OpenVPN Peer to Peer reconnecting; ping-restart



  • Ola.
    tenho dois pfsense pra ligar dois locais remotos.
    Segui a configuracao indicada no site do pfSense para fazer a ligacao via OpenVPN peer to peer, todavia nao consigo faze-las conectar. No status do openvpn server nao aparece qualquer conexao. No status do openvpn cliente fica com a mensagem: reconnecting; ping-restart
    já fiz e refiz as configuracoes varias vezes e sempre fico nesse mesmo resultado.
    Espero que alguem que tenha dominio do openvpn possa me indicar alguma configuracao que possa ser feita.

    seguem as configuracoes e logs:

    infraestrutura

    server
    link a radio dedicado. (abaixo o termo "xxx.xxx.xxx.xxx" refere-se ao ip de internet do server)
    o modem cria uma rede interna na faixa 192.168.88.0/24
    o pfsense usa o ip 192.168.88.254 como externo e cria a rede interna 172.16.32.0/24

    cliente
    adsl
    o modem cria uma rede interna na faixa 192.168.30.0/24
    o pfsense usa o ip 192.168.30.254 como externo e cria a rede interna 192.168.1.0/24

    acessos nos dois pfSense estao ok (inclusive port forwarding).

    configuracoes

    server:

    
    dev ovpns1
    verb 4
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.88.254
    ifconfig 192.168.76.1 192.168.76.2
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 5
    route 192.168.1.0 255.255.255.0
    secret /var/etc/openvpn/server1.secret
    comp-lzo adaptive
    passtos
    
    

    cliente:

    
    dev ovpnc1
    verb 4
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_client1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.30.254
    lport 0
    management /var/etc/openvpn/client1.sock unix
    remote xxx.xxx.xxx.xxx 1194
    ifconfig 192.168.76.2 192.168.76.1
    route 172.16.32.0 255.255.255.0
    secret /var/etc/openvpn/client1.secret
    comp-lzo adaptive
    passtos
    resolv-retry infinite
    
    

    logs

    server

    
    Jun 30 08:13:15 pfSense openvpn[28881]: MANAGEMENT: Client disconnected
    Jun 30 08:14:17 pfSense openvpn[28881]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Jun 30 08:14:17 pfSense openvpn[28881]: MANAGEMENT: CMD 'status 2'
    Jun 30 08:14:17 pfSense openvpn[28881]: MANAGEMENT: CMD 'quit'
    Jun 30 08:14:17 pfSense openvpn[28881]: MANAGEMENT: Client disconnected
    Jun 30 08:15:18 pfSense openvpn[28881]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Jun 30 08:15:19 pfSense openvpn[28881]: MANAGEMENT: CMD 'status 2'
    Jun 30 08:15:19 pfSense openvpn[28881]: MANAGEMENT: CMD 'quit'
    Jun 30 08:15:19 pfSense openvpn[28881]: MANAGEMENT: Client disconnected
    Jun 30 08:16:20 pfSense openvpn[28881]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Jun 30 08:16:20 pfSense openvpn[28881]: MANAGEMENT: CMD 'status 2'
    Jun 30 08:16:20 pfSense openvpn[28881]: MANAGEMENT: CMD 'quit'
    Jun 30 08:16:20 pfSense openvpn[28881]: MANAGEMENT: Client disconnected
    0be45 0001f844 4100007f 116730ac 10203ac0 a80191d[more...]
    Jun 29 14:48:04 pfSense openvpn[5734]: ENCRYPT TO: 78a1c282 9fca33ca ab8f4c85 4a81e5b4 6133de20 46d04f9b 5a680d96 bb674d1[more...]
    Jun 29 14:48:04 pfSense openvpn[5734]: TCP/UDP: No outgoing address to send packet
    Jun 29 14:48:04 pfSense openvpn[5734]: TIMER: coarse timer wakeup 1 seconds
    Jun 29 14:48:04 pfSense openvpn[5734]: PO_CTL rwflags=0x0001 ev=6 arg=0x080d638c
    Jun 29 14:48:04 pfSense openvpn[5734]: PO_CTL rwflags=0x0001 ev=7 arg=0x080d5620
    Jun 29 14:48:04 pfSense openvpn[5734]: PO_CTL rwflags=0x0001 ev=5 arg=0x080d5624
    
    

    cliente:

    
    Jun 30 06:05:06 Naga openvpn[94663]: TCP/UDP: Closing socket
    Jun 30 06:05:06 Naga openvpn[94663]: SIGUSR1[soft,ping-restart] received, process restarting
    Jun 30 06:05:06 Naga openvpn[94663]: Restart pause, 2 second(s)
    Jun 30 06:05:08 Naga openvpn[94663]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 30 06:05:08 Naga openvpn[94663]: Re-using pre-shared static key
    Jun 30 06:05:08 Naga openvpn[94663]: LZO compression initialized
    Jun 30 06:05:08 Naga openvpn[94663]: Socket Buffers: R=[42080->42080] S=[57344->57344]
    Jun 30 06:05:08 Naga openvpn[94663]: Preserving previous TUN/TAP instance: ovpnc1
    Jun 30 06:05:08 Naga openvpn[94663]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
    Jun 30 06:05:08 Naga openvpn[94663]: Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.1 192.168.76.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:05:08 Naga openvpn[94663]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.2 192.168.76.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:05:08 Naga openvpn[94663]: Local Options hash (VER=V4): '4e7cbab4'
    Jun 30 06:05:08 Naga openvpn[94663]: Expected Remote Options hash (VER=V4): 'f9a5208f'
    Jun 30 06:05:08 Naga openvpn[94663]: UDPv4 link local (bound): [AF_INET]192.168.30.254
    Jun 30 06:05:08 Naga openvpn[94663]: UDPv4 link remote: [AF_INET]xxx.xxx.xx.xxx:1194
    Jun 30 06:06:08 Naga openvpn[94663]: Inactivity timeout (--ping-restart), restarting
    Jun 30 06:06:08 Naga openvpn[94663]: TCP/UDP: Closing socket
    Jun 30 06:06:08 Naga openvpn[94663]: SIGUSR1[soft,ping-restart] received, process restarting
    Jun 30 06:06:08 Naga openvpn[94663]: Restart pause, 2 second(s)
    Jun 30 06:06:10 Naga openvpn[94663]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 30 06:06:10 Naga openvpn[94663]: Re-using pre-shared static key
    Jun 30 06:06:10 Naga openvpn[94663]: LZO compression initialized
    Jun 30 06:06:10 Naga openvpn[94663]: Socket Buffers: R=[42080->42080] S=[57344->57344]
    Jun 30 06:06:10 Naga openvpn[94663]: Preserving previous TUN/TAP instance: ovpnc1
    Jun 30 06:06:10 Naga openvpn[94663]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
    Jun 30 06:06:10 Naga openvpn[94663]: Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.1 192.168.76.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:06:10 Naga openvpn[94663]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.2 192.168.76.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:06:10 Naga openvpn[94663]: Local Options hash (VER=V4): '4e7cbab4'
    Jun 30 06:06:10 Naga openvpn[94663]: Expected Remote Options hash (VER=V4): 'f9a5208f'
    Jun 30 06:06:10 Naga openvpn[94663]: UDPv4 link local (bound): [AF_INET]192.168.30.254
    Jun 30 06:06:10 Naga openvpn[94663]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
    Jun 30 06:07:11 Naga openvpn[94663]: Inactivity timeout (--ping-restart), restarting
    Jun 30 06:07:11 Naga openvpn[94663]: TCP/UDP: Closing socket
    Jun 30 06:07:11 Naga openvpn[94663]: SIGUSR1[soft,ping-restart] received, process restarting
    Jun 30 06:07:11 Naga openvpn[94663]: Restart pause, 2 second(s)
    Jun 30 06:07:13 Naga openvpn[94663]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 30 06:07:13 Naga openvpn[94663]: Re-using pre-shared static key
    Jun 30 06:07:13 Naga openvpn[94663]: LZO compression initialized
    Jun 30 06:07:13 Naga openvpn[94663]: Socket Buffers: R=[42080->42080] S=[57344->57344]
    Jun 30 06:07:13 Naga openvpn[94663]: Preserving previous TUN/TAP instance: ovpnc1
    Jun 30 06:07:13 Naga openvpn[94663]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
    Jun 30 06:07:13 Naga openvpn[94663]: Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.1 192.168.76.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:07:13 Naga openvpn[94663]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.2 192.168.76.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:07:13 Naga openvpn[94663]: Local Options hash (VER=V4): '4e7cbab4'
    Jun 30 06:07:13 Naga openvpn[94663]: Expected Remote Options hash (VER=V4): 'f9a5208f'
    Jun 30 06:07:13 Naga openvpn[94663]: UDPv4 link local (bound): [AF_INET]192.168.30.254
    Jun 30 06:07:13 Naga openvpn[94663]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
    Jun 30 06:08:13 Naga openvpn[94663]: Inactivity timeout (--ping-restart), restarting
    Jun 30 06:08:13 Naga openvpn[94663]: TCP/UDP: Closing socket
    Jun 30 06:08:13 Naga openvpn[94663]: SIGUSR1[soft,ping-restart] received, process restarting
    Jun 30 06:08:13 Naga openvpn[94663]: Restart pause, 2 second(s)
    Jun 30 06:08:15 Naga openvpn[94663]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 30 06:08:15 Naga openvpn[94663]: Re-using pre-shared static key
    Jun 30 06:08:15 Naga openvpn[94663]: LZO compression initialized
    Jun 30 06:08:15 Naga openvpn[94663]: Socket Buffers: R=[42080->42080] S=[57344->57344]
    Jun 30 06:08:15 Naga openvpn[94663]: Preserving previous TUN/TAP instance: ovpnc1
    Jun 30 06:08:15 Naga openvpn[94663]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
    Jun 30 06:08:15 Naga openvpn[94663]: Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.1 192.168.76.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:08:15 Naga openvpn[94663]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.2 192.168.76.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:08:15 Naga openvpn[94663]: Local Options hash (VER=V4): '4e7cbab4'
    Jun 30 06:08:15 Naga openvpn[94663]: Expected Remote Options hash (VER=V4): 'f9a5208f'
    Jun 30 06:08:15 Naga openvpn[94663]: UDPv4 link local (bound): [AF_INET]192.168.30.254
    Jun 30 06:08:15 Naga openvpn[94663]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
    Jun 30 06:09:15 Naga openvpn[94663]: Inactivity timeout (--ping-restart), restarting
    Jun 30 06:09:15 Naga openvpn[94663]: TCP/UDP: Closing socket
    Jun 30 06:09:15 Naga openvpn[94663]: SIGUSR1[soft,ping-restart] received, process restarting
    Jun 30 06:09:15 Naga openvpn[94663]: Restart pause, 2 second(s)
    Jun 30 06:09:17 Naga openvpn[94663]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 30 06:09:17 Naga openvpn[94663]: Re-using pre-shared static key
    Jun 30 06:09:17 Naga openvpn[94663]: LZO compression initialized
    Jun 30 06:09:17 Naga openvpn[94663]: Socket Buffers: R=[42080->42080] S=[57344->57344]
    Jun 30 06:09:17 Naga openvpn[94663]: Preserving previous TUN/TAP instance: ovpnc1
    Jun 30 06:09:17 Naga openvpn[94663]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
    Jun 30 06:09:17 Naga openvpn[94663]: Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.1 192.168.76.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:09:17 Naga openvpn[94663]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.2 192.168.76.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:09:17 Naga openvpn[94663]: Local Options hash (VER=V4): '4e7cbab4'
    Jun 30 06:09:17 Naga openvpn[94663]: Expected Remote Options hash (VER=V4): 'f9a5208f'
    Jun 30 06:09:17 Naga openvpn[94663]: UDPv4 link local (bound): [AF_INET]192.168.30.254
    Jun 30 06:09:17 Naga openvpn[94663]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
    Jun 30 06:10:18 Naga openvpn[94663]: Inactivity timeout (--ping-restart), restarting
    Jun 30 06:10:18 Naga openvpn[94663]: TCP/UDP: Closing socket
    Jun 30 06:10:18 Naga openvpn[94663]: SIGUSR1[soft,ping-restart] received, process restarting
    Jun 30 06:10:18 Naga openvpn[94663]: Restart pause, 2 second(s)
    Jun 30 06:10:20 Naga openvpn[94663]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 30 06:10:20 Naga openvpn[94663]: Re-using pre-shared static key
    Jun 30 06:10:20 Naga openvpn[94663]: LZO compression initialized
    Jun 30 06:10:20 Naga openvpn[94663]: Socket Buffers: R=[42080->42080] S=[57344->57344]
    Jun 30 06:10:20 Naga openvpn[94663]: Preserving previous TUN/TAP instance: ovpnc1
    Jun 30 06:10:20 Naga openvpn[94663]: Data Channel MTU parms [ L:1561 D:1450 EF:61 EB:143 ET:0 EL:3 AF:3/1 ]
    Jun 30 06:10:20 Naga openvpn[94663]: Local Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.1 192.168.76.2,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:10:20 Naga openvpn[94663]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1561,tun-mtu 1500,proto UDPv4,ifconfig 192.168.76.2 192.168.76.1,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,secret'
    Jun 30 06:10:20 Naga openvpn[94663]: Local Options hash (VER=V4): '4e7cbab4'
    Jun 30 06:10:20 Naga openvpn[94663]: Expected Remote Options hash (VER=V4): 'f9a5208f'
    
    

Log in to reply