Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 4092 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN mit Android funktioniert nicht richtig

GL@MO

Hallo zusammen,

ich habe bei meinen Mobilgeräten das Problem, dass ich nicht auf das interne Netzwerk zugreifen kann. Geräte sind ein Z5 und ein Z4 Tablet mit der OpenVPN App.

Die VPN Verbindung wird aufgebaut und sobald ich versuche auf z.b. eine interne Webseite zuzugreifen, kommt im Log eine lange Kette von:

"read TCP_Client[]: Connection refused (code=111)"

Aus dieser Meldung und ein wenig googeln werde ich aber nicht wirklich schlau.

Jetzt mag man denken ich habe mein VPN nicht richtig konfiguriert, aber mit meinem Windows Laptop und dem SSL VPN Client funktioniert alles wunderprächtig.

Das ganze Problem existiert seit dem Update auf 9.404-5 und wurde mit 9.405 leider nicht behoben.

Hat jemand eine Idee was das sein könnte?

 



This thread was automatically locked due to age.
Parents
  • 0

    hier nochmal ein Log:
    2016-08-04 14:43:48 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-b89b098fc66488b9] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Jul 6 2016
    2016-08-04 14:43:48 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
    2016-08-04 14:43:48 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
    2016-08-04 14:43:48 MANAGEMENT: CMD 'hold release'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'username 'Auth' Username'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'bytecount 2'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'state on'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'password [...]'
    2016-08-04 14:43:48 MANAGEMENT: >STATE:1470314628,RESOLVE,,,,,,
    2016-08-04 14:43:49 MANAGEMENT: CMD 'proxy NONE'
    2016-08-04 14:43:50 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
    2016-08-04 14:43:50 LZO compression initializing
    2016-08-04 14:43:50 Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]
    2016-08-04 14:43:50 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
    2016-08-04 14:43:50 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-client'
    2016-08-04 14:43:50 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-server'
    2016-08-04 14:43:50 TCP/UDP: Preserving recently used remote address: [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:50 Socket Buffers: R=[26280->26280] S=[16384->16384]
    2016-08-04 14:43:50 Attempting to establish TCP connection with [AF_INET]MEINEEXTERNEIP:4343 [nonblock]
    2016-08-04 14:43:50 MANAGEMENT: >STATE:1470314630,TCP_CONNECT,,,,,,
    2016-08-04 14:43:50 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2016-08-04 14:43:51 TCP connection established with [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:51 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2016-08-04 14:43:51 TCP_CLIENT link local: (not bound)
    2016-08-04 14:43:51 TCP_CLIENT link remote: [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:51 MANAGEMENT: >STATE:1470314631,WAIT,,,,,,
    2016-08-04 14:43:52 MANAGEMENT: >STATE:1470314632,AUTH,,,,,,
    2016-08-04 14:43:52 TLS: Initial packet from [AF_INET]MEINEEXTERNEIP:4343, sid=105972f2 acc67284
    2016-08-04 14:43:52 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    2016-08-04 14:43:53 VERIFY OK: depth=1, C=de, L=Stadt, O=FIRMA, CN=FIRMA VPN CA, emailAddress=network@meinedomain.de
    2016-08-04 14:43:53 VERIFY OK: depth=0, C=de, L=Stadt, O=FIRMA, CN=ASTAROHOSTNAME, emailAddress=network@meinedomain.de
    2016-08-04 14:43:54 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2016-08-04 14:43:54 [ASTAROHOSTNAME] Peer Connection Initiated with [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:55 MANAGEMENT: >STATE:1470314635,GET_CONFIG,,,,,,
    2016-08-04 14:43:55 SENT CONTROL [ASTAROHOSTNAME]: 'PUSH_REQUEST' (status=1)
    2016-08-04 14:43:56 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.10,dhcp-option DNS 192.168.1.11,dhcp-option WINS 192.168.1.10,dhcp-option WINS 192.168.1.11,dhcp-option DOMAIN intern.meinedomain.de,ifconfig 10.242.2.2 255.255.255.0'
    2016-08-04 14:43:56 OPTIONS IMPORT: timers and/or timeouts modified
    2016-08-04 14:43:56 OPTIONS IMPORT: --ifconfig/up options modified
    2016-08-04 14:43:56 OPTIONS IMPORT: route options modified
    2016-08-04 14:43:56 OPTIONS IMPORT: route-related options modified
    2016-08-04 14:43:56 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    2016-08-04 14:43:56 Data Channel MTU parms [ L:1556 D:1556 EF:56 EB:406 ET:0 EL:3 ]
    2016-08-04 14:43:56 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016-08-04 14:43:56 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016-08-04 14:43:56 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016-08-04 14:43:56 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016-08-04 14:43:56 GDG: SIOCGIFHWADDR(lo) failed
    2016-08-04 14:43:56 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
    2016-08-04 14:43:56 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    2016-08-04 14:43:56 MANAGEMENT: >STATE:1470314636,ASSIGN_IP,,10.242.2.2,,,,
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
    2016-08-04 14:43:56 MANAGEMENT: >STATE:1470314636,ADD_ROUTES,,,,,,
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'ROUTE' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'DNSDOMAIN' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
    2016-08-04 14:43:56 Tun-Netzwerkinterface wird geöffnet:
    2016-08-04 14:43:56 Lokale IPv4: 10.242.2.2/24 IPv6: null MTU: 1500
    2016-08-04 14:43:56 DNS-Server: 192.168.1.10, 192.168.1.11, Domäne: intern.meinedomain.de
    2016-08-04 14:43:56 Routen: 10.242.2.0/24, 192.168.1.0/24
    2016-08-04 14:43:56 Ausgeschlossene Routen:
    2016-08-04 14:43:56 Installierte VpnService-Routen: 10.242.2.0/24, 192.168.1.0/24
    2016-08-04 14:43:56 Nicht zugelassene Apps für das VPN:
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
    2016-08-04 14:43:56 Initialization Sequence Completed
    2016-08-04 14:43:56 MANAGEMENT: >STATE:1470314636,CONNECTED,SUCCESS,10.242.2.2,MEINEEXTERNEIP,4343,10.143.21.196,46635
    2016-08-04 14:44:08 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:08 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:11 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:11 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:13 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:13 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)

    ---

Reply
  • 0

    hier nochmal ein Log:
    2016-08-04 14:43:48 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-b89b098fc66488b9] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Jul 6 2016
    2016-08-04 14:43:48 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
    2016-08-04 14:43:48 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
    2016-08-04 14:43:48 MANAGEMENT: CMD 'hold release'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'username 'Auth' Username'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'bytecount 2'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'state on'
    2016-08-04 14:43:48 MANAGEMENT: CMD 'password [...]'
    2016-08-04 14:43:48 MANAGEMENT: >STATE:1470314628,RESOLVE,,,,,,
    2016-08-04 14:43:49 MANAGEMENT: CMD 'proxy NONE'
    2016-08-04 14:43:50 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
    2016-08-04 14:43:50 LZO compression initializing
    2016-08-04 14:43:50 Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]
    2016-08-04 14:43:50 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
    2016-08-04 14:43:50 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-client'
    2016-08-04 14:43:50 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-server'
    2016-08-04 14:43:50 TCP/UDP: Preserving recently used remote address: [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:50 Socket Buffers: R=[26280->26280] S=[16384->16384]
    2016-08-04 14:43:50 Attempting to establish TCP connection with [AF_INET]MEINEEXTERNEIP:4343 [nonblock]
    2016-08-04 14:43:50 MANAGEMENT: >STATE:1470314630,TCP_CONNECT,,,,,,
    2016-08-04 14:43:50 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2016-08-04 14:43:51 TCP connection established with [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:51 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2016-08-04 14:43:51 TCP_CLIENT link local: (not bound)
    2016-08-04 14:43:51 TCP_CLIENT link remote: [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:51 MANAGEMENT: >STATE:1470314631,WAIT,,,,,,
    2016-08-04 14:43:52 MANAGEMENT: >STATE:1470314632,AUTH,,,,,,
    2016-08-04 14:43:52 TLS: Initial packet from [AF_INET]MEINEEXTERNEIP:4343, sid=105972f2 acc67284
    2016-08-04 14:43:52 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    2016-08-04 14:43:53 VERIFY OK: depth=1, C=de, L=Stadt, O=FIRMA, CN=FIRMA VPN CA, emailAddress=network@meinedomain.de
    2016-08-04 14:43:53 VERIFY OK: depth=0, C=de, L=Stadt, O=FIRMA, CN=ASTAROHOSTNAME, emailAddress=network@meinedomain.de
    2016-08-04 14:43:54 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2016-08-04 14:43:54 [ASTAROHOSTNAME] Peer Connection Initiated with [AF_INET]MEINEEXTERNEIP:4343
    2016-08-04 14:43:55 MANAGEMENT: >STATE:1470314635,GET_CONFIG,,,,,,
    2016-08-04 14:43:55 SENT CONTROL [ASTAROHOSTNAME]: 'PUSH_REQUEST' (status=1)
    2016-08-04 14:43:56 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.10,dhcp-option DNS 192.168.1.11,dhcp-option WINS 192.168.1.10,dhcp-option WINS 192.168.1.11,dhcp-option DOMAIN intern.meinedomain.de,ifconfig 10.242.2.2 255.255.255.0'
    2016-08-04 14:43:56 OPTIONS IMPORT: timers and/or timeouts modified
    2016-08-04 14:43:56 OPTIONS IMPORT: --ifconfig/up options modified
    2016-08-04 14:43:56 OPTIONS IMPORT: route options modified
    2016-08-04 14:43:56 OPTIONS IMPORT: route-related options modified
    2016-08-04 14:43:56 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    2016-08-04 14:43:56 Data Channel MTU parms [ L:1556 D:1556 EF:56 EB:406 ET:0 EL:3 ]
    2016-08-04 14:43:56 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016-08-04 14:43:56 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016-08-04 14:43:56 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016-08-04 14:43:56 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016-08-04 14:43:56 GDG: SIOCGIFHWADDR(lo) failed
    2016-08-04 14:43:56 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
    2016-08-04 14:43:56 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    2016-08-04 14:43:56 MANAGEMENT: >STATE:1470314636,ASSIGN_IP,,10.242.2.2,,,,
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
    2016-08-04 14:43:56 MANAGEMENT: >STATE:1470314636,ADD_ROUTES,,,,,,
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'ROUTE' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'DNSDOMAIN' ok'
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
    2016-08-04 14:43:56 Tun-Netzwerkinterface wird geöffnet:
    2016-08-04 14:43:56 Lokale IPv4: 10.242.2.2/24 IPv6: null MTU: 1500
    2016-08-04 14:43:56 DNS-Server: 192.168.1.10, 192.168.1.11, Domäne: intern.meinedomain.de
    2016-08-04 14:43:56 Routen: 10.242.2.0/24, 192.168.1.0/24
    2016-08-04 14:43:56 Ausgeschlossene Routen:
    2016-08-04 14:43:56 Installierte VpnService-Routen: 10.242.2.0/24, 192.168.1.0/24
    2016-08-04 14:43:56 Nicht zugelassene Apps für das VPN:
    2016-08-04 14:43:56 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
    2016-08-04 14:43:56 Initialization Sequence Completed
    2016-08-04 14:43:56 MANAGEMENT: >STATE:1470314636,CONNECTED,SUCCESS,10.242.2.2,MEINEEXTERNEIP,4343,10.143.21.196,46635
    2016-08-04 14:44:08 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:08 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:09 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:11 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:11 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:13 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:13 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)
    2016-08-04 14:44:14 read TCP_CLIENT []: Connection refused (code=111)

    ---

Children
  • 0 in reply to GL@MO

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    GL@MO found the problem and posted the solution on his similar thread in the VPN forum.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner