[2022-12-29 15:55:49][INFO] : Lancement openvpn : sudo openvpn --config /tmp/jeedom/openvpn/openvpn_166.ovpn >> /var/www/html/core/class/../../log/openvpn_DNS_Jeedom 2>&1 &
Thu Dec 29 15:55:49 2022 WARNING: file '/tmp/jeedom/openvpn/openvpn_auth_RWBysNSiIH3Olebu2MOs3BfJRpQ55w.conf' is group or others accessible
Thu Dec 29 15:55:49 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
Thu Dec 29 15:55:49 2022 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
Thu Dec 29 15:55:49 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Dec 29 15:55:49 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]135.125.10.213:1200
Thu Dec 29 15:55:49 2022 UDP link local: (not bound)
Thu Dec 29 15:55:49 2022 UDP link remote: [AF_INET]135.125.10.213:1200
Thu Dec 29 15:55:49 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Dec 29 15:55:49 2022 VERIFY OK: depth=1, C=FR, ST=IDF, L=Paris, O=jeedom.com, OU=jeedom.com, CN=jeedom.com CA, name=jeedom, emailAddress=postmaster@jeedom.com
Thu Dec 29 15:55:49 2022 VERIFY OK: depth=0, C=FR, ST=IDF, L=Paris, O=jeedom.com, OU=jeedom.com, CN=server, name=jeedom, emailAddress=postmaster@jeedom.com
Thu Dec 29 15:55:49 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1342'
Thu Dec 29 15:55:49 2022 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1300'
Thu Dec 29 15:55:49 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 1024 bit RSA
Thu Dec 29 15:55:49 2022 [server] Peer Connection Initiated with [AF_INET]135.125.10.213:1200
Thu Dec 29 15:55:50 2022 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Dec 29 15:55:50 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 29 15:55:50 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 29 15:55:50 2022 TUN/TAP device tun0 opened
Thu Dec 29 15:55:50 2022 /sbin/ip link set dev tun0 up mtu 1500
Thu Dec 29 15:55:50 2022 /sbin/ip addr add dev tun0 local 10.15.43.2 peer 10.15.43.1
Thu Dec 29 15:55:51 2022 Initialization Sequence Completed
Est-ce normal
Mon systeme :
Système à jour
OK
Cron actif
OK
Scénario actif
OK
Démarré
OK 2022-12-29 15:29:03
Date système (dernière heure enregistrée)
OK 2022-12-29 16:22:34 (2022-12-29 15:57:02)
Droits sudo
OK
Version Jeedom
4.3.12
Version OS
debian 10.13
Version PHP
7.3.31-1~deb10u2
Apache
11
Version OS
Linux JeeBox 5.15.80-rockchip64 #22.11.1 SMP PREEMPT Wed Nov 30 11:12:47 UTC 2022 aarch64 GNU/Linux [10.13]
Version database
10.3.36-MariaDB-0+deb10u2
Espace disque libre
82 %
Connexion active/max/autorisée
15/25/151
Espace disque libre tmp
99 %
Mémoire disponible
83 % (Total 3864 Mo)
Mémoire suffisante
0
Erreur I/O
0
Swap disponible
100 % (Total 1932 Mo)
Swapiness
100 %
Charge
0.3 - 0.2 - 0.15
Configuration réseau interne
OK
Configuration réseau externe
OK
Persistance du cache
OK (2022-12-29 16:00:04)
Apache private tmp
OK
Plugins
OK
Jeedom 4.3.12
PhP 7.3.31-1~deb10u2
Linux JeeBox 5.15.80-rockchip64 #22.11.1 SMP PREEMPT Wed Nov 30 11:12:47 UTC 2022 aarch64 GNU/Linux [10.13]
OS
Bonjour,
Et à part cette remontrance, as tu eu une réponse ailleurs ou trouvé ce que c’est car j’ai constaté la même chose dans le log openvpn_DNS_Jeedom ?
0128|Sun Jan 8 08:07:47 2023 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1342'
0129|Sun Jan 8 08:07:47 2023 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1300'
0130|Sun Jan 8 08:07:47 2023 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
0131|Sun Jan 8 08:07:47 2023 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
0132|Sun Jan 8 08:07:47 2023 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 1024 bit RSA
0133|Sun Jan 8 09:01:58 2023 VERIFY OK: depth=1, C=FR, ST=IDF, L=Paris, O=jeedom.com, OU=jeedom.com, CN=jeedom.com CA, name=jeedom, emailAddress=postmaster@jeedom.com
0134|Sun Jan 8 09:01:58 2023 VERIFY OK: depth=0, C=FR, ST=IDF, L=Paris, O=jeedom.com, OU=jeedom.com, CN=server, name=jeedom, emailAddress=postmaster@jeedom.com
Merci de cette confirmation. Si j’ai bien compris c’est une histoire de clé de cryptage qui n’est plus supportée. Si ça marche bien c’est qu’elle ne doit pas être utile pour jeedom, une petite modif pour empêcher les messages d’alerte de remonter en log aurait été judicieuse pour garder la pertinence des logs.
Mais il y a surement plein d’autres priorités qui sont elles plus impactantes à gérer.
Si tu veux vraiment modifier la conf (à tes risques et périls), c’est dans le fichier /var/www/html/plugins/openvpn/core/config/openvpn.client.tmpl.ovpn
Il faut que tu ajoutes :
tun-mtu 1300
mais sincèrement, on vit très bien avec ces warning
[2023-01-11 16:13:22]INFO : Lancement openvpn : sudo openvpn --config /tmp/jeedom/openvpn/openvpn_166.ovpn >> /var/www/html/core/class/../../log/openvpn_DNS_Jeedom 2>&1 & 2023-01-11 16:13:22 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2023-01-11 16:13:22 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. 2023-01-11 16:13:22 WARNING: file '/tmp/jeedom/openvpn/openvpn_auth_RWBysNSiIH3Olebu2MOs3BfJRpQ55w.conf' is group or others accessible 2023-01-11 16:13:22 OpenVPN 2.5.1 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2023-01-11 16:13:22 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2023-01-11 16:13:22 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-01-11 16:13:22 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1300) 2023-01-11 16:13:22 TCP/UDP: Preserving recently used remote address: [AF_INET]135.125.10.213:1200 2023-01-11 16:13:22 UDP link local: (not bound) 2023-01-11 16:13:22 UDP link remote: [AF_INET]135.125.10.213:1200 2023-01-11 16:13:22 VERIFY **OK**: depth=1, C=FR, ST=IDF, L=Paris, O=jeedom.com, OU=jeedom.com, CN=jeedom.com CA, name=jeedom, emailAddress=postmaster@jeedom.com 2023-01-11 16:13:22 VERIFY **OK**: depth=0, C=FR, ST=IDF, L=Paris, O=jeedom.com, OU=jeedom.com, CN=server, name=jeedom, emailAddress=postmaster@jeedom.com 2023-01-11 16:13:22 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 1024 bit RSA 2023-01-11 16:13:22 [server] Peer Connection Initiated with [AF_INET]135.125.10.213:1200 2023-01-11 16:13:23 Data Channel: using negotiated cipher 'AES-256-GCM' 2023-01-11 16:13:23 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-01-11 16:13:23 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-01-11 16:13:23 TUN/TAP device tun0 opened 2023-01-11 16:13:23 net_iface_mtu_set: mtu 1300 for tun0 2023-01-11 16:13:23 net_iface_up: set tun0 up 2023-01-11 16:13:23 net_addr_ptp_v4_add: 10.15.43.2 peer 10.15.43.1 dev tun0 2023-01-11 16:13:23 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2023-01-11 16:13:23 Initialization Sequence Completed
Bonjour
sur un des jeedom avec DNS jeedom j’ai le meme problème dans les logs. je fais du push sur ce jeedom et parfois ca bloque, et je viens de remarquer que ca correspondait niveau timing avec mes envois push en echec vers ce jeedom.
Est ce que ces logs apparaissent en cas de coupure reseau ?