Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Problemas con OpenVpn

    Español
    2
    4
    2595
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgautier last edited by

      Alguien puede ayudarme a configurar OpenVpn para RoadWarrior lo he intentado muchas veces y no me resulta, incluso viendo los Tutoriales pero no hay caso.

      Tengo la siguiente configuracion

      En la empresa (Office) Lan 175.0.0.0/24

      La configuracion del PfSense es la siguiente

      Interfaces

      Lan Interface
          bridge With None
          Ip Address 175.0.0.2 /24
      Wan Interface
      Type static

      Static Ip Configuration
      IpAddress 201.XXX.XXX.100 /29
      gateWay 201.XXX.XXX.97
      Block private networks Checked (Marcado)

      –---------- Fin Iterfaces -------------

      OpenVpn Server

      Protocol  Tcp
      Dinamic Ip Checked
      Local Port 1194
      Address Pool 192.168.200.0/24
      Local network 175.0.0.0/24
      Auth Method PKI
      Todos Los certificados Copiados y Pegados en sus respectivos espacios

      --------------- Fin OpenVpn Server --------------------

      Firewall Rules

      Action pass
      Interface WAN
      Protocol Tcp
      Source Any
      Destination Any
      Destination Port range OpenVpn to OpenVpn
      Log Checked
      gateway Default

      ------------------Fin Firewall rules ---------------------

      El log del OpenVpn es el siguiente
      Dec 20 13:45:12 openvpn[67488]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
      Dec 20 13:45:14 openvpn[68804]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
      Dec 20 13:45:14 openvpn[68804]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
      Dec 20 13:45:14 openvpn[68804]: gw 201.236.23.97
      Dec 20 13:45:14 openvpn[68804]: TUN/TAP device /dev/tun0 opened
      Dec 20 13:45:14 openvpn[68804]: /sbin/ifconfig tun0 192.168.200.1 192.168.200.2 mtu 1500 netmask 255.255.255.255 up
      Dec 20 13:45:14 openvpn[68804]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
      Dec 20 13:45:15 openvpn[67488]: SIGTERM[hard,] received, process exiting
      Dec 20 13:45:17 openvpn[68817]: Listening for incoming TCP connection on [undef]:1194
      Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link local (bound): [undef]:1194
      Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link remote: [undef]
      Dec 20 13:45:17 openvpn[68817]: Initialization Sequence Completed

      El log del OpenVpn GUI V1.0.3 es el siguiente
      Sat Dec 20 15:01:01 2008 us=206082 Current Parameter Settings:
      Sat Dec 20 15:01:01 2008 us=206153  config = 'pfsense-clinte.ovpn'
      Sat Dec 20 15:01:01 2008 us=206167  mode = 0
      Sat Dec 20 15:01:01 2008 us=206180  show_ciphers = DISABLED
      Sat Dec 20 15:01:01 2008 us=206194  show_digests = DISABLED
      Sat Dec 20 15:01:01 2008 us=206207  show_engines = DISABLED
      Sat Dec 20 15:01:01 2008 us=206220  genkey = DISABLED
      Sat Dec 20 15:01:01 2008 us=206233  key_pass_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206245  show_tls_ciphers = DISABLED
      Sat Dec 20 15:01:01 2008 us=206257  proto = 2
      Sat Dec 20 15:01:01 2008 us=206269  local = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206284  remote_list[0] = {'201.236.23.100', 1194}
      Sat Dec 20 15:01:01 2008 us=206298  remote_random = DISABLED
      Sat Dec 20 15:01:01 2008 us=206312  local_port = 1194
      Sat Dec 20 15:01:01 2008 us=206325  remote_port = 1194
      Sat Dec 20 15:01:01 2008 us=206338  remote_float = ENABLED
      Sat Dec 20 15:01:01 2008 us=206351  ipchange = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206365  bind_local = ENABLED
      Sat Dec 20 15:01:01 2008 us=206377  dev = 'tun'
      Sat Dec 20 15:01:01 2008 us=206391  dev_type = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206404  dev_node = 'Tap'
      Sat Dec 20 15:01:01 2008 us=206417  tun_ipv6 = DISABLED
      Sat Dec 20 15:01:01 2008 us=206430  ifconfig_local = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206442  ifconfig_remote_netmask = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206455  ifconfig_noexec = DISABLED
      Sat Dec 20 15:01:01 2008 us=206473  ifconfig_nowarn = DISABLED
      Sat Dec 20 15:01:01 2008 us=206487  shaper = 0
      Sat Dec 20 15:01:01 2008 us=206499  tun_mtu = 1500
      Sat Dec 20 15:01:01 2008 us=206512  tun_mtu_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=206524  link_mtu = 1500
      Sat Dec 20 15:01:01 2008 us=206536  link_mtu_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=206548  tun_mtu_extra = 0
      Sat Dec 20 15:01:01 2008 us=206561  tun_mtu_extra_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=206573  fragment = 0
      Sat Dec 20 15:01:01 2008 us=206586  mtu_discover_type = -1
      Sat Dec 20 15:01:01 2008 us=206598  mtu_test = 0
      Sat Dec 20 15:01:01 2008 us=206610  mlock = DISABLED
      Sat Dec 20 15:01:01 2008 us=206622  keepalive_ping = 0
      Sat Dec 20 15:01:01 2008 us=206635  keepalive_timeout = 0
      Sat Dec 20 15:01:01 2008 us=206647  inactivity_timeout = 0
      Sat Dec 20 15:01:01 2008 us=206660  ping_send_timeout = 10
      Sat Dec 20 15:01:01 2008 us=206672  ping_rec_timeout = 0
      Sat Dec 20 15:01:01 2008 us=206685  ping_rec_timeout_action = 0
      Sat Dec 20 15:01:01 2008 us=206699  ping_timer_remote = DISABLED
      Sat Dec 20 15:01:01 2008 us=206711  remap_sigusr1 = 0
      Sat Dec 20 15:01:01 2008 us=206723  explicit_exit_notification = 0
      Sat Dec 20 15:01:01 2008 us=206737  persist_tun = ENABLED
      Sat Dec 20 15:01:01 2008 us=206751  persist_local_ip = DISABLED
      Sat Dec 20 15:01:01 2008 us=206764  persist_remote_ip = DISABLED
      Sat Dec 20 15:01:01 2008 us=206777  persist_key = ENABLED
      Sat Dec 20 15:01:01 2008 us=206790  mssfix = 1450
      Sat Dec 20 15:01:01 2008 us=206804  resolve_retry_seconds = 1000000000
      Sat Dec 20 15:01:01 2008 us=206817  connect_retry_seconds = 5
      Sat Dec 20 15:01:01 2008 us=206830  username = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206842  groupname = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206854  chroot_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206867  cd_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206879  writepid = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206892  up_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206904  down_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206917  down_pre = DISABLED
      Sat Dec 20 15:01:01 2008 us=206929  up_restart = DISABLED
      Sat Dec 20 15:01:01 2008 us=206942  up_delay = DISABLED
      Sat Dec 20 15:01:01 2008 us=206955  daemon = DISABLED
      Sat Dec 20 15:01:01 2008 us=206967  inetd = 0
      Sat Dec 20 15:01:01 2008 us=206980  log = DISABLED
      Sat Dec 20 15:01:01 2008 us=206993  suppress_timestamps = DISABLED
      Sat Dec 20 15:01:01 2008 us=207005  nice = 0
      Sat Dec 20 15:01:01 2008 us=207017  verbosity = 4
      Sat Dec 20 15:01:01 2008 us=388034  mute = 0
      Sat Dec 20 15:01:01 2008 us=388061  gremlin = 0
      Sat Dec 20 15:01:01 2008 us=388074  status_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388087  status_file_version = 1
      Sat Dec 20 15:01:01 2008 us=388100  status_file_update_freq = 60
      Sat Dec 20 15:01:01 2008 us=388113  occ = ENABLED
      Sat Dec 20 15:01:01 2008 us=388125  rcvbuf = 0
      Sat Dec 20 15:01:01 2008 us=388139  sndbuf = 0
      Sat Dec 20 15:01:01 2008 us=388462  socks_proxy_server = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388494  socks_proxy_port = 0
      Sat Dec 20 15:01:01 2008 us=388508  socks_proxy_retry = DISABLED
      Sat Dec 20 15:01:01 2008 us=388522  fast_io = DISABLED
      Sat Dec 20 15:01:01 2008 us=388534  comp_lzo = DISABLED
      Sat Dec 20 15:01:01 2008 us=388547  comp_lzo_adaptive = ENABLED
      Sat Dec 20 15:01:01 2008 us=388559  route_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388572  route_default_gateway = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388585  route_noexec = DISABLED
      Sat Dec 20 15:01:01 2008 us=405672  route_delay = 0
      Sat Dec 20 15:01:01 2008 us=405697  route_delay_window = 30
      Sat Dec 20 15:01:01 2008 us=405710  route_delay_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=405723  management_addr = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=405737  management_port = 0
      Sat Dec 20 15:01:01 2008 us=405750  management_user_pass = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=405763  management_log_history_cache = 250
      Sat Dec 20 15:01:01 2008 us=405777  management_echo_buffer_size = 100
      Sat Dec 20 15:01:01 2008 us=405790  management_query_passwords = DISABLED
      Sat Dec 20 15:01:01 2008 us=405804  management_hold = DISABLED
      Sat Dec 20 15:01:01 2008 us=405817  shared_secret_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=405830  key_direction = 0
      Sat Dec 20 15:01:01 2008 us=405843  ciphername_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=405856  ciphername = 'BF-CBC'
      Sat Dec 20 15:01:01 2008 us=405869  authname_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=440884  authname = 'SHA1'
      Sat Dec 20 15:01:01 2008 us=440909  keysize = 0
      Sat Dec 20 15:01:01 2008 us=440921  engine = DISABLED
      Sat Dec 20 15:01:01 2008 us=440934  replay = ENABLED
      Sat Dec 20 15:01:01 2008 us=440948  mute_replay_warnings = DISABLED
      Sat Dec 20 15:01:01 2008 us=440959  replay_window = 0
      Sat Dec 20 15:01:01 2008 us=440971  replay_time = 0
      Sat Dec 20 15:01:01 2008 us=440984  packet_id_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=441005  use_iv = ENABLED
      Sat Dec 20 15:01:01 2008 us=441017  test_crypto = DISABLED
      Sat Dec 20 15:01:01 2008 us=441028  tls_server = DISABLED
      Sat Dec 20 15:01:01 2008 us=441041  tls_client = ENABLED
      Sat Dec 20 15:01:01 2008 us=441054  key_method = 2
      Sat Dec 20 15:01:01 2008 us=441066  ca_file = 'ca.crt'
      Sat Dec 20 15:01:01 2008 us=441078  dh_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=441091  cert_file = 'cliente1.crt'
      Sat Dec 20 15:01:01 2008 us=441104  priv_key_file = 'cliente1.key'
      Sat Dec 20 15:01:01 2008 us=477117  pkcs12_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477144  cryptoapi_cert = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477157  cipher_list = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477171  tls_verify = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477184  tls_remote = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477196  crl_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477209  ns_cert_type = 64
      Sat Dec 20 15:01:01 2008 us=477220  tls_timeout = 2
      Sat Dec 20 15:01:01 2008 us=477233  renegotiate_bytes = 0
      Sat Dec 20 15:01:01 2008 us=477244  renegotiate_packets = 0
      Sat Dec 20 15:01:01 2008 us=477257  renegotiate_seconds = 3600
      Sat Dec 20 15:01:01 2008 us=477269  handshake_window = 60
      Sat Dec 20 15:01:01 2008 us=477281  transition_window = 3600
      Sat Dec 20 15:01:01 2008 us=477293  single_session = DISABLED
      Sat Dec 20 15:01:01 2008 us=477305  tls_exit = DISABLED
      Sat Dec 20 15:01:01 2008 us=477317  tls_auth_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=523519  server_network = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523544  server_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523559  server_bridge_ip = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523573  server_bridge_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523587  server_bridge_pool_start = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523602  server_bridge_pool_end = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523615  ifconfig_pool_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=523631  ifconfig_pool_start = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523646  ifconfig_pool_end = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523660  ifconfig_pool_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523675  ifconfig_pool_persist_filename = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=523689  ifconfig_pool_persist_refresh_freq = 600
      Sat Dec 20 15:01:01 2008 us=523702  ifconfig_pool_linear = DISABLED
      Sat Dec 20 15:01:01 2008 us=523716  n_bcast_buf = 256
      Sat Dec 20 15:01:01 2008 us=523727  tcp_queue_limit = 64
      Sat Dec 20 15:01:01 2008 us=570036  real_hash_size = 256
      Sat Dec 20 15:01:01 2008 us=570062  virtual_hash_size = 256
      Sat Dec 20 15:01:01 2008 us=570074  client_connect_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570089  learn_address_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570102  client_disconnect_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570115  client_config_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570126  ccd_exclusive = DISABLED
      Sat Dec 20 15:01:01 2008 us=570139  tmp_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570167  push_ifconfig_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=570191  push_ifconfig_local = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=570205  push_ifconfig_remote_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=570219  enable_c2c = DISABLED
      Sat Dec 20 15:01:01 2008 us=570232  duplicate_cn = DISABLED
      Sat Dec 20 15:01:01 2008 us=570244  cf_max = 0
      Sat Dec 20 15:01:01 2008 us=570257  cf_per = 0
      Sat Dec 20 15:01:01 2008 us=621333  max_clients = 1024
      Sat Dec 20 15:01:01 2008 us=621366  max_routes_per_client = 256
      Sat Dec 20 15:01:01 2008 us=621380  client_cert_not_required = DISABLED
      Sat Dec 20 15:01:01 2008 us=621394  username_as_common_name = DISABLED
      Sat Dec 20 15:01:01 2008 us=621409  auth_user_pass_verify_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=621424  auth_user_pass_verify_script_via_file = DISABLED
      Sat Dec 20 15:01:01 2008 us=621437  client = DISABLED
      Sat Dec 20 15:01:01 2008 us=621449  pull = ENABLED
      Sat Dec 20 15:01:01 2008 us=621462  auth_user_pass_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=621480  show_net_up = DISABLED
      Sat Dec 20 15:01:01 2008 us=621494  route_method = 0
      Sat Dec 20 15:01:01 2008 us=621508  ip_win32_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=621519  ip_win32_type = 3
      Sat Dec 20 15:01:01 2008 us=621532  dhcp_masq_offset = 0
      Sat Dec 20 15:01:01 2008 us=621544  dhcp_lease_time = 31536000
      Sat Dec 20 15:01:01 2008 us=650386  tap_sleep = 0
      Sat Dec 20 15:01:01 2008 us=650412  dhcp_options = DISABLED
      Sat Dec 20 15:01:01 2008 us=650425  dhcp_renew = DISABLED
      Sat Dec 20 15:01:01 2008 us=650438  dhcp_pre_release = DISABLED
      Sat Dec 20 15:01:01 2008 us=650450  dhcp_release = DISABLED
      Sat Dec 20 15:01:01 2008 us=650462  domain = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=650474  netbios_scope = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=650485  netbios_node_type = 0
      Sat Dec 20 15:01:01 2008 us=650497  disable_nbt = DISABLED
      Sat Dec 20 15:01:01 2008 us=650526 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
      Sat Dec 20 15:01:01 2008 us=650681 WARNING: –ping should normally be used with --ping-restart or --ping-exit
      Sat Dec 20 15:01:01 2008 us=662062 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
      Sat Dec 20 15:01:01 2008 us=679583 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
      Sat Dec 20 15:01:01 2008 us=679653 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
      Sat Dec 20 15:01:01 2008 us=692370 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
      Sat Dec 20 15:01:01 2008 us=692438 Local Options hash (VER=V4): 'db02a8f8'
      Sat Dec 20 15:01:01 2008 us=692462 Expected Remote Options hash (VER=V4): '7e068940'
      Sat Dec 20 15:01:01 2008 us=692511 Attempting to establish TCP connection with 201.XXX.XXX.100:1194
      Sat Dec 20 15:01:22 2008 us=684857 TCP: connect to 201.XXX.XXX.100:1194 failed, will try again in 5 seconds

      Gracias por los posibles consejos

      CBA

      1 Reply Last reply Reply Quote 0
      • bellera
        bellera last edited by

        ¡Hola!

        ¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?

        Saludos,

        Josep Pujadas

        1 Reply Last reply Reply Quote 0
        • S
          sgautier last edited by

          @bellera:

          ¡Hola!

          ¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?

          Saludos,

          Josep Pujadas

          Gracias por la respuesta pero me queda una duda
          en mi configuracion

          OpenVpn Server

          Protocol  Tcp
          Dinamic Ip Checked
          Local Port 1194
          Address Pool 192.168.200.0/24  <– Esta bien esto?
          Local network 175.0.0.0/24 <– y esto?
          Auth Method PKI

          para que los usuarios que se conecten a traves del Vpn puedan ver los equipos que estan detras del Pfsense es decir la red 175.0.0.0/24?
          Gracias

          1 Reply Last reply Reply Quote 0
          • bellera
            bellera last edited by

            ¡Hola!

            Sí, parece correcto.

            Saludos,

            Josep Pujadas

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy