Problema Open VPN

throel

Galera bom dia ja estou a 4 dias tentando fazer a openvpn subir mais ela nao sobe, aparece apenas o status reconecting, restart algo assim ai esta o logs do client side.

Nov 21 11:34:28	openvpn[75941]: Inactivity timeout (--ping-restart), restarting
Nov 21 11:34:28	openvpn[75941]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 21 11:34:30	openvpn[75941]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 21 11:34:30	openvpn[75941]: Re-using pre-shared static key
Nov 21 11:34:31	openvpn[75941]: Preserving previous TUN/TAP instance: ovpnc1
Nov 21 11:34:31	openvpn[75941]: UDPv4 link local (bound): [AF_INET]189.**.**.***
Nov 21 11:34:31	openvpn[75941]: UDPv4 link remote: [AF_INET]179.***.***.**:9876
Nov 21 11:35:31	openvpn[75941]: Inactivity timeout (--ping-restart), restarting
Nov 21 11:35:31	openvpn[75941]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 21 11:35:33	openvpn[75941]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 21 11:35:33	openvpn[75941]: Re-using pre-shared static key
Nov 21 11:35:34	openvpn[75941]: Preserving previous TUN/TAP instance: ovpnc1
Nov 21 11:35:34	openvpn[75941]: UDPv4 link local (bound): [AF_INET]189.**.**.***
Nov 21 11:35:34	openvpn[75941]: UDPv4 link remote: [AF_INET]179.***.***.***:9876

E aqui o log do servidor :

Nov 21 11:27:01	kernel: in /boot/loader.conf.
Nov 21 11:27:01	kernel: ZFS filesystem version 5
Nov 21 11:27:01	kernel: ZFS storage pool version 28
Nov 21 11:27:01	kernel: bge0: link state changed to DOWN
Nov 21 11:27:01	check_reload_status: Linkup starting bge0
Nov 21 11:27:02	check_reload_status: Linkup starting bge0
Nov 21 11:27:02	kernel: bge0: link state changed to UP
Nov 21 11:27:03	check_reload_status: rc.newwanip starting bge0
Nov 21 11:27:03	php: rc.bootup: Accept router advertisements on interface bge0
Nov 21 11:27:04	php: rc.bootup: Resyncing OpenVPN instances.
Nov 21 11:27:04	rtsold[15530]: <rtsock_input_ifannounce> interface tun1 removed
Nov 21 11:27:04	kernel: tun1: changing name to 'ovpnc1'
Nov 21 11:27:04	kernel: pflog0: promiscuous mode enabled
Nov 21 11:27:05	php: rc.newwanip: rc.newwanip: Informational is starting bge0.
Nov 21 11:27:05	php: rc.newwanip: rc.newwanip: on (IP address: 189.**.**.***) (interface: wan) (real interface: bge0).
Nov 21 11:27:05	php: rc.newwanip: ROUTING: setting default route to 189.**.**.*
Nov 21 11:27:08	php: rc.bootup: ROUTING: setting default route to 189.**.**.*
Nov 21 11:27:08	check_reload_status: Updating all dyndns
Nov 21 11:27:09	kernel: ovpnc1: link state changed to UP
Nov 21 11:27:09	check_reload_status: rc.newwanip starting ovpnc1
Nov 21 11:27:12	php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1.
Nov 21 11:27:12	php: rc.newwanip: rc.newwanip: on (IP address: 192.*.***.*) (interface: ) (real interface: ovpnc1).
Nov 21 11:27:12	check_reload_status: Reloading filter
Nov 21 11:27:12	php: rc.newwanip: pfSense package system has detected an ip change -> 192.***.***.* ... Restarting packages.
Nov 21 11:27:12	check_reload_status: Starting packages
Nov 21 11:27:13	php: rc.newwanip: Resyncing OpenVPN instances for interface WAN.
Nov 21 11:27:13	kernel: ovpnc1: link state changed to DOWN
Nov 21 11:27:13	php: rc.bootup: Creating rrd update script
Nov 21 11:27:13	syslogd: exiting on signal 15
Nov 21 11:27:13	syslogd: kernel boot file is /boot/kernel/kernel
Nov 21 11:27:13	php: rc.newwanip: Creating rrd update script
Nov 21 11:27:13	kernel: ovpnc1: link state changed to UP
Nov 21 11:27:13	php: rc.start_packages: Restarting/Starting all packages.
Nov 21 11:27:13	check_reload_status: rc.newwanip starting ovpnc1
Nov 21 11:27:14	php: rc.start_packages: Restarting/Starting all packages.
Nov 21 11:27:15	login: login on ttyv0 as root
Nov 21 11:27:15	sshlockout[87408]: sshlockout/webConfigurator v3.0 starting up
Nov 21 11:27:15	php: rc.newwanip: pfSense package system has detected an ip change 189.**.**.*** -> 189.**.**.*** ... Restarting packages.
Nov 21 11:27:16	php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1.
Nov 21 11:27:16	php: rc.newwanip: rc.newwanip: on (IP address: 192.168.204.2) (interface: ) (real interface: ovpnc1).
Nov 21 11:27:16	php: rc.newwanip: pfSense package system has detected an ip change -> 192.168.204.2 ... Restarting packages.
Nov 21 11:27:21	php: rc.start_packages: Restarting/Starting all packages.
Nov 21 11:30:17	php: /status_openvpn.php: Successful login for user 'admin' from: 192.168.0.10
Nov 21 11:30:17	php: /status_openvpn.php: Successful login for user 'admin' from: 192.168.0.10
Nov 21 11:33:55	syslogd: exiting on signal 15
Nov 21 11:33:55	syslogd: kernel boot file is /boot/kernel/kernel
Nov 21 11:47:09	php: /index.php: User logged out for user 'admin' from: 192.168.0.10
Nov 21 11:47:15	php: /index.php: Successful login for user 'admin' from: 192.168.0.10
Nov 21 11:47:15	php: /index.php: Successful login for user 'admin' from: 192.168.0.10
Nov 21 11:47:15	sshlockout[86556]: sshlockout/webConfigurator v3.0 starting up</rtsock_input_ifannounce>

Eu so novo no Pfsense e segui um tutorial a risca que o cara funfo no meu não.

Att

kelsen

Esse daí é o log do sistema, não do openVPN (status -> system log -> openVPN). Pelo log parece que não é problema de firewall, a vpn chegou a funcionar alguma vez?  o servidor ta escutando na porta 9876 ?

throel

Ele fica so se conectando e desconectando com o seguinte erro:
openvpn connection timing out - > reconnecting; ping-restart

Eu dei um ping -t ele chega a se conectar mais desconecta sozinho.

<

kelsen

Verifica se os dois estão usando compressão, provavelmente vc deixou de configurar em um dos dois.

throel

Desculpe a demora, verifiquei agora e continua a mesma coisa:

Log do sistema Filial:

Nov 30 18:27:52 	openvpn[63241]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Nov 30 18:27:52 	openvpn[63241]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 30 18:27:54 	openvpn[63241]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 30 18:27:54 	openvpn[63241]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 30 18:27:54 	openvpn[63241]: UDPv4 link local (bound): [AF_INET]192.168.10.11
Nov 30 18:27:54 	openvpn[63241]: UDPv4 link remote: [AF_INET]***.***.136.239:1194

E do lado da matriz o system log da openvpn aparece isso:

Nov 30 18:31:36 	openvpn[1559]: event_wait : Interrupted system call (code=4)
Nov 30 18:31:36 	openvpn[1559]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1542 10.0.8.1 10.0.8.2 init
Nov 30 18:31:36 	openvpn[1559]: SIGTERM[hard,] received, process exiting
Nov 30 18:31:36 	openvpn[83413]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
Nov 30 18:31:36 	openvpn[83413]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Nov 30 18:31:36 	openvpn[83413]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 30 18:31:36 	openvpn[83413]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Nov 30 18:31:36 	openvpn[83413]: TUN/TAP device ovpns1 exists previously, keep at program end
Nov 30 18:31:36 	openvpn[83413]: TUN/TAP device /dev/tun1 opened
Nov 30 18:31:36 	openvpn[83413]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Nov 30 18:31:36 	openvpn[83413]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
Nov 30 18:31:36 	openvpn[83413]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1542 10.0.8.1 10.0.8.2 init
Nov 30 18:31:36 	openvpn[83413]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Nov 30 18:31:36 	openvpn[85334]: UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
Nov 30 18:31:36 	openvpn[85334]: UDPv4 link remote: [undef]

O Status da filial ta sempre DOWN, eu deixei um ping - t no ip da rede da matriz e em algum momento ele pinga, porem  cai logo sem seguida.

kelsen

Ta dizendo que deu problema na configuração de rota, posta sua configuração do openVPN.

throel

E como eu posto isso ? onde fica?

kelsen

Ué, não estou te entendendo, você não configurou o openVPN em VPN -> openVPN ? só precisa tirar um print e postar aqui.

throel

Resolvido, era a porcaria do modem da net.

FabianVitali

Olá throel, edite a primeira postagem do seu tópico e coloque [RESOLVIDO] no
final do título pois ajuda os demais membros em uma futura pesquisa.