Kein VPN über das Internet möglich

[vrabac]

Hallo,

Ich habe da ein Problem, und zwar habe ich auf einem Raspberry PI Modell B ein RaspBMC installiert, und wollte diesen nun auch als VPN-Server nutzen. Wenn ich mich lokal verbinde (also direkt mit der IP-Adresse des VPN-Servers) kann ich einen VPN-Tunnel aufbauen.

Wenn ich über das Internet gehe und selfhost.eu für die Namensauflösung verwende, dann kann ich keine VPN-Verbindung aufbauen.

Code: Alles auswählen

2014-07-29 18:57:19 Modell UNO_X8 (g24refM8306HCM) MID, Android API 17, version 0.6.17, offizielle Version
2014-07-29 18:57:19 Generiere OpenVPN Konfiguration…
2014-07-29 18:57:22 started Socket Thread
2014-07-29 18:57:22 P:Initializing Google Breakpad!
2014-07-29 18:57:22 Current Parameter Settings:
2014-07-29 18:57:22   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-07-29 18:57:22   mode = 0
2014-07-29 18:57:22   show_ciphers = DISABLED
2014-07-29 18:57:22   show_digests = DISABLED
2014-07-29 18:57:22   show_engines = DISABLED
2014-07-29 18:57:22   genkey = DISABLED
2014-07-29 18:57:22   key_pass_file = '[UNDEF]'
2014-07-29 18:57:22   show_tls_ciphers = DISABLED
2014-07-29 18:57:22   connect_retry_max = 5
2014-07-29 18:57:22 Connection profiles [0]:
2014-07-29 18:57:22   proto = udp
2014-07-29 18:57:22   local = '[UNDEF]'
2014-07-29 18:57:22   local_port = '[UNDEF]'
2014-07-29 18:57:22   remote = 'holger-spatz.selfhost.eu'
2014-07-29 18:57:22   remote_port = '1194'
2014-07-29 18:57:22   remote_float = DISABLED
2014-07-29 18:57:22   bind_defined = DISABLED
2014-07-29 18:57:22   bind_local = DISABLED
2014-07-29 18:57:22   bind_ipv6_only = DISABLED
2014-07-29 18:57:22   connect_retry_seconds = 5
2014-07-29 18:57:22   connect_timeout = 10
2014-07-29 18:57:22   socks_proxy_server = '[UNDEF]'
2014-07-29 18:57:22   socks_proxy_port = '[UNDEF]'
2014-07-29 18:57:22   socks_proxy_retry = DISABLED
2014-07-29 18:57:22   tun_mtu = 1500
2014-07-29 18:57:22   tun_mtu_defined = ENABLED
2014-07-29 18:57:22   link_mtu = 1500
2014-07-29 18:57:22   link_mtu_defined = DISABLED
2014-07-29 18:57:22   tun_mtu_extra = 0
2014-07-29 18:57:22   tun_mtu_extra_defined = DISABLED
2014-07-29 18:57:22   mtu_discover_type = -1
2014-07-29 18:57:22   fragment = 0
2014-07-29 18:57:22   mssfix = 1450
2014-07-29 18:57:22   explicit_exit_notification = 0
2014-07-29 18:57:22 Connection profiles END
2014-07-29 18:57:22   remote_random = DISABLED
2014-07-29 18:57:22   ipchange = '[UNDEF]'
2014-07-29 18:57:22   dev = 'tun'
2014-07-29 18:57:22   dev_type = '[UNDEF]'
2014-07-29 18:57:22   dev_node = '[UNDEF]'
2014-07-29 18:57:22   lladdr = '[UNDEF]'
2014-07-29 18:57:22   topology = 1
2014-07-29 18:57:22   tun_ipv6 = DISABLED
2014-07-29 18:57:22   ifconfig_local = '[UNDEF]'
2014-07-29 18:57:22   ifconfig_remote_netmask = '[UNDEF]'
2014-07-29 18:57:22   ifconfig_noexec = DISABLED
2014-07-29 18:57:22   ifconfig_nowarn = DISABLED
2014-07-29 18:57:22   ifconfig_ipv6_local = '[UNDEF]'
2014-07-29 18:57:22   ifconfig_ipv6_netbits = 0
2014-07-29 18:57:22   ifconfig_ipv6_remote = '[UNDEF]'
2014-07-29 18:57:22   shaper = 0
2014-07-29 18:57:22   mtu_test = 0
2014-07-29 18:57:22   mlock = DISABLED
2014-07-29 18:57:22   keepalive_ping = 0
2014-07-29 18:57:22   keepalive_timeout = 0
2014-07-29 18:57:22   inactivity_timeout = 0
2014-07-29 18:57:22   ping_send_timeout = 0
2014-07-29 18:57:22   ping_rec_timeout = 0
2014-07-29 18:57:22   ping_rec_timeout_action = 0
2014-07-29 18:57:22   ping_timer_remote = DISABLED
2014-07-29 18:57:22   remap_sigusr1 = 0
2014-07-29 18:57:22   persist_tun = ENABLED
2014-07-29 18:57:22   persist_local_ip = DISABLED
2014-07-29 18:57:22   persist_remote_ip = DISABLED
2014-07-29 18:57:22   persist_key = DISABLED
2014-07-29 18:57:22   passtos = DISABLED
2014-07-29 18:57:22   resolve_retry_seconds = 1000000000
2014-07-29 18:57:22   resolve_in_advance = ENABLED
2014-07-29 18:57:22   username = '[UNDEF]'
2014-07-29 18:57:22   groupname = '[UNDEF]'
2014-07-29 18:57:22   chroot_dir = '[UNDEF]'
2014-07-29 18:57:22   cd_dir = '[UNDEF]'
2014-07-29 18:57:22   writepid = '[UNDEF]'
2014-07-29 18:57:22   up_script = '[UNDEF]'
2014-07-29 18:57:22   down_script = '[UNDEF]'
2014-07-29 18:57:22   down_pre = DISABLED
2014-07-29 18:57:22   up_restart = DISABLED
2014-07-29 18:57:22   up_delay = DISABLED
2014-07-29 18:57:22   daemon = DISABLED
2014-07-29 18:57:22   inetd = 0
2014-07-29 18:57:22   log = DISABLED
2014-07-29 18:57:22   suppress_timestamps = DISABLED
2014-07-29 18:57:22   machine_readable_output = ENABLED
2014-07-29 18:57:22   nice = 0
2014-07-29 18:57:22   verbosity = 4
2014-07-29 18:57:22   mute = 0
2014-07-29 18:57:22   gremlin = 0
2014-07-29 18:57:22   status_file = '[UNDEF]'
2014-07-29 18:57:22   status_file_version = 1
2014-07-29 18:57:22   status_file_update_freq = 60
2014-07-29 18:57:22   occ = ENABLED
2014-07-29 18:57:22   rcvbuf = 65536
2014-07-29 18:57:22   sndbuf = 65536
2014-07-29 18:57:22   sockflags = 0
2014-07-29 18:57:22   fast_io = DISABLED
2014-07-29 18:57:22   comp.alg = 2
2014-07-29 18:57:22   comp.flags = 1
2014-07-29 18:57:22   route_script = '[UNDEF]'
2014-07-29 18:57:22   route_default_gateway = '[UNDEF]'
2014-07-29 18:57:22   route_default_metric = 0
2014-07-29 18:57:22   route_noexec = DISABLED
2014-07-29 18:57:22   route_delay = 0
2014-07-29 18:57:22   route_delay_window = 30
2014-07-29 18:57:22   route_delay_defined = DISABLED
2014-07-29 18:57:22   route_nopull = DISABLED
2014-07-29 18:57:22   route_gateway_via_dhcp = DISABLED
2014-07-29 18:57:22   allow_pull_fqdn = DISABLED
2014-07-29 18:57:22   management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-07-29 18:57:22   management_port = 'unix'
2014-07-29 18:57:22   management_user_pass = '[UNDEF]'
2014-07-29 18:57:22   management_log_history_cache = 250
2014-07-29 18:57:22   management_echo_buffer_size = 100
2014-07-29 18:57:22   management_write_peer_info_file = '[UNDEF]'
2014-07-29 18:57:22   management_client_user = '[UNDEF]'
2014-07-29 18:57:22   management_client_group = '[UNDEF]'
2014-07-29 18:57:22   management_flags = 4390
2014-07-29 18:57:22   shared_secret_file = '[UNDEF]'
2014-07-29 18:57:22   key_direction = 0
2014-07-29 18:57:22   ciphername_defined = ENABLED
2014-07-29 18:57:22   ciphername = 'BF-CBC'
2014-07-29 18:57:22   authname_defined = ENABLED
2014-07-29 18:57:22   authname = 'SHA1'
2014-07-29 18:57:22   prng_hash = 'SHA1'
2014-07-29 18:57:22   prng_nonce_secret_len = 16
2014-07-29 18:57:22   keysize = 0
2014-07-29 18:57:22   engine = DISABLED
2014-07-29 18:57:22   replay = ENABLED
2014-07-29 18:57:22   mute_replay_warnings = DISABLED
2014-07-29 18:57:22   replay_window = 64
2014-07-29 18:57:22   replay_time = 15
2014-07-29 18:57:22   packet_id_file = '[UNDEF]'
2014-07-29 18:57:22   use_iv = ENABLED
2014-07-29 18:57:22   test_crypto = DISABLED
2014-07-29 18:57:22   tls_server = DISABLED
2014-07-29 18:57:22   tls_client = ENABLED
2014-07-29 18:57:22   key_method = 2
2014-07-29 18:57:22   ca_file = '[[INLINE]]'
2014-07-29 18:57:22   ca_path = '[UNDEF]'
2014-07-29 18:57:22   dh_file = '[UNDEF]'
2014-07-29 18:57:22   cert_file = '[[INLINE]]'
2014-07-29 18:57:22   priv_key_file = '[[INLINE]]'
2014-07-29 18:57:22   pkcs12_file = '[UNDEF]'
2014-07-29 18:57:22   cipher_list = '[UNDEF]'
2014-07-29 18:57:22   tls_verify = '[UNDEF]'
2014-07-29 18:57:22   tls_export_cert = '[UNDEF]'
2014-07-29 18:57:22   verify_x509_type = 0
2014-07-29 18:57:22   verify_x509_name = '[UNDEF]'
2014-07-29 18:57:22   crl_file = '[UNDEF]'
2014-07-29 18:57:22   ns_cert_type = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_ku[i] = 0
2014-07-29 18:57:22   remote_cert_eku = '[UNDEF]'
2014-07-29 18:57:22   ssl_flags = 0
2014-07-29 18:57:22   tls_timeout = 2
2014-07-29 18:57:22   renegotiate_bytes = 0
2014-07-29 18:57:22   renegotiate_packets = 0
2014-07-29 18:57:22   renegotiate_seconds = 3600
2014-07-29 18:57:22   handshake_window = 60
2014-07-29 18:57:22   transition_window = 3600
2014-07-29 18:57:22   single_session = DISABLED
2014-07-29 18:57:22   push_peer_info = DISABLED
2014-07-29 18:57:22   tls_exit = DISABLED
2014-07-29 18:57:22   tls_auth_file = '[UNDEF]'
2014-07-29 18:57:22   client = ENABLED
2014-07-29 18:57:22   pull = ENABLED
2014-07-29 18:57:22   auth_user_pass_file = '[UNDEF]'
2014-07-29 18:57:22 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_615-c430ab0e0cef9994] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jun 24 2014
2014-07-29 18:57:22 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
2014-07-29 18:57:22 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-07-29 18:57:22 Netzwerkstatus: CONNECTED  to WIFI "muehlweg12"
2014-07-29 18:57:22 MANAGEMENT: CMD 'hold release'
2014-07-29 18:57:22 MANAGEMENT: CMD 'bytecount 2'
2014-07-29 18:57:22 MANAGEMENT: CMD 'state on'
2014-07-29 18:57:22 MANAGEMENT: >STATE:1406653042,RESOLVE,,,
2014-07-29 18:57:22 MANAGEMENT: CMD 'proxy NONE'
2014-07-29 18:57:23 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-07-29 18:57:23 LZO compression initializing
2014-07-29 18:57:23 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-07-29 18:57:23 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-07-29 18:57:23 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-07-29 18:57:23 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-07-29 18:57:23 Local Options hash (VER=V4): '41690919'
2014-07-29 18:57:23 Expected Remote Options hash (VER=V4): '530fdded'
2014-07-29 18:57:23 TCP/UDP: Preserving recently used remote address: [AF_INET]91.17.25.199:1194
2014-07-29 18:57:23 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-07-29 18:57:23 Protecting socket fd 4
2014-07-29 18:57:23 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-07-29 18:57:23 UDP link local: (not bound)
2014-07-29 18:57:23 UDP link remote: [AF_INET]91.17.25.199:1194
2014-07-29 18:57:23 MANAGEMENT: >STATE:1406653043,WAIT,,,
2014-07-29 18:58:23 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-07-29 18:58:23 TLS Error: TLS handshake failed
2014-07-29 18:58:23 TCP/UDP: Closing socket
2014-07-29 18:58:23 SIGUSR1[soft,tls-error] received, process restarting
2014-07-29 18:58:23 MANAGEMENT: >STATE:1406653103,RECONNECTING,tls-error,,
2014-07-29 18:58:23 MANAGEMENT: CMD 'hold release'
2014-07-29 18:58:23 MANAGEMENT: CMD 'bytecount 2'
2014-07-29 18:58:23 MANAGEMENT: CMD 'state on'
2014-07-29 18:58:23 MANAGEMENT: CMD 'proxy NONE'
2014-07-29 18:58:24 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-07-29 18:58:24 LZO compression initializing
2014-07-29 18:58:24 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-07-29 18:58:24 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-07-29 18:58:24 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-07-29 18:58:24 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-07-29 18:58:24 Local Options hash (VER=V4): '41690919'
2014-07-29 18:58:24 Expected Remote Options hash (VER=V4): '530fdded'
2014-07-29 18:58:24 TCP/UDP: Preserving recently used remote address: [AF_INET]91.17.25.199:1194
2014-07-29 18:58:24 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-07-29 18:58:24 Protecting socket fd 4
2014-07-29 18:58:24 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-07-29 18:58:24 UDP link local: (not bound)
2014-07-29 18:58:24 UDP link remote: [AF_INET]91.17.25.199:1194
2014-07-29 18:58:24 MANAGEMENT: >STATE:1406653104,WAIT,,,
2014-07-29 18:58:43 MANAGEMENT: CMD 'signal SIGINT'
2014-07-29 18:58:43 TCP/UDP: Closing socket
2014-07-29 18:58:43 SIGINT[hard,] received, process exiting
2014-07-29 18:58:43 MANAGEMENT: >STATE:1406653123,EXITING,SIGINT,,
2014-07-29 18:59:14 Generiere OpenVPN Konfiguration…
2014-07-29 18:59:14 Unbehandelte Ausnahme: write failed: EBADF (Bad file number)

java.io.IOException: write failed: EBADF (Bad file number)
	at libcore.io.IoBridge.write(IoBridge.java:462)
	at java.io.FileOutputStream.write(FileOutputStream.java:187)
	at java.io.OutputStreamWriter.flushBytes(OutputStreamWriter.java:167)
	at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:158)
	at de.blinkt.openvpn.VpnProfile.prepareIntent(VpnProfile.java:589)
	at de.blinkt.openvpn.core.VPNLaunchHelper.startOpenVpn(VPNLaunchHelper.java:73)
	at de.blinkt.openvpn.LaunchVPN$startOpenVpnThread.run(LaunchVPN.java:289)
Caused by: libcore.io.ErrnoException: write failed: EBADF (Bad file number)
	at libcore.io.Posix.writeBytes(Native Method)
	at libcore.io.Posix.write(Posix.java:187)
	at libcore.io.BlockGuardOs.write(BlockGuardOs.java:197)
	at libcore.io.IoBridge.write(IoBridge.java:457)
	... 6 more

2014-07-29 18:59:16 started Socket Thread
2014-07-29 18:59:16 P:Initializing Google Breakpad!
2014-07-29 18:59:16 P:Options error: You must define TUN/TAP device (--dev)
2014-07-29 18:59:16 P:Use --help for more information.
2014-07-29 18:59:16 Process exited with exit value 1
2014-07-29 18:59:46 Generiere OpenVPN Konfiguration…
2014-07-29 18:59:48 started Socket Thread
2014-07-29 18:59:48 P:Initializing Google Breakpad!
2014-07-29 18:59:48 Current Parameter Settings:
2014-07-29 18:59:48   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-07-29 18:59:48   mode = 0
2014-07-29 18:59:48   show_ciphers = DISABLED
2014-07-29 18:59:48   show_digests = DISABLED
2014-07-29 18:59:48   show_engines = DISABLED
2014-07-29 18:59:48   genkey = DISABLED
2014-07-29 18:59:48   key_pass_file = '[UNDEF]'
2014-07-29 18:59:48   show_tls_ciphers = DISABLED
2014-07-29 18:59:48   connect_retry_max = 5
2014-07-29 18:59:48 Connection profiles [0]:
2014-07-29 18:59:48   proto = udp
2014-07-29 18:59:48   local = '[UNDEF]'
2014-07-29 18:59:48   local_port = '[UNDEF]'
2014-07-29 18:59:48   remote = 'holger-spatz.selfhost.eu'
2014-07-29 18:59:48   remote_port = '1194'
2014-07-29 18:59:48   remote_float = DISABLED
2014-07-29 18:59:48   bind_defined = DISABLED
2014-07-29 18:59:48   bind_local = DISABLED
2014-07-29 18:59:48   bind_ipv6_only = DISABLED
2014-07-29 18:59:48   connect_retry_seconds = 5
2014-07-29 18:59:48   connect_timeout = 10
2014-07-29 18:59:48   socks_proxy_server = '[UNDEF]'
2014-07-29 18:59:48   socks_proxy_port = '[UNDEF]'
2014-07-29 18:59:48   socks_proxy_retry = DISABLED
2014-07-29 18:59:48   tun_mtu = 1500
2014-07-29 18:59:48   tun_mtu_defined = ENABLED
2014-07-29 18:59:48   link_mtu = 1500
2014-07-29 18:59:48   link_mtu_defined = DISABLED
2014-07-29 18:59:48   tun_mtu_extra = 0
2014-07-29 18:59:48   tun_mtu_extra_defined = DISABLED
2014-07-29 18:59:48   mtu_discover_type = -1
2014-07-29 18:59:48   fragment = 0
2014-07-29 18:59:48   mssfix = 1450
2014-07-29 18:59:48   explicit_exit_notification = 0
2014-07-29 18:59:48 Connection profiles END
2014-07-29 18:59:48   remote_random = DISABLED
2014-07-29 18:59:48   ipchange = '[UNDEF]'
2014-07-29 18:59:48   dev = 'tun'
2014-07-29 18:59:48   dev_type = '[UNDEF]'
2014-07-29 18:59:48   dev_node = '[UNDEF]'
2014-07-29 18:59:48   lladdr = '[UNDEF]'
2014-07-29 18:59:48   topology = 1
2014-07-29 18:59:48   tun_ipv6 = DISABLED
2014-07-29 18:59:48   ifconfig_local = '[UNDEF]'
2014-07-29 18:59:48   ifconfig_remote_netmask = '[UNDEF]'
2014-07-29 18:59:48   ifconfig_noexec = DISABLED
2014-07-29 18:59:48   ifconfig_nowarn = DISABLED
2014-07-29 18:59:48   ifconfig_ipv6_local = '[UNDEF]'
2014-07-29 18:59:48   ifconfig_ipv6_netbits = 0
2014-07-29 18:59:48   ifconfig_ipv6_remote = '[UNDEF]'
2014-07-29 18:59:48   shaper = 0
2014-07-29 18:59:48   mtu_test = 0
2014-07-29 18:59:48   mlock = DISABLED
2014-07-29 18:59:48   keepalive_ping = 0
2014-07-29 18:59:48   keepalive_timeout = 0
2014-07-29 18:59:48   inactivity_timeout = 0
2014-07-29 18:59:48   ping_send_timeout = 0
2014-07-29 18:59:48   ping_rec_timeout = 0
2014-07-29 18:59:48   ping_rec_timeout_action = 0
2014-07-29 18:59:48   ping_timer_remote = DISABLED
2014-07-29 18:59:48   remap_sigusr1 = 0
2014-07-29 18:59:48   persist_tun = ENABLED
2014-07-29 18:59:48   persist_local_ip = DISABLED
2014-07-29 18:59:48   persist_remote_ip = DISABLED
2014-07-29 18:59:48   persist_key = DISABLED
2014-07-29 18:59:48   passtos = DISABLED
2014-07-29 18:59:48   resolve_retry_seconds = 1000000000
2014-07-29 18:59:48   resolve_in_advance = ENABLED
2014-07-29 18:59:48   username = '[UNDEF]'
2014-07-29 18:59:48   groupname = '[UNDEF]'
2014-07-29 18:59:48   chroot_dir = '[UNDEF]'
2014-07-29 18:59:48   cd_dir = '[UNDEF]'
2014-07-29 18:59:48   up_script = '[UNDEF]'
2014-07-29 18:59:48   down_script = '[UNDEF]'
2014-07-29 18:59:48   down_pre = DISABLED
2014-07-29 18:59:48   up_restart = DISABLED
2014-07-29 18:59:48   up_delay = DISABLED
2014-07-29 18:59:48   daemon = DISABLED
2014-07-29 18:59:48   inetd = 0
2014-07-29 18:59:48   log = DISABLED
2014-07-29 18:59:48   suppress_timestamps = DISABLED
2014-07-29 18:59:48   machine_readable_output = ENABLED
2014-07-29 18:59:48 Netzwerkstatus: CONNECTED  to WIFI "hsp-network"
2014-07-29 18:59:48   nice = 0
2014-07-29 18:59:48   verbosity = 4
2014-07-29 18:59:48   mute = 0
2014-07-29 18:59:48   gremlin = 0
2014-07-29 18:59:48   status_file = '[UNDEF]'
2014-07-29 18:59:48   status_file_version = 1
2014-07-29 18:59:48   status_file_update_freq = 60
2014-07-29 18:59:48   occ = ENABLED
2014-07-29 18:59:48   rcvbuf = 65536
2014-07-29 18:59:48   sndbuf = 65536
2014-07-29 18:59:48   sockflags = 0
2014-07-29 18:59:48   fast_io = DISABLED
2014-07-29 18:59:48   comp.alg = 2
2014-07-29 18:59:48   comp.flags = 1
2014-07-29 18:59:48   route_script = '[UNDEF]'
2014-07-29 18:59:48   route_default_gateway = '[UNDEF]'
2014-07-29 18:59:48   route_default_metric = 0
2014-07-29 18:59:48   route_noexec = DISABLED
2014-07-29 18:59:48   route_delay = 0
2014-07-29 18:59:48   route_delay_window = 30
2014-07-29 18:59:48   route_delay_defined = DISABLED
2014-07-29 18:59:48   route_nopull = DISABLED
2014-07-29 18:59:48   route_gateway_via_dhcp = DISABLED
2014-07-29 18:59:48   allow_pull_fqdn = DISABLED
2014-07-29 18:59:48   management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-07-29 18:59:48   management_port = 'unix'
2014-07-29 18:59:48   management_user_pass = '[UNDEF]'
2014-07-29 18:59:48   management_log_history_cache = 250
2014-07-29 18:59:48   management_echo_buffer_size = 100
2014-07-29 18:59:48   management_write_peer_info_file = '[UNDEF]'
2014-07-29 18:59:48   management_client_user = '[UNDEF]'
2014-07-29 18:59:48   management_client_group = '[UNDEF]'
2014-07-29 18:59:48   management_flags = 4390
2014-07-29 18:59:48   shared_secret_file = '[UNDEF]'
2014-07-29 18:59:48   key_direction = 0
2014-07-29 18:59:48   ciphername_defined = ENABLED
2014-07-29 18:59:48   ciphername = 'BF-CBC'
2014-07-29 18:59:48   authname_defined = ENABLED
2014-07-29 18:59:48   authname = 'SHA1'
2014-07-29 18:59:48   prng_hash = 'SHA1'
2014-07-29 18:59:48   prng_nonce_secret_len = 16
2014-07-29 18:59:48   keysize = 0
2014-07-29 18:59:48   engine = DISABLED
2014-07-29 18:59:48   replay = ENABLED
2014-07-29 18:59:48   mute_replay_warnings = DISABLED
2014-07-29 18:59:48   replay_window = 64
2014-07-29 18:59:48   replay_time = 15
2014-07-29 18:59:48   packet_id_file = '[UNDEF]'
2014-07-29 18:59:48   use_iv = ENABLED
2014-07-29 18:59:48   test_crypto = DISABLED
2014-07-29 18:59:48   tls_server = DISABLED
2014-07-29 18:59:48   tls_client = ENABLED
2014-07-29 18:59:48   key_method = 2
2014-07-29 18:59:48   ca_file = '[[INLINE]]'
2014-07-29 18:59:48   ca_path = '[UNDEF]'
2014-07-29 18:59:48   dh_file = '[UNDEF]'
2014-07-29 18:59:48   cert_file = '[[INLINE]]'
2014-07-29 18:59:48   priv_key_file = '[[INLINE]]'
2014-07-29 18:59:48   pkcs12_file = '[UNDEF]'
2014-07-29 18:59:48   cipher_list = '[UNDEF]'
2014-07-29 18:59:48   tls_verify = '[UNDEF]'
2014-07-29 18:59:48   tls_export_cert = '[UNDEF]'
2014-07-29 18:59:48   verify_x509_type = 0
2014-07-29 18:59:48   verify_x509_name = '[UNDEF]'
2014-07-29 18:59:48   crl_file = '[UNDEF]'
2014-07-29 18:59:48   ns_cert_type = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_ku[i] = 0
2014-07-29 18:59:48   remote_cert_eku = '[UNDEF]'
2014-07-29 18:59:48   ssl_flags = 0
2014-07-29 18:59:48   tls_timeout = 2
2014-07-29 18:59:48   renegotiate_bytes = 0
2014-07-29 18:59:48   renegotiate_packets = 0
2014-07-29 18:59:48   renegotiate_seconds = 3600
2014-07-29 18:59:48   handshake_window = 60
2014-07-29 18:59:48   transition_window = 3600
2014-07-29 18:59:48   single_session = DISABLED
2014-07-29 18:59:48   push_peer_info = DISABLED
2014-07-29 18:59:48   tls_exit = DISABLED
2014-07-29 18:59:48   tls_auth_file = '[UNDEF]'
2014-07-29 18:59:48   client = ENABLED
2014-07-29 18:59:48   pull = ENABLED
2014-07-29 18:59:48   auth_user_pass_file = '[UNDEF]'
2014-07-29 18:59:48 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_615-c430ab0e0cef9994] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Jun 24 2014
2014-07-29 18:59:48 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
2014-07-29 18:59:48 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-07-29 18:59:48 MANAGEMENT: CMD 'hold release'
2014-07-29 18:59:55 MANAGEMENT: CMD 'bytecount 2'
2014-07-29 18:59:55 MANAGEMENT: CMD 'state on'
2014-07-29 18:59:55 MANAGEMENT: CMD 'proxy NONE'
2014-07-29 18:59:56 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-07-29 18:59:56 LZO compression initializing
2014-07-29 18:59:56 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-07-29 18:59:56 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-07-29 18:59:56 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-07-29 18:59:56 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-07-29 18:59:56 Local Options hash (VER=V4): '41690919'
2014-07-29 18:59:56 Expected Remote Options hash (VER=V4): '530fdded'
2014-07-29 18:59:56 TCP/UDP: Preserving recently used remote address: [AF_INET]91.17.25.199:1194
2014-07-29 18:59:56 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-07-29 18:59:56 Protecting socket fd 4
2014-07-29 18:59:56 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-07-29 18:59:56 UDP link local: (not bound)
2014-07-29 18:59:56 UDP link remote: [AF_INET]91.17.25.199:1194
2014-07-29 18:59:56 MANAGEMENT: >STATE:1406653196,WAIT,,,
2014-07-29 19:00:56 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-07-29 19:00:56 TLS Error: TLS handshake failed
2014-07-29 19:00:56 TCP/UDP: Closing socket
2014-07-29 19:00:56 SIGUSR1[soft,tls-error] received, process restarting
2014-07-29 19:00:56 MANAGEMENT: >STATE:1406653256,RECONNECTING,tls-error,,
2014-07-29 19:00:56 MANAGEMENT: CMD 'hold release'
2014-07-29 19:00:56 MANAGEMENT: CMD 'bytecount 2'
2014-07-29 19:00:56 MANAGEMENT: CMD 'state on'
2014-07-29 19:00:56 MANAGEMENT: CMD 'proxy NONE'
2014-07-29 19:00:57 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-07-29 19:00:57 LZO compression initializing
2014-07-29 19:00:57 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-07-29 19:00:57 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-07-29 19:00:57 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-07-29 19:00:57 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-07-29 19:00:57 Local Options hash (VER=V4): '41690919'
2014-07-29 19:00:57 Expected Remote Options hash (VER=V4): '530fdded'
2014-07-29 19:00:57 TCP/UDP: Preserving recently used remote address: [AF_INET]91.17.25.199:1194
2014-07-29 19:00:57 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-07-29 19:00:57 Protecting socket fd 4
2014-07-29 19:00:57 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-07-29 19:00:57 UDP link local: (not bound)
2014-07-29 19:00:57 UDP link remote: [AF_INET]91.17.25.199:1194
2014-07-29 19:00:57 MANAGEMENT: >STATE:1406653257,WAIT,,,
2014-07-29 19:01:57 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-07-29 19:01:58 TLS Error: TLS handshake failed
2014-07-29 19:01:58 TCP/UDP: Closing socket
2014-07-29 19:01:58 SIGUSR1[soft,tls-error] received, process restarting
2014-07-29 19:01:58 MANAGEMENT: >STATE:1406653317,RECONNECTING,tls-error,,
2014-07-29 19:01:58 MANAGEMENT: CMD 'hold release'
2014-07-29 19:01:58 MANAGEMENT: CMD 'bytecount 2'
2014-07-29 19:01:58 MANAGEMENT: CMD 'state on'
2014-07-29 19:01:58 MANAGEMENT: CMD 'proxy NONE'
2014-07-29 19:01:59 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-07-29 19:01:59 LZO compression initializing
2014-07-29 19:01:59 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-07-29 19:01:59 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-07-29 19:01:59 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-07-29 19:01:59 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-07-29 19:01:59 Local Options hash (VER=V4): '41690919'
2014-07-29 19:01:59 Expected Remote Options hash (VER=V4): '530fdded'
2014-07-29 19:01:59 TCP/UDP: Preserving recently used remote address: [AF_INET]91.17.25.199:1194
2014-07-29 19:01:59 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-07-29 19:01:59 Protecting socket fd 4
2014-07-29 19:01:59 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-07-29 19:01:59 UDP link local: (not bound)
2014-07-29 19:01:59 UDP link remote: [AF_INET]91.17.25.199:1194
2014-07-29 19:01:59 MANAGEMENT: >STATE:1406653319,WAIT,,,
2014-07-29 19:02:59 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-07-29 19:02:59 TLS Error: TLS handshake failed
2014-07-29 19:02:59 TCP/UDP: Closing socket
2014-07-29 19:02:59 SIGUSR1[soft,tls-error] received, process restarting
2014-07-29 19:02:59 MANAGEMENT: >STATE:1406653379,RECONNECTING,tls-error,,
2014-07-29 19:02:59 MANAGEMENT: CMD 'hold release'
2014-07-29 19:02:59 MANAGEMENT: CMD 'bytecount 2'
2014-07-29 19:02:59 MANAGEMENT: CMD 'state on'
2014-07-29 19:02:59 MANAGEMENT: CMD 'proxy NONE'
2014-07-29 19:03:00 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-07-29 19:03:00 LZO compression initializing
2014-07-29 19:03:00 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2014-07-29 19:03:00 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-07-29 19:03:00 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2014-07-29 19:03:00 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2014-07-29 19:03:00 Local Options hash (VER=V4): '41690919'
2014-07-29 19:03:00 Expected Remote Options hash (VER=V4): '530fdded'
2014-07-29 19:03:00 TCP/UDP: Preserving recently used remote address: [AF_INET]91.17.25.199:1194
2014-07-29 19:03:00 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-07-29 19:03:00 Protecting socket fd 4
2014-07-29 19:03:00 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-07-29 19:03:00 UDP link local: (not bound)
2014-07-29 19:03:00 UDP link remote: [AF_INET]91.17.25.199:1194
2014-07-29 19:03:00 MANAGEMENT: >STATE:1406653380,WAIT,,,

Eingerichtet habe ich meinen VPN-Server nach dieser Anleitung:

http://www.datenreise.de/raspberry-pi-v ... anleitung/

Der Raspberry ist über ein Netzwerkkabel mit meinem Router (Speedport W921V) verbunden, und den Port 1194 habe ich auch frei geschaltet.

Wird jemand von euch aus dem Logfile schlau und kann mir einen Tipp geben wo dran es liegt?

Vielen Dank schon mal.

[ericle]

Hi

Probiere erstmal anstatt Port 1194 wieder auf den Standard 443 zu gehen. Diesen auch auf der Fritz erlauen TCP und UDP.

[vrabac]

Habe ich gerade getestet und hat leider auch nicht funktioniert könnte es an IP-Tables liegen?

Kann man da irgend welche Protokolle aktivieren?

Syslog scheint irgendwie nicht zu laufen.

[ericle]

iptables -L zeigt dir die Regeln

[gbotti]

Hi.

Hast du bei deinem Router auch UDP als Protokoll für die Portfreigabe eingestellt?

2014-07-29 19:01:59 UDP link remote: [AF_INET]91.17.25.199:1194

[vrabac]

Ja die Portweiterleitung ist eingerichtet.




Aber es funktioniert trotzdem nicht.

[Paddie]

Kurz und knapp...du kannst dich, wenn du einen Speedport hast, nicht aus dem internen Netz über die externe IP auf einen Rechner im internen Netz verbinden. Ich habs nachher so gemacht, dass ich das Handy als Modem geholt hab.

[vrabac]

Das der Speedport W921V kein NAT-Loopback unterstützt wusste ich bereits, die Verbindungsversuche habe ich jeweils (mit einer Ausnahme bei der ich den Tunnel lokal aufgebaut habe) über mein Smartphone hergestellt, bzw. ich habe zuerst bei meinem Smartphone die Datenverbindung ins Internet über UMTS hergestellt und dann den Hotspot am Handy aktiviert. Anschließend habe ich mich mit meinem Android-Tablet über das Smartphone mit dem Internet verbunden.

Es muss irgend einen anderen Grund haben, dass die Verbindung scheitert - ich vermute, dass es an der Zuteilung der IP-Adressen im VPN-Tunnel hapert.

Der DHCP-Server im Speedport hat einen Range von 192.168.1.2 - 192.168.1.50

Der Raspberry-PI hat die feste interne IP-Adresse 192.168.1.240 - dafür habe ich auch ein IP-Forwarding auf dem Port 1194 im Router eingerichtet - so langsam weiß ich nicht mehr weiter und bin kurz vorm aufgeben.

[gbotti]

Mach doch mal einfach folgendes:

Code: Alles auswählen

iptables -F

Das sollte alle Rules löschen. Die Policies sind ja schon auf accept.

Dann prüfe bitte nochmal, ob du das Forwarding im Router mit UDP und nicht mit TCP eingestellt hast! Das hast du noch nirgends bestätigt bzw. du bist nicht darauf eingegangen.

Mach doch auch mal nen Screenshot von deinen Routereinstellungen...

[vrabac]

So sieht die Definition der Portweiterleitungen aus, die Weiterleitungen auf 192.168.1.220 und 192.168.1.210 sind Weiterleitungen auf mein NAS sowie auf meine Telefonalage von Auerswald - die sollten nach eigentlich nach der VPN-Einrichtung wegfallen....

Code: Alles auswählen

iptables -F

brachte leider auch keine Besserung

[gbotti]

OK. Das sieht ja eigentlich ganz gut aus.

Wie sieht denn die Client- und die Server-Config aus?

Eventuell solltest du mal versuchen über einen anderen Internetanschluss eine VPN-Verbindung aufzubauen. UMTS lässt manchmal nicht alles durch, je nachdem welchen Provider du hast...

Ich gehe davon aus, dass der Speedport aktualisiert ist und schon mal neu gestartet wurde...

[vrabac]

Mein Provider für Festnetz ist die Telekom, für mein Handy habe ich eine Datenoption von Congstar (also auch Telekom)

client1.ovpn:

Code: Alles auswählen

dev tun
client
proto udp
remote holger-spatz.selfhost.eu  1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

eine "server.conf" habe ich nicht nur eine "/etc/openvpn/openvpn.conf"