Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problemas con OpenVpn

    Scheduled Pinned Locked Moved Español
    4 Posts 2 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgautier
      last edited by

      Alguien puede ayudarme a configurar OpenVpn para RoadWarrior lo he intentado muchas veces y no me resulta, incluso viendo los Tutoriales pero no hay caso.

      Tengo la siguiente configuracion

      En la empresa (Office) Lan 175.0.0.0/24

      La configuracion del PfSense es la siguiente

      Interfaces

      Lan Interface
          bridge With None
          Ip Address 175.0.0.2 /24
      Wan Interface
      Type static

      Static Ip Configuration
      IpAddress 201.XXX.XXX.100 /29
      gateWay 201.XXX.XXX.97
      Block private networks Checked (Marcado)

      –---------- Fin Iterfaces -------------

      OpenVpn Server

      Protocol  Tcp
      Dinamic Ip Checked
      Local Port 1194
      Address Pool 192.168.200.0/24
      Local network 175.0.0.0/24
      Auth Method PKI
      Todos Los certificados Copiados y Pegados en sus respectivos espacios

      --------------- Fin OpenVpn Server --------------------

      Firewall Rules

      Action pass
      Interface WAN
      Protocol Tcp
      Source Any
      Destination Any
      Destination Port range OpenVpn to OpenVpn
      Log Checked
      gateway Default

      ------------------Fin Firewall rules ---------------------

      El log del OpenVpn es el siguiente
      Dec 20 13:45:12 openvpn[67488]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
      Dec 20 13:45:14 openvpn[68804]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
      Dec 20 13:45:14 openvpn[68804]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
      Dec 20 13:45:14 openvpn[68804]: gw 201.236.23.97
      Dec 20 13:45:14 openvpn[68804]: TUN/TAP device /dev/tun0 opened
      Dec 20 13:45:14 openvpn[68804]: /sbin/ifconfig tun0 192.168.200.1 192.168.200.2 mtu 1500 netmask 255.255.255.255 up
      Dec 20 13:45:14 openvpn[68804]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
      Dec 20 13:45:15 openvpn[67488]: SIGTERM[hard,] received, process exiting
      Dec 20 13:45:17 openvpn[68817]: Listening for incoming TCP connection on [undef]:1194
      Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link local (bound): [undef]:1194
      Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link remote: [undef]
      Dec 20 13:45:17 openvpn[68817]: Initialization Sequence Completed

      El log del OpenVpn GUI V1.0.3 es el siguiente
      Sat Dec 20 15:01:01 2008 us=206082 Current Parameter Settings:
      Sat Dec 20 15:01:01 2008 us=206153  config = 'pfsense-clinte.ovpn'
      Sat Dec 20 15:01:01 2008 us=206167  mode = 0
      Sat Dec 20 15:01:01 2008 us=206180  show_ciphers = DISABLED
      Sat Dec 20 15:01:01 2008 us=206194  show_digests = DISABLED
      Sat Dec 20 15:01:01 2008 us=206207  show_engines = DISABLED
      Sat Dec 20 15:01:01 2008 us=206220  genkey = DISABLED
      Sat Dec 20 15:01:01 2008 us=206233  key_pass_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206245  show_tls_ciphers = DISABLED
      Sat Dec 20 15:01:01 2008 us=206257  proto = 2
      Sat Dec 20 15:01:01 2008 us=206269  local = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206284  remote_list[0] = {'201.236.23.100', 1194}
      Sat Dec 20 15:01:01 2008 us=206298  remote_random = DISABLED
      Sat Dec 20 15:01:01 2008 us=206312  local_port = 1194
      Sat Dec 20 15:01:01 2008 us=206325  remote_port = 1194
      Sat Dec 20 15:01:01 2008 us=206338  remote_float = ENABLED
      Sat Dec 20 15:01:01 2008 us=206351  ipchange = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206365  bind_local = ENABLED
      Sat Dec 20 15:01:01 2008 us=206377  dev = 'tun'
      Sat Dec 20 15:01:01 2008 us=206391  dev_type = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206404  dev_node = 'Tap'
      Sat Dec 20 15:01:01 2008 us=206417  tun_ipv6 = DISABLED
      Sat Dec 20 15:01:01 2008 us=206430  ifconfig_local = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206442  ifconfig_remote_netmask = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206455  ifconfig_noexec = DISABLED
      Sat Dec 20 15:01:01 2008 us=206473  ifconfig_nowarn = DISABLED
      Sat Dec 20 15:01:01 2008 us=206487  shaper = 0
      Sat Dec 20 15:01:01 2008 us=206499  tun_mtu = 1500
      Sat Dec 20 15:01:01 2008 us=206512  tun_mtu_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=206524  link_mtu = 1500
      Sat Dec 20 15:01:01 2008 us=206536  link_mtu_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=206548  tun_mtu_extra = 0
      Sat Dec 20 15:01:01 2008 us=206561  tun_mtu_extra_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=206573  fragment = 0
      Sat Dec 20 15:01:01 2008 us=206586  mtu_discover_type = -1
      Sat Dec 20 15:01:01 2008 us=206598  mtu_test = 0
      Sat Dec 20 15:01:01 2008 us=206610  mlock = DISABLED
      Sat Dec 20 15:01:01 2008 us=206622  keepalive_ping = 0
      Sat Dec 20 15:01:01 2008 us=206635  keepalive_timeout = 0
      Sat Dec 20 15:01:01 2008 us=206647  inactivity_timeout = 0
      Sat Dec 20 15:01:01 2008 us=206660  ping_send_timeout = 10
      Sat Dec 20 15:01:01 2008 us=206672  ping_rec_timeout = 0
      Sat Dec 20 15:01:01 2008 us=206685  ping_rec_timeout_action = 0
      Sat Dec 20 15:01:01 2008 us=206699  ping_timer_remote = DISABLED
      Sat Dec 20 15:01:01 2008 us=206711  remap_sigusr1 = 0
      Sat Dec 20 15:01:01 2008 us=206723  explicit_exit_notification = 0
      Sat Dec 20 15:01:01 2008 us=206737  persist_tun = ENABLED
      Sat Dec 20 15:01:01 2008 us=206751  persist_local_ip = DISABLED
      Sat Dec 20 15:01:01 2008 us=206764  persist_remote_ip = DISABLED
      Sat Dec 20 15:01:01 2008 us=206777  persist_key = ENABLED
      Sat Dec 20 15:01:01 2008 us=206790  mssfix = 1450
      Sat Dec 20 15:01:01 2008 us=206804  resolve_retry_seconds = 1000000000
      Sat Dec 20 15:01:01 2008 us=206817  connect_retry_seconds = 5
      Sat Dec 20 15:01:01 2008 us=206830  username = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206842  groupname = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206854  chroot_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206867  cd_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206879  writepid = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206892  up_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206904  down_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=206917  down_pre = DISABLED
      Sat Dec 20 15:01:01 2008 us=206929  up_restart = DISABLED
      Sat Dec 20 15:01:01 2008 us=206942  up_delay = DISABLED
      Sat Dec 20 15:01:01 2008 us=206955  daemon = DISABLED
      Sat Dec 20 15:01:01 2008 us=206967  inetd = 0
      Sat Dec 20 15:01:01 2008 us=206980  log = DISABLED
      Sat Dec 20 15:01:01 2008 us=206993  suppress_timestamps = DISABLED
      Sat Dec 20 15:01:01 2008 us=207005  nice = 0
      Sat Dec 20 15:01:01 2008 us=207017  verbosity = 4
      Sat Dec 20 15:01:01 2008 us=388034  mute = 0
      Sat Dec 20 15:01:01 2008 us=388061  gremlin = 0
      Sat Dec 20 15:01:01 2008 us=388074  status_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388087  status_file_version = 1
      Sat Dec 20 15:01:01 2008 us=388100  status_file_update_freq = 60
      Sat Dec 20 15:01:01 2008 us=388113  occ = ENABLED
      Sat Dec 20 15:01:01 2008 us=388125  rcvbuf = 0
      Sat Dec 20 15:01:01 2008 us=388139  sndbuf = 0
      Sat Dec 20 15:01:01 2008 us=388462  socks_proxy_server = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388494  socks_proxy_port = 0
      Sat Dec 20 15:01:01 2008 us=388508  socks_proxy_retry = DISABLED
      Sat Dec 20 15:01:01 2008 us=388522  fast_io = DISABLED
      Sat Dec 20 15:01:01 2008 us=388534  comp_lzo = DISABLED
      Sat Dec 20 15:01:01 2008 us=388547  comp_lzo_adaptive = ENABLED
      Sat Dec 20 15:01:01 2008 us=388559  route_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388572  route_default_gateway = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=388585  route_noexec = DISABLED
      Sat Dec 20 15:01:01 2008 us=405672  route_delay = 0
      Sat Dec 20 15:01:01 2008 us=405697  route_delay_window = 30
      Sat Dec 20 15:01:01 2008 us=405710  route_delay_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=405723  management_addr = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=405737  management_port = 0
      Sat Dec 20 15:01:01 2008 us=405750  management_user_pass = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=405763  management_log_history_cache = 250
      Sat Dec 20 15:01:01 2008 us=405777  management_echo_buffer_size = 100
      Sat Dec 20 15:01:01 2008 us=405790  management_query_passwords = DISABLED
      Sat Dec 20 15:01:01 2008 us=405804  management_hold = DISABLED
      Sat Dec 20 15:01:01 2008 us=405817  shared_secret_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=405830  key_direction = 0
      Sat Dec 20 15:01:01 2008 us=405843  ciphername_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=405856  ciphername = 'BF-CBC'
      Sat Dec 20 15:01:01 2008 us=405869  authname_defined = ENABLED
      Sat Dec 20 15:01:01 2008 us=440884  authname = 'SHA1'
      Sat Dec 20 15:01:01 2008 us=440909  keysize = 0
      Sat Dec 20 15:01:01 2008 us=440921  engine = DISABLED
      Sat Dec 20 15:01:01 2008 us=440934  replay = ENABLED
      Sat Dec 20 15:01:01 2008 us=440948  mute_replay_warnings = DISABLED
      Sat Dec 20 15:01:01 2008 us=440959  replay_window = 0
      Sat Dec 20 15:01:01 2008 us=440971  replay_time = 0
      Sat Dec 20 15:01:01 2008 us=440984  packet_id_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=441005  use_iv = ENABLED
      Sat Dec 20 15:01:01 2008 us=441017  test_crypto = DISABLED
      Sat Dec 20 15:01:01 2008 us=441028  tls_server = DISABLED
      Sat Dec 20 15:01:01 2008 us=441041  tls_client = ENABLED
      Sat Dec 20 15:01:01 2008 us=441054  key_method = 2
      Sat Dec 20 15:01:01 2008 us=441066  ca_file = 'ca.crt'
      Sat Dec 20 15:01:01 2008 us=441078  dh_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=441091  cert_file = 'cliente1.crt'
      Sat Dec 20 15:01:01 2008 us=441104  priv_key_file = 'cliente1.key'
      Sat Dec 20 15:01:01 2008 us=477117  pkcs12_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477144  cryptoapi_cert = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477157  cipher_list = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477171  tls_verify = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477184  tls_remote = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477196  crl_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=477209  ns_cert_type = 64
      Sat Dec 20 15:01:01 2008 us=477220  tls_timeout = 2
      Sat Dec 20 15:01:01 2008 us=477233  renegotiate_bytes = 0
      Sat Dec 20 15:01:01 2008 us=477244  renegotiate_packets = 0
      Sat Dec 20 15:01:01 2008 us=477257  renegotiate_seconds = 3600
      Sat Dec 20 15:01:01 2008 us=477269  handshake_window = 60
      Sat Dec 20 15:01:01 2008 us=477281  transition_window = 3600
      Sat Dec 20 15:01:01 2008 us=477293  single_session = DISABLED
      Sat Dec 20 15:01:01 2008 us=477305  tls_exit = DISABLED
      Sat Dec 20 15:01:01 2008 us=477317  tls_auth_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=523519  server_network = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523544  server_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523559  server_bridge_ip = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523573  server_bridge_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523587  server_bridge_pool_start = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523602  server_bridge_pool_end = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523615  ifconfig_pool_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=523631  ifconfig_pool_start = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523646  ifconfig_pool_end = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523660  ifconfig_pool_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=523675  ifconfig_pool_persist_filename = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=523689  ifconfig_pool_persist_refresh_freq = 600
      Sat Dec 20 15:01:01 2008 us=523702  ifconfig_pool_linear = DISABLED
      Sat Dec 20 15:01:01 2008 us=523716  n_bcast_buf = 256
      Sat Dec 20 15:01:01 2008 us=523727  tcp_queue_limit = 64
      Sat Dec 20 15:01:01 2008 us=570036  real_hash_size = 256
      Sat Dec 20 15:01:01 2008 us=570062  virtual_hash_size = 256
      Sat Dec 20 15:01:01 2008 us=570074  client_connect_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570089  learn_address_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570102  client_disconnect_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570115  client_config_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570126  ccd_exclusive = DISABLED
      Sat Dec 20 15:01:01 2008 us=570139  tmp_dir = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=570167  push_ifconfig_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=570191  push_ifconfig_local = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=570205  push_ifconfig_remote_netmask = 0.0.0.0
      Sat Dec 20 15:01:01 2008 us=570219  enable_c2c = DISABLED
      Sat Dec 20 15:01:01 2008 us=570232  duplicate_cn = DISABLED
      Sat Dec 20 15:01:01 2008 us=570244  cf_max = 0
      Sat Dec 20 15:01:01 2008 us=570257  cf_per = 0
      Sat Dec 20 15:01:01 2008 us=621333  max_clients = 1024
      Sat Dec 20 15:01:01 2008 us=621366  max_routes_per_client = 256
      Sat Dec 20 15:01:01 2008 us=621380  client_cert_not_required = DISABLED
      Sat Dec 20 15:01:01 2008 us=621394  username_as_common_name = DISABLED
      Sat Dec 20 15:01:01 2008 us=621409  auth_user_pass_verify_script = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=621424  auth_user_pass_verify_script_via_file = DISABLED
      Sat Dec 20 15:01:01 2008 us=621437  client = DISABLED
      Sat Dec 20 15:01:01 2008 us=621449  pull = ENABLED
      Sat Dec 20 15:01:01 2008 us=621462  auth_user_pass_file = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=621480  show_net_up = DISABLED
      Sat Dec 20 15:01:01 2008 us=621494  route_method = 0
      Sat Dec 20 15:01:01 2008 us=621508  ip_win32_defined = DISABLED
      Sat Dec 20 15:01:01 2008 us=621519  ip_win32_type = 3
      Sat Dec 20 15:01:01 2008 us=621532  dhcp_masq_offset = 0
      Sat Dec 20 15:01:01 2008 us=621544  dhcp_lease_time = 31536000
      Sat Dec 20 15:01:01 2008 us=650386  tap_sleep = 0
      Sat Dec 20 15:01:01 2008 us=650412  dhcp_options = DISABLED
      Sat Dec 20 15:01:01 2008 us=650425  dhcp_renew = DISABLED
      Sat Dec 20 15:01:01 2008 us=650438  dhcp_pre_release = DISABLED
      Sat Dec 20 15:01:01 2008 us=650450  dhcp_release = DISABLED
      Sat Dec 20 15:01:01 2008 us=650462  domain = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=650474  netbios_scope = '[UNDEF]'
      Sat Dec 20 15:01:01 2008 us=650485  netbios_node_type = 0
      Sat Dec 20 15:01:01 2008 us=650497  disable_nbt = DISABLED
      Sat Dec 20 15:01:01 2008 us=650526 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
      Sat Dec 20 15:01:01 2008 us=650681 WARNING: –ping should normally be used with --ping-restart or --ping-exit
      Sat Dec 20 15:01:01 2008 us=662062 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
      Sat Dec 20 15:01:01 2008 us=679583 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
      Sat Dec 20 15:01:01 2008 us=679653 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
      Sat Dec 20 15:01:01 2008 us=692370 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
      Sat Dec 20 15:01:01 2008 us=692438 Local Options hash (VER=V4): 'db02a8f8'
      Sat Dec 20 15:01:01 2008 us=692462 Expected Remote Options hash (VER=V4): '7e068940'
      Sat Dec 20 15:01:01 2008 us=692511 Attempting to establish TCP connection with 201.XXX.XXX.100:1194
      Sat Dec 20 15:01:22 2008 us=684857 TCP: connect to 201.XXX.XXX.100:1194 failed, will try again in 5 seconds

      Gracias por los posibles consejos

      CBA

      1 Reply Last reply Reply Quote 0
      • belleraB
        bellera
        last edited by

        ¡Hola!

        ¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?

        Saludos,

        Josep Pujadas

        1 Reply Last reply Reply Quote 0
        • S
          sgautier
          last edited by

          @bellera:

          ¡Hola!

          ¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?

          Saludos,

          Josep Pujadas

          Gracias por la respuesta pero me queda una duda
          en mi configuracion

          OpenVpn Server

          Protocol  Tcp
          Dinamic Ip Checked
          Local Port 1194
          Address Pool 192.168.200.0/24  <– Esta bien esto?
          Local network 175.0.0.0/24 <– y esto?
          Auth Method PKI

          para que los usuarios que se conecten a traves del Vpn puedan ver los equipos que estan detras del Pfsense es decir la red 175.0.0.0/24?
          Gracias

          1 Reply Last reply Reply Quote 0
          • belleraB
            bellera
            last edited by

            ¡Hola!

            Sí, parece correcto.

            Saludos,

            Josep Pujadas

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.