,
Fri Sep 16 18:12:06 2016 us=251825 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Fri Sep 16 18:12:06 2016 us=259826 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Sep 16 18:12:06 2016 us=259826 Route addition via IPAPI succeeded [adaptive]
Fri Sep 16 18:12:06 2016 us=259826 Initialization Sequence Completed
Fri Sep 16 18:12:06 2016 us=259826 MANAGEMENT: >STATE:1474042326,CONNECTED,SUCCESS,10.8.0.6,xxx.proxyserver.ip.xxx


server 2 achter proxy
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

Fri Sep 16 18:08:11 2016 us=29305 Control Channel MTU parms [ L:1544 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Fri Sep 16 18:08:11 2016 us=29305 Socket Buffers: R=[8192->8192] S=[64512->64512]
Fri Sep 16 18:08:11 2016 us=29305 MANAGEMENT: >STATE:1474042091,RESOLVE,,,
Fri Sep 16 18:08:11 2016 us=34306 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:143 ET:0 EL:3 AF:3/1 ]
Fri Sep 16 18:08:11 2016 us=34306 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Sep 16 18:08:11 2016 us=34306 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Sep 16 18:08:11 2016 us=34306 Local Options hash (VER=V4): '69109d17'
Fri Sep 16 18:08:11 2016 us=34306 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri Sep 16 18:08:11 2016 us=34306 Attempting to establish TCP connection with [AF_INET]xxx.proxyserver.ip.xxx:9090 [nonblock]
Fri Sep 16 18:08:11 2016 us=34306 MANAGEMENT: >STATE:1474042091,TCP_CONNECT,,,
Fri Sep 16 18:08:12 2016 us=34406 TCP connection established with [AF_INET]xxx.proxyserver.ip.xxx:9090
Fri Sep 16 18:08:12 2016 us=34406 Send to HTTP proxy: 'CONNECT server2.address:443 HTTP/1.0'
Fri Sep 16 18:08:12 2016 us=90411 HTTP proxy returned: 'HTTP/1.0 407 authenticationrequired'
Fri Sep 16 18:08:12 2016 us=90411 Proxy requires authentication
Fri Sep 16 18:08:12 2016 us=91412 HTTP proxy: no support for proxy authentication method
Fri Sep 16 18:08:12 2016 us=91412 TCP/UDP: Closing socket
Fri Sep 16 18:08:12 2016 us=91412 SIGTERM[soft,init_instance] received, process exiting
Fri Sep 16 18:08:12 2016 us=92412 MANAGEMENT: >STATE:1474042092,EXITING,init_instance,,


Ik heb de config voor server2 ook geprobeerd met http-proxy xxx.proxyserver.ip.xxx 9090 STDIN, maar ook dat levert geen verschil.

Thanks alvast voor waardevolle hints en tips!
Reageer

Apple iPhone 17 LG OLED evo G5 Google Pixel 10 Samsung Galaxy S25 Star Wars: Outlaws Nintendo Switch 2 Apple AirPods Pro (2e generatie) Sony PlayStation 5 Pro

Tweakers is onderdeel van DPG Media B.V.
Alle rechten voorbehouden - Auteursrecht © 1998 - 2025 Hosting door TrueFullstaq