[RESOLVIDO] OpenVPN Remote Access | Acesso pfSense | Não acessa LAN



  • Bom dia,

    Cenário:
    Pfsense 2.3.4-RELEASE (amd64)
    Instalado em Vmware ESXI 5.5

    Total de Interface Wan = 2

    3 sites OpenVPN

    01 = Filial peer to peer porta 1190
    02 = Filial peer to peer porta 1180
    03 = Remote Access  porta 1194

    IP LAN = 192.168.0.0/24
    IP pfsense = 192.168.0.254
    IP Tunel OpenVPN 03 = 192.168.100.0/29
    IP atribuido na Conexão OpenVPN = 192.168.100.2

    OBS: segui varios tutoriais, inclusive este: https://forum.pfsense.org/index.php?topic=129834.0

    Estou com um pequeno problema, tenho configurado uma conexão OpenVPN client, consigo conectar, recebo IP da conexão (192.168.100.2), e acesso a interface web e consigo sucesso ao realizar ping do IP do Pfsense (192.168.0.254) porem não consigo acessar a rede LAN (192.168.0.0/24).
    Tenho 2 WANS, e toda a configuração esta en cima da WAN1 (Firewall Rules, OpenVPN, Nat)

    Tenho que fazer alguma configuração de rota?

    OBS: tenho 2 sites peer to peer funcionando corretamente, e não foi necessário criar rotas.

    OBS²: Verificando os logs no firewall as conexões passam, não há nada bloqueado.
    Em Firewall rules há regra permitindo a rede da VPN acessar a rede interna sem restrição IPv4 * * para a Lan net
    Verificando os logs da regra:

    
    Interface   Protocol    Source            Destination     State               Packets               Bytes
    ovpns3      udp 	  192.168.100.2:10046 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:13670 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:29634 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        64 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:30177 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:30640 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     64 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:6678 ->  192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B
    
    

    Configuração OpenVPN

    
    General Information
    Server mode:    Remote Access (SSL/TLS + User Auth)
    Backend for authentication: Active Directory
    Protocol:   UDP
    Device mode:    TUN
    Interface:  WAN1
    Local Port: 1194
    
    Cryptographic Settings
    TLS authentication: Marcado
    Peer Certificate Authority: CA_OpenVPN
    Server certificate: Cert_OpenVPN_Server
    DH Parameter length (bits): 2048
    Encryption Algorithm: AES-256-CBC
    Auth digest algorithm: SHA256
    Hardware Crypto:    Não
    Certificate Depth: One (Client+Server)
    Strict User-CN Matching: Desmarcado
    
    Tunnel Settings
    IPv4 Tunnel Network: 192.168.100.0/29
    IPv6 Tunnel Network: -
    Redirect Gateway: Desmarcado
    IPv4 Lo
    cal network(s): 192.168.0.0/24
    IPv6 Local network(s): -
    Concurrent connections:
    Compression: Habilitado, Adaptative
    Type-of-Service: Marcado
    Inter-client communication: Desmarcado
    Duplicate Connection: Desmarcado
    Disable IPv6: Marcado
    
    Client Settings
    Dynamic IP: Marcado
    Address Pool: Marcado
    Topology: Subnet -- One IP Address per client in a common Subnet
    
    Advanced Client Settings
    DNS Default Domain: Marcado
    DNS Default Domain: meudominio
    DNS Server enable: Marcado
    DNS Server 1: 192.168.0.60
    DNS Server 2: 192.168.0.50
    Block Outside DNS: Desmarcado
    Force DNS cache update: Desmarcado
    NTP Server enable: Desmarcado
    NetBIOS enable: Desmarcado
    Enable custom port: Desmarcado
    
    Advanced Configuration
    Nada acrescentado
    
    

    Fiz uma captura de pacotes

    
    Packet Capture Options
    Interface: OpenVPN_Client
    Promiscuous: Desmarcado
    Address Family: any]
    Protocol: any
    Host Address: -
    Port: -
    Packet Length: 0
    Count: 100
    Level of detail: Normal
    Reverse DNS Lookup: Desmarcado
    
    

    Packets Captured

    
    10:45:44.004702 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
    10:45:48.654349 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
    10:45:48.671845 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
    10:45:48.835013 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
    10:45:49.009172 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
    10:45:51.245159 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
    10:45:53.661205 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
    10:45:53.674875 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
    10:45:53.841873 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
    10:45:54.026358 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
    10:45:56.253528 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
    10:45:58.638449 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
    10:45:58.682023 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
    10:45:58.682116 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
    10:45:58.863800 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
    10:45:59.015410 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
    10:46:01.249763 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
    10:46:03.630210 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
    10:46:03.669477 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
    10:46:03.681827 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
    10:46:03.857357 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
    10:46:04.028139 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
    10:46:06.256763 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
    10:46:08.030200 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
    10:46:08.675615 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
    10:46:08.684214 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
    10:46:08.687934 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
    10:46:08.858353 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
    10:46:09.025574 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
    10:46:11.033067 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
    10:46:11.252529 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
    10:46:11.252562 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
    10:46:11.252596 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
    10:46:11.257781 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
    10:46:11.292618 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:11.549996 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:12.292619 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:12.546085 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:13.037521 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
    10:46:13.656319 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
    10:46:13.682013 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
    10:46:13.692612 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
    10:46:13.878476 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
    10:46:14.037156 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
    10:46:14.314500 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:14.543956 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:16.048173 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
    10:46:16.256673 IP 192.168.100.2.60227 > 192.168.0.50.53: UDP, length 37
    10:46:16.256705 IP 192.168.100.2.42632 > 192.168.0.50.53: UDP, length 37
    10:46:16.256816 IP 192.168.100.2.46519 > 192.168.0.50.53: UDP, length 37
    10:46:16.258064 IP 192.168.100.2.45443 > 192.168.0.50.53: UDP, length 37
    10:46:18.109490 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
    10:46:18.304995 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:18.324530 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:18.553209 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:18.644932 IP 192.168.100.2.43017 > 192.168.0.60.53: UDP, length 38
    10:46:18.686796 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
    10:46:18.697621 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
    10:46:18.863908 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
    10:46:19.027853 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
    10:46:19.335404 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:21.082807 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
    10:46:21.267447 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
    10:46:21.267480 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
    10:46:21.267617 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
    10:46:21.267691 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
    10:46:21.323851 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:23.051414 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
    10:46:23.653867 IP 192.168.100.2.55766 > 192.168.0.50.53: UDP, length 38
    10:46:23.701073 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
    10:46:23.701729 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
    10:46:23.869555 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
    10:46:24.043412 IP 192.168.100.2.35269 > 192.168.0.60.53: UDP, length 45
    10:46:24.144075 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.144135 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.154976 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.155125 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 179
    10:46:24.155159 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.158416 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
    10:46:24.158438 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
    10:46:24.158445 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 445
    10:46:24.165002 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.165504 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.170297 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.176650 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 126
    10:46:24.176687 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.177501 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 51
    10:46:24.187966 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.188002 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.188072 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.190173 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:25.345036 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:26.044520 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
    10:46:26.158599 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
    10:46:26.158675 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
    10:46:26.167414 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
    10:46:26.167541 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 179
    10:46:26.167571 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
    10:46:26.170166 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329
    10:46:26.170186 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329
    
    

    Percebi que em Diagnostics -> Route no pfSense o seguinte:

    
    Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
    192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3
    
    

    Tenho que atribuir uma interface a esta conexão do OpenVPN e criar uma rota?

    OBS³: Se as informações foram escassas, favor solicitar.
    Todos os endereços IPs aqui são fictício, porem representam informações reais.



  • OpenVPN Remote Access | pfSense Acceess | LAN not Connecting

    Good afternoon,

    Environment:
    Pfsense 2.3.4-RELEASE (amd64)
    Installed on Vmware ESXI 5.5

    Number of Wan Interfaces = 2

    3 OpenVPN sites

    01 = Affiliate peer to peer port 1190
    02 = Affiliate peer to peer port 1180
    03 = Remote Access  port 1194

    IP LAN = 192.168.0.0/24
    IP pfsense = 192.168.0.254
    IP Tunnel OpenVPN 03 = 192.168.100.0/29
    IP got at the OpenVPN connection  = 192.168.100.2

    ps: I had followed many tutorials, including this: https://forum.pfsense.org/index.php?topic=129834.0

    I'm with a little issue, I had setted up an OpenVPN connection client, I got connected in it, I got an IP from it (192.168.100.2), and I can access the web interface and got ping response from pfSense (192.168.0.254), but I can't access the local network (192.168.0.0/24).
    It has 2 Wan interfaces, and all setting is on the first Wan (Firewall Rules, OpenVPN, Nat).

    Must I setting a route to it?

    ps:  It is already working correctly 2 site to site OpenVPN, and I didn't set any route.

    ps²: looking at the firewall logs, it is beeing accepted, there is nothing beeing blocked.
    In Firewall rules there is a rule allowing the VPN network to access the local network, no restrition IPv4 * * to Lan net
    Looking the rules logs

    
    Interface   Protocol    Source            Destination     State               Packets               Bytes
    ovpns3      udp 	  192.168.100.2:10046 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:13670 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        65 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:29634 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0        64 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:30177 -> 192.168.0.60:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:30640 -> 192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     64 B / 0 B 	
    ovpns3      udp 	  192.168.100.2:6678 ->  192.168.0.50:53 	NO_TRAFFIC:SINGLE 	1 / 0 	     59 B / 0 B
    
    

    OpenVPN Setting

    
    General Information
    Server mode:    Remote Access (SSL/TLS + User Auth)
    Backend for authentication: Active Directory
    Protocol:   UDP
    Device mode:    TUN
    Interface:  WAN1
    Local Port: 1194
    
    Cryptographic Settings
    TLS authentication: checked
    Peer Certificate Authority: CA_OpenVPN
    Server certificate: Cert_OpenVPN_Server
    DH Parameter length (bits): 2048
    Encryption Algorithm: AES-256-CBC
    Auth digest algorithm: SHA256
    Hardware Crypto:    No
    Certificate Depth: One (Client+Server)
    Strict User-CN Matching: Unchecked
    
    Tunnel Settings
    IPv4 Tunnel Network: 192.168.100.0/29
    IPv6 Tunnel Network: -
    Redirect Gateway: Unchecked
    IPv4 Lo
    cal network(s): 192.168.0.0/24
    IPv6 Local network(s): -
    Concurrent connections:
    Compression: Habilitado, Adaptative
    Type-of-Service: checked
    Inter-client communication: Unchecked
    Duplicate Connection: Unchecked
    Disable IPv6: checked
    
    Client Settings
    Dynamic IP: checked
    Address Pool: checked
    Topology: Subnet -- One IP Address per client in a common Subnet
    
    Advanced Client Settings
    DNS Default Domain: checked
    DNS Default Domain: mydomain
    DNS Server enable: checked
    DNS Server 1: 192.168.0.60
    DNS Server 2: 192.168.0.50
    Block Outside DNS: Unchecked
    Force DNS cache update: Unchecked
    NTP Server enable: Unchecked
    NetBIOS enable: Unchecked
    Enable custom port: Unchecked
    
    Advanced Configuration
    No change
    
    

    I got a Packet Capture

    
    Packet Capture Options
    Interface: OpenVPN_Client
    Promiscuous: Unchecked
    Address Family: any]
    Protocol: any
    Host Address: -
    Port: -
    Packet Length: 0
    Count: 100
    Level of detail: Normal
    Reverse DNS Lookup: Unchecked
    
    

    Packets Captured

    
    10:45:44.004702 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
    10:45:48.654349 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
    10:45:48.671845 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
    10:45:48.835013 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
    10:45:49.009172 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
    10:45:51.245159 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
    10:45:53.661205 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
    10:45:53.674875 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
    10:45:53.841873 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
    10:45:54.026358 IP 192.168.100.2.46499 > 192.168.0.60.53: UDP, length 37
    10:45:56.253528 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
    10:45:58.638449 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
    10:45:58.682023 IP 192.168.100.2.40236 > 192.168.0.60.53: UDP, length 36
    10:45:58.682116 IP 192.168.100.2.38575 > 192.168.0.60.53: UDP, length 39
    10:45:58.863800 IP 192.168.100.2.1318 > 192.168.0.60.53: UDP, length 33
    10:45:59.015410 IP 192.168.100.2.60921 > 192.168.0.50.53: UDP, length 37
    10:46:01.249763 IP 192.168.100.2.57456 > 192.168.0.60.53: UDP, length 37
    10:46:03.630210 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
    10:46:03.669477 IP 192.168.100.2.61035 > 192.168.0.50.53: UDP, length 36
    10:46:03.681827 IP 192.168.100.2.37177 > 192.168.0.50.53: UDP, length 39
    10:46:03.857357 IP 192.168.100.2.38436 > 192.168.0.50.53: UDP, length 33
    10:46:04.028139 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
    10:46:06.256763 IP 192.168.100.2.63759 > 192.168.0.50.53: UDP, length 37
    10:46:08.030200 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
    10:46:08.675615 IP 192.168.100.2.48402 > 192.168.0.60.53: UDP, length 38
    10:46:08.684214 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
    10:46:08.687934 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
    10:46:08.858353 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
    10:46:09.025574 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
    10:46:11.033067 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
    10:46:11.252529 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
    10:46:11.252562 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
    10:46:11.252596 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
    10:46:11.257781 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
    10:46:11.292618 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:11.549996 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:12.292619 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:12.546085 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:13.037521 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
    10:46:13.656319 IP 192.168.100.2.2047 > 192.168.0.50.53: UDP, length 38
    10:46:13.682013 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
    10:46:13.692612 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
    10:46:13.878476 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
    10:46:14.037156 IP 192.168.100.2.57515 > 192.168.0.60.53: UDP, length 37
    10:46:14.314500 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:14.543956 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:16.048173 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
    10:46:16.256673 IP 192.168.100.2.60227 > 192.168.0.50.53: UDP, length 37
    10:46:16.256705 IP 192.168.100.2.42632 > 192.168.0.50.53: UDP, length 37
    10:46:16.256816 IP 192.168.100.2.46519 > 192.168.0.50.53: UDP, length 37
    10:46:16.258064 IP 192.168.100.2.45443 > 192.168.0.50.53: UDP, length 37
    10:46:18.109490 IP 192.168.100.2.40177 > 192.168.0.60.53: UDP, length 39
    10:46:18.304995 IP 192.168.100.2.33490 > 192.168.0.24.80: tcp 0
    10:46:18.324530 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:18.553209 IP 192.168.100.2.33491 > 192.168.0.24.80: tcp 0
    10:46:18.644932 IP 192.168.100.2.43017 > 192.168.0.60.53: UDP, length 38
    10:46:18.686796 IP 192.168.100.2.34894 > 192.168.0.60.53: UDP, length 36
    10:46:18.697621 IP 192.168.100.2.55661 > 192.168.0.60.53: UDP, length 39
    10:46:18.863908 IP 192.168.100.2.34322 > 192.168.0.60.53: UDP, length 33
    10:46:19.027853 IP 192.168.100.2.50621 > 192.168.0.50.53: UDP, length 37
    10:46:19.335404 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:21.082807 IP 192.168.100.2.46173 > 192.168.0.60.53: UDP, length 37
    10:46:21.267447 IP 192.168.100.2.53998 > 192.168.0.60.53: UDP, length 37
    10:46:21.267480 IP 192.168.100.2.51758 > 192.168.0.60.53: UDP, length 37
    10:46:21.267617 IP 192.168.100.2.59832 > 192.168.0.60.53: UDP, length 37
    10:46:21.267691 IP 192.168.100.2.44323 > 192.168.0.60.53: UDP, length 37
    10:46:21.323851 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:23.051414 IP 192.168.100.2.44615 > 192.168.0.50.53: UDP, length 39
    10:46:23.653867 IP 192.168.100.2.55766 > 192.168.0.50.53: UDP, length 38
    10:46:23.701073 IP 192.168.100.2.49618 > 192.168.0.50.53: UDP, length 36
    10:46:23.701729 IP 192.168.100.2.52150 > 192.168.0.50.53: UDP, length 39
    10:46:23.869555 IP 192.168.100.2.54666 > 192.168.0.50.53: UDP, length 33
    10:46:24.043412 IP 192.168.100.2.35269 > 192.168.0.60.53: UDP, length 45
    10:46:24.144075 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.144135 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.154976 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.155125 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 179
    10:46:24.155159 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.158416 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
    10:46:24.158438 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 1329
    10:46:24.158445 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 445
    10:46:24.165002 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.165504 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.170297 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.176650 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 126
    10:46:24.176687 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.177501 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 51
    10:46:24.187966 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:24.188002 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.188072 IP 192.168.0.254.443 > 192.168.100.2.35980: tcp 0
    10:46:24.190173 IP 192.168.100.2.35980 > 192.168.0.254.443: tcp 0
    10:46:25.345036 IP 192.168.100.2.33492 > 192.168.0.24.80: tcp 0
    10:46:26.044520 IP 192.168.100.2.34398 > 192.168.0.50.53: UDP, length 37
    10:46:26.158599 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
    10:46:26.158675 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
    10:46:26.167414 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 0
    10:46:26.167541 IP 192.168.100.2.35981 > 192.168.0.254.443: tcp 179
    10:46:26.167571 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 0
    10:46:26.170166 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329
    10:46:26.170186 IP 192.168.0.254.443 > 192.168.100.2.35981: tcp 1329
    
    

    I had realized in Diagnostics -> Route the following

    
    Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
    192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3
    
    

    Should I assign an interface to this OpenVPN connection, and create a route?

    ps³: Sorry, if the information is too poor, please feel free to ask anything.
    All the IP addresses here is not real, but represent a real information.



  • @jeferson.junior:

    Percebi que em Diagnostics -> Route no pfSense o seguinte:

    
    Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
    192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3
    
    

    Tenho que atribuir uma interface a esta conexão do OpenVPN e criar uma rota?

    OBS³: Se as informações foram escassas, favor solicitar.
    Todos os endereços IPs aqui são fictício, porem representam informações reais.

    você liberou o acesso (regras de firewall) na interface ovpns3 ?



  • Bom dia,

    Não consegue acessar de onde pra onde?



  • Caro, jeferson.junior.

    Tente uma classe de rede diferente. Ex: 10.20.0.0/29

    Att.
    Whatsapp: 021 9 6403-5250



  • @pskinfra:

    Caro, jeferson.junior.

    A rede /24 contempla a rede /29. A rede "vlsm" /29, é apenas uma subrede da /24.

    Para o openvpn funciona tem que ser uma rede diferente! Por ex: 10.20.0.0/29

    Verdade. Bem Observado.

    Att.
    Whatsapp: 021 9 6403-5250



  • @chipbr:

    @jeferson.junior:

    Percebi que em Diagnostics -> Route no pfSense o seguinte:

    
    Destination	        Gateway	        Flags	Use	  Mtu	Netif	Expire
    192.168.100.0/29	192.168.100.2	UGS	     0	  1500	ovpns3
    
    

    Tenho que atribuir uma interface a esta conexão do OpenVPN e criar uma rota?

    OBS³: Se as informações foram escassas, favor solicitar.
    Todos os endereços IPs aqui são fictício, porem representam informações reais.

    você liberou o acesso (regras de firewall) na interface ovpns3 ?

    Sim liberado.
    Minha dúvida na citação acima é quanto ao gateway 192.168.100.2 sendo este o ip que recebo ao conectar remotamente.

    
    Protocol:   IPV4* 
    Source: 192.168.100.0/29 
    Port:   *   
    Destination:    LAN Net
    Port:  *
    Gateway:    *
    Queue:  none
    
    

    e também no sentido inverso (LAN OpenVPN), invertendo Source e destination.



  • @bomsao:

    Bom dia,

    Não consegue acessar de onde pra onde?

    Do acesso remoto OpenVPN para a LAN, consigo acessar o pfsense no IP da LAN
    Da LAn para o acesso remoto OpenVPN também não é possível acesso, porem nos logs do firewall não consta bloqueio, todas as conexões estão passando,
    por isso acho que tem haver com rota.



  • @pskinfra:

    Caro, jeferson.junior.

    Tente uma classe de rede diferente. Ex: 10.20.0.0/29

    Att.
    Whatsapp: 021 9 6403-5250

    Boa tarde,

    o IP 192.168.100.0/29 é fictício, está na na class A (EX: 10.0.0.0/29)



  • Coloca /30 na configuração do tunel do cliente e coloca a rede da lan nas configuraçoes da rede remota.

    criar uma regra any na interface openvpn



  • Caro jeferson.junior.

    Seu PfSense apenas está no domínio de broadcast (rede), sendo assim o gateway para os hosts que você aponta estaticamente.

    Por mais que a rede (/29) do seu OpenVPN fale com o seu PF(GW), ele irá recorrer ao default gateway da rede, ou seja, seria quem o FW está se conectando ( 192.168.100.1 ), o que talvez você deveria criar rota estática para sua rede do túnel openvpn nesse default gw.

    Para funcionamento simples e "correto", o PfSense deveria ser o GW da rede ( se a intenção é ser firewall e ter uma administração centralizada ).

    Att,
    Whatsapp: 021 9 64035250



  • @pskinfra:

    Caro jeferson.junior.

    Seu PfSense apenas está no domínio de broadcast (rede), sendo assim o gateway para os hosts que você aponta estaticamente.

    Por mais que a rede (/29) do seu OpenVPN fale com o seu PF(GW), ele irá recorrer ao default gateway da rede, ou seja, seria quem o FW está se conectando ( 192.168.100.1 ), o que talvez você deveria criar rota estática para sua rede do túnel openvpn nesse default gw.

    Para funcionamento simples e "correto", o PfSense deveria ser o GW da rede ( se a intenção é ser firewall e ter uma administração centralizada ).

    Att,
    Whatsapp: 021 9 64035250

    Por descuido, passou desapercebido, o pfsense não é o único gateway da rede, configurei a rota no outro gateway, apontando a rota para o ip do pfsense e tudo esta funcionando.

    Obrigado a todos pela ajuda.



  • Jeferso,

    Bacana que foi resolvido.

    Edita teu primeiro post e poe no inicio como [RESOLVIDO]. :D


Log in to reply