This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN geht nicht mehr

Gallo zusammen,

ich musste meine UTM wegen Hardwareschade erneuern. konnte dann Glücklicherweise ein nicht mehr ganz aktuelles Backup einspielen. Nach etwas hin und her geht nun auch wieder alles bis auf den SSL VPN und hier eine Verbindung auf zu bauen. Habe schon die CA der UTM neu erstellen lassen zig mal das neue Config file Runter geladen bekomme aber immer einen Zertifikats Error. Ich weiß nun nach 2 Monaten echt nicht mehr weiter.

Hier das SSL-VPN Log:

2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8660]: SIGTERM[hard,] received, process exiting
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8660]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_DOWN status=0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8660]: Closing TUN/TAP interface
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8660]: /bin/ip addr del dev tun0 192.168.198.1/24
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: Current Parameter Settings:
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: config = '/etc/openvpn/openvpn.conf'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mode = 1
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: persist_config = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: persist_mode = 1
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: show_ciphers = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: show_digests = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: show_engines = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: genkey = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: key_pass_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: show_tls_ciphers = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: Connection profiles [default]:
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: proto = tcp
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: local = '192.168.XXX.XXX'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: local_port = 8080
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_port = 1194
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_float = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: bind_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: bind_local = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: connect_retry_seconds = 5
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: connect_timeout = 10
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: connect_retry_max = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu = 1500
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: link_mtu = 1500
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: link_mtu_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu_extra = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu_extra_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mtu_discover_type = -1
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: fragment = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mssfix = 1450
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: explicit_exit_notification = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: Connection profiles [0]:
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: proto = tcp-server
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: local = '192.168.XXX.XXX'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: local_port = 8080
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_port = 1194
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_float = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: bind_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: bind_local = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: connect_retry_seconds = 5
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: connect_timeout = 10
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: connect_retry_max = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu = 1500
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu_defined = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: link_mtu = 1500
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: link_mtu_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu_extra = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_mtu_extra_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mtu_discover_type = -1
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: fragment = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mssfix = 1450
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: explicit_exit_notification = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: Connection profiles END
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_random = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ipchange = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: dev = 'tun'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: dev_type = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: dev_node = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: lladdr = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: topology = 3
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tun_ipv6 = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_local = '192.168.198.1'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_remote_netmask = '255.255.255.0'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_noexec = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_nowarn = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_ipv6_local = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_ipv6_netbits = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_ipv6_remote = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: shaper = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mtu_test = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mlock = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: keepalive_ping = 10
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: keepalive_timeout = 120
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: inactivity_timeout = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ping_send_timeout = 10
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ping_rec_timeout = 240
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ping_rec_timeout_action = 2
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ping_timer_remote = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remap_sigusr1 = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: persist_tun = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: persist_local_ip = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: persist_remote_ip = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: persist_key = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: passtos = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: resolve_retry_seconds = 1000000000
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: username = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: groupname = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: chroot_dir = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: cd_dir = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: writepid = '/var/run/openvpn.pid'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: up_script = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: down_script = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: down_pre = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: up_restart = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: up_delay = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: daemon = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: inetd = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: log = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: suppress_timestamps = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: nice = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: verbosity = 6
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mute = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: gremlin = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: status_file = '/var/run/openvpn-status.log'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: status_file_version = 1
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: status_file_update_freq = 60
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: occ = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: rcvbuf = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: sndbuf = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mark = 4458
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: sockflags = 1
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: fast_io = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: lzo = 7
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_script = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_default_gateway = '192.168.198.1'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_default_metric = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_noexec = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_delay = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_delay_window = 30
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_delay_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_nopull = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: route_gateway_via_dhcp = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: allow_pull_fqdn = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_addr = '/var/run/openvpn_mgmt'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_port = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_user_pass = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_log_history_cache = 250
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_echo_buffer_size = 100
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_write_peer_info_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_client_user = 'root'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_client_group = 'root'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: management_flags = 256
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: plugin[0] /usr/lib/openvpn/plugins/openvpn-plugin-utm.so '[/usr/lib/openvpn/plugins/openvpn-plugin-utm.so]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: shared_secret_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: key_direction = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ciphername_defined = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ciphername = 'AES-256-CBC'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: authname_defined = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: authname = 'SHA512'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: prng_hash = 'SHA1'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: prng_nonce_secret_len = 16
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: keysize = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: engine = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: replay = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: mute_replay_warnings = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: replay_window = 64
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: replay_time = 15
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: packet_id_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: use_iv = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: test_crypto = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tls_server = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tls_client = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: key_method = 2
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ca_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ca_path = '/etc/openvpn/ca.d'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: dh_file = '/etc/openvpn/dh4096.local.pem'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: cert_file = '/etc/openvpn/server.crt'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: extra_certs_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: priv_key_file = '/etc/openvpn/server.key'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: pkcs12_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: cipher_list = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tls_verify = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tls_export_cert = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: verify_x509_type = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: verify_x509_name = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: crl_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ns_cert_type = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_ku[i] = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: remote_cert_eku = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ssl_flags = 2
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tls_timeout = 2
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: renegotiate_bytes = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: renegotiate_packets = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: renegotiate_seconds = 32400
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: handshake_window = 60
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: transition_window = 3600
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: single_session = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_peer_info = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tls_exit = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tls_auth_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_network = 192.168.198.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_netmask = 255.255.255.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_network_ipv6 = ::
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_netbits_ipv6 = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_bridge_ip = 0.0.0.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_bridge_netmask = 0.0.0.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_bridge_pool_start = 0.0.0.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: server_bridge_pool_end = 0.0.0.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_entry = 'route-gateway 192.168.198.1'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_entry = 'route-gateway 192.168.198.1'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_entry = 'topology subnet'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_entry = 'ping 10'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_entry = 'ping-restart 120'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_pool_defined = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_pool_start = 192.168.198.2
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_pool_end = 192.168.198.253
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_pool_netmask = 255.255.255.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_pool_persist_filename = '/var/run/ipp.txt'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_pool_persist_refresh_freq = 600
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_ipv6_pool_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_ipv6_pool_base = ::
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ifconfig_ipv6_pool_netbits = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: n_bcast_buf = 256
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tcp_queue_limit = 64
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: real_hash_size = 256
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: virtual_hash_size = 256
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: client_connect_script = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: learn_address_script = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: client_disconnect_script = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: client_config_dir = '/etc/openvpn/conf.d'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: ccd_exclusive = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: tmp_dir = '/tmp'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_ifconfig_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_ifconfig_local = 0.0.0.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_ifconfig_remote_netmask = 0.0.0.0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_ifconfig_ipv6_defined = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_ifconfig_ipv6_local = ::/0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: push_ifconfig_ipv6_remote = ::
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: enable_c2c = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: duplicate_cn = ENABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: cf_max = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: cf_per = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: max_clients = 1024
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: max_routes_per_client = 256
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: auth_user_pass_verify_script = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: auth_user_pass_verify_script_via_file = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: port_share_host = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: port_share_port = 0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: client = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: pull = DISABLED
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: auth_user_pass_file = '[UNDEF]'
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: OpenVPN 2.3.10 i686-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 29 2017
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8789]: library versions: OpenSSL 1.0.2p-fips 14 Aug 2018, LZO 2.09
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: MANAGEMENT: client_uid=0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: MANAGEMENT: client_gid=0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: MANAGEMENT: unix domain socket listening on /var/run/openvpn_mgmt
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: PLUGIN_INIT: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so '[/usr/lib/openvpn/plugins/openvpn-plugin-utm.so]' intercepted=PLUGIN_UP|PLUGIN_DOWN|PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: Diffie-Hellman initialized with 4096 bit key
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: WARNING: experimental option --capath /etc/openvpn/ca.d
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: TLS-Auth MTU parms [ L:1604 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: Socket Buffers: R=[87380->87380] S=[16384->16384]
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: TUN/TAP device tun0 opened
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: TUN/TAP TX queue length set to 100
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: /bin/ip link set dev tun0 up mtu 1500
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: /bin/ip addr add dev tun0 192.168.198.1/24 broadcast 192.168.198.255
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_UP status=0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: Data Channel MTU parms [ L:1604 D:1450 EF:104 EB:143 ET:0 EL:3 AF:3/1 ]
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: Listening for incoming TCP connection on [AF_INET]192.168.XXX.XXX:8080
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: TCPv4_SERVER link local (bound): [AF_INET]192.168.XXX.XXX:8080
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: TCPv4_SERVER link remote: [undef]
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: MULTI: multi_init called, r=256 v=256
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: IFCONFIG POOL: base=192.168.198.2 size=252, ipv6=0
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: IFCONFIG POOL LIST
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: MULTI: TCP INIT maxclients=1024 maxevents=1028
2024:05:13-16:36:37 srv-XXXXX-utm openvpn[8790]: Initialization Sequence Completed
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: MULTI: multi_create_instance called
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: Re-using SSL/TLS context
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: LZO compression initialized
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: Control Channel MTU parms [ L:1604 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: Data Channel MTU parms [ L:1604 D:1450 EF:104 EB:143 ET:0 EL:3 AF:3/1 ]
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: Local Options String: 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1604,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: Local Options hash (VER=V4): 'b20ffe30'
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: Expected Remote Options hash (VER=V4): '06d8c75c'
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: TCP connection established with [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080)
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: TCPv4_SERVER link local: [undef]
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: TCPv4_SERVER link remote: [AF_INET]84.166.XXX.XXX:53054
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER READ [14] from [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TLS: Initial packet from [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080), sid=a0fa723d 2f9e3257
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER WRITE [26] to [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
2024:05:13-16:37:05 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER READ [303] from [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_CONTROL_V1 kid=0 [ 0 ] pid=1 DATA len=277
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER WRITE [22] to [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_ACK_V1 kid=0 [ 1 ]
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER WRITE [1184] to [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=1170
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER WRITE [1184] to [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=1170
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER WRITE [371] to [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=357
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 TCPv4_SERVER READ [26] from [AF_INET]84.166.XXX.XXX:53054 (via [AF_INET]192.168.XXX.XXX:8080): P_ACK_V1 kid=0 [ 0 1 ]
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 Connection reset, restarting [0]
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: 84.166.XXX.XXX:53054 SIGUSR1[soft,connection-reset] received, client-instance restarting
2024:05:13-16:37:06 srv-XXXXX-utm openvpn[8790]: TCP/UDP: Closing socket

Und Hier die Fehlermeldung am Client, hier steht nichts im Log

Ich hoffe mir kann einer Helfen



This thread was automatically locked due to age.
Parents
  • Problem gelöst.

    Am Ende war es ein Zertifikat Mischmasch zwischen Server Zertifikat, Clint Zertifikat und auch dem Trust der neuen VPN Signing PKi auf den Endgeräten.

    Das Problem war hauptsächlich, dass die automatisch von der UTM regenerated Zertifikate einen "Bug" hatten. Diese nochmal neu ausgestellt und die neue PKi auf den iPads bekannt gegeben und nun geht es wieder.

Reply
  • Problem gelöst.

    Am Ende war es ein Zertifikat Mischmasch zwischen Server Zertifikat, Clint Zertifikat und auch dem Trust der neuen VPN Signing PKi auf den Endgeräten.

    Das Problem war hauptsächlich, dass die automatisch von der UTM regenerated Zertifikate einen "Bug" hatten. Diese nochmal neu ausgestellt und die neue PKi auf den iPads bekannt gegeben und nun geht es wieder.

Children
No Data