Hallo liebe Forumgemeinde,
ich stehe aktuell vor folgendem Problem.
Hbe die DS916+ über DSM als OpenVPN Server konfiguriert. Config exportiert und dem Client zugefügt.
Die Verbindung kommt zustande, bricht jedoch fast im Minutentakt wieder ab.
Ist euch so etwas vielleicht bekannt.
Anbei ein Auszu aus dem LOG:
Sun Sep 17 16:02:53 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Sun Sep 17 16:02:53 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Sep 17 16:02:53 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Sun Sep 17 16:02:58 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 17 16:02:58 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:02:58 2017 Attempting to establish TCP connection with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [nonblock]
Sun Sep 17 16:02:59 2017 TCP connection established with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xx
Sun Sep 17 16:02:59 2017 TCPv6_CLIENT link local: (not bound)
Sun Sep 17 16:02:59 2017 TCPv6_CLIENT link remote: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:02:59 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Sep 17 16:02:59 2017 [synology.com] Peer Connection Initiated with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:03:01 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:03:01 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:03:01 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Sun Sep 17 16:03:01 2017 open_tun
Sun Sep 17 16:03:01 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}.tap
Sun Sep 17 16:03:01 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Sep 17 16:03:01 2017 Successful ARP Flush on interface [16] {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}
Sun Sep 17 16:03:01 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Sep 17 16:03:06 2017 Initialization Sequence Completed
Sun Sep 17 16:05:11 2017 read TCPv6_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Sun Sep 17 16:05:11 2017 Connection reset, restarting [-1]
Sun Sep 17 16:05:11 2017 SIGUSR1[soft,connection-reset] received, process restarting
Sun Sep 17 16:05:16 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 17 16:05:16 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxx
Sun Sep 17 16:05:16 2017 Attempting to establish TCP connection with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [nonblock]
Sun Sep 17 16:05:17 2017 TCP connection established with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxx
Sun Sep 17 16:05:17 2017 TCPv6_CLIENT link local: (not bound)
Sun Sep 17 16:05:17 2017 TCPv6_CLIENT link remote: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:05:17 2017 [synology.com] Peer Connection Initiated with [AF_INET6]2a00:61e0:4045:d301:211:32ff:fe69:bf37:13245
Sun Sep 17 16:05:19 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:05:19 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:05:19 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Sun Sep 17 16:05:19 2017 open_tun
Sun Sep 17 16:05:19 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}.tap
Sun Sep 17 16:05:19 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.10/255.255.255.252 on interface {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28} [DHCP-serv: 10.8.0.9, lease-time: 31536000]
Sun Sep 17 16:05:19 2017 Successful ARP Flush on interface [16] {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}
Sun Sep 17 16:05:19 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Die öffentliche IPV6 ist jeweils mit xxx versehen.
Vielen Dank für eure Lösungsansätze!!!!
ich stehe aktuell vor folgendem Problem.
Hbe die DS916+ über DSM als OpenVPN Server konfiguriert. Config exportiert und dem Client zugefügt.
Die Verbindung kommt zustande, bricht jedoch fast im Minutentakt wieder ab.
Ist euch so etwas vielleicht bekannt.
Anbei ein Auszu aus dem LOG:
Sun Sep 17 16:02:53 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jul 14 2017
Sun Sep 17 16:02:53 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Sep 17 16:02:53 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Sun Sep 17 16:02:58 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 17 16:02:58 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:02:58 2017 Attempting to establish TCP connection with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [nonblock]
Sun Sep 17 16:02:59 2017 TCP connection established with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xx
Sun Sep 17 16:02:59 2017 TCPv6_CLIENT link local: (not bound)
Sun Sep 17 16:02:59 2017 TCPv6_CLIENT link remote: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:02:59 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Sep 17 16:02:59 2017 [synology.com] Peer Connection Initiated with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:03:01 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:03:01 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:03:01 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Sun Sep 17 16:03:01 2017 open_tun
Sun Sep 17 16:03:01 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}.tap
Sun Sep 17 16:03:01 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Sep 17 16:03:01 2017 Successful ARP Flush on interface [16] {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}
Sun Sep 17 16:03:01 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Sep 17 16:03:06 2017 Initialization Sequence Completed
Sun Sep 17 16:05:11 2017 read TCPv6_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Sun Sep 17 16:05:11 2017 Connection reset, restarting [-1]
Sun Sep 17 16:05:11 2017 SIGUSR1[soft,connection-reset] received, process restarting
Sun Sep 17 16:05:16 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Sep 17 16:05:16 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxx
Sun Sep 17 16:05:16 2017 Attempting to establish TCP connection with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx [nonblock]
Sun Sep 17 16:05:17 2017 TCP connection established with [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxx
Sun Sep 17 16:05:17 2017 TCPv6_CLIENT link local: (not bound)
Sun Sep 17 16:05:17 2017 TCPv6_CLIENT link remote: [AF_INET6]xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Sun Sep 17 16:05:17 2017 [synology.com] Peer Connection Initiated with [AF_INET6]2a00:61e0:4045:d301:211:32ff:fe69:bf37:13245
Sun Sep 17 16:05:19 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:05:19 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sun Sep 17 16:05:19 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Sun Sep 17 16:05:19 2017 open_tun
Sun Sep 17 16:05:19 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}.tap
Sun Sep 17 16:05:19 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.10/255.255.255.252 on interface {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28} [DHCP-serv: 10.8.0.9, lease-time: 31536000]
Sun Sep 17 16:05:19 2017 Successful ARP Flush on interface [16] {1DFE4413-7DD7-45E6-B3CB-50A46CF33A28}
Sun Sep 17 16:05:19 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Die öffentliche IPV6 ist jeweils mit xxx versehen.
Vielen Dank für eure Lösungsansätze!!!!