4. Problemas con OpenVpn

Problemas con OpenVpn

  • S

    Alguien puede ayudarme a configurar OpenVpn para RoadWarrior lo he intentado muchas veces y no me resulta, incluso viendo los Tutoriales pero no hay caso.

    Tengo la siguiente configuracion

    En la empresa (Office) Lan 175.0.0.0/24

    La configuracion del PfSense es la siguiente

    Interfaces

    Lan Interface
        bridge With None
        Ip Address 175.0.0.2 /24
    Wan Interface
    Type static

    Static Ip Configuration
    IpAddress 201.XXX.XXX.100 /29
    gateWay 201.XXX.XXX.97
    Block private networks Checked (Marcado)

    –---------- Fin Iterfaces -------------

    OpenVpn Server

    Protocol  Tcp
    Dinamic Ip Checked
    Local Port 1194
    Address Pool 192.168.200.0/24
    Local network 175.0.0.0/24
    Auth Method PKI
    Todos Los certificados Copiados y Pegados en sus respectivos espacios

    --------------- Fin OpenVpn Server --------------------

    Firewall Rules

    Action pass
    Interface WAN
    Protocol Tcp
    Source Any
    Destination Any
    Destination Port range OpenVpn to OpenVpn
    Log Checked
    gateway Default

    ------------------Fin Firewall rules ---------------------

    El log del OpenVpn es el siguiente
    Dec 20 13:45:12 openvpn[67488]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
    Dec 20 13:45:14 openvpn[68804]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
    Dec 20 13:45:14 openvpn[68804]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
    Dec 20 13:45:14 openvpn[68804]: gw 201.236.23.97
    Dec 20 13:45:14 openvpn[68804]: TUN/TAP device /dev/tun0 opened
    Dec 20 13:45:14 openvpn[68804]: /sbin/ifconfig tun0 192.168.200.1 192.168.200.2 mtu 1500 netmask 255.255.255.255 up
    Dec 20 13:45:14 openvpn[68804]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
    Dec 20 13:45:15 openvpn[67488]: SIGTERM[hard,] received, process exiting
    Dec 20 13:45:17 openvpn[68817]: Listening for incoming TCP connection on [undef]:1194
    Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link local (bound): [undef]:1194
    Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link remote: [undef]
    Dec 20 13:45:17 openvpn[68817]: Initialization Sequence Completed

    El log del OpenVpn GUI V1.0.3 es el siguiente
    Sat Dec 20 15:01:01 2008 us=206082 Current Parameter Settings:
    Sat Dec 20 15:01:01 2008 us=206153  config = 'pfsense-clinte.ovpn'
    Sat Dec 20 15:01:01 2008 us=206167  mode = 0
    Sat Dec 20 15:01:01 2008 us=206180  show_ciphers = DISABLED
    Sat Dec 20 15:01:01 2008 us=206194  show_digests = DISABLED
    Sat Dec 20 15:01:01 2008 us=206207  show_engines = DISABLED
    Sat Dec 20 15:01:01 2008 us=206220  genkey = DISABLED
    Sat Dec 20 15:01:01 2008 us=206233  key_pass_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206245  show_tls_ciphers = DISABLED
    Sat Dec 20 15:01:01 2008 us=206257  proto = 2
    Sat Dec 20 15:01:01 2008 us=206269  local = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206284  remote_list[0] = {'201.236.23.100', 1194}
    Sat Dec 20 15:01:01 2008 us=206298  remote_random = DISABLED
    Sat Dec 20 15:01:01 2008 us=206312  local_port = 1194
    Sat Dec 20 15:01:01 2008 us=206325  remote_port = 1194
    Sat Dec 20 15:01:01 2008 us=206338  remote_float = ENABLED
    Sat Dec 20 15:01:01 2008 us=206351  ipchange = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206365  bind_local = ENABLED
    Sat Dec 20 15:01:01 2008 us=206377  dev = 'tun'
    Sat Dec 20 15:01:01 2008 us=206391  dev_type = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206404  dev_node = 'Tap'
    Sat Dec 20 15:01:01 2008 us=206417  tun_ipv6 = DISABLED
    Sat Dec 20 15:01:01 2008 us=206430  ifconfig_local = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206442  ifconfig_remote_netmask = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206455  ifconfig_noexec = DISABLED
    Sat Dec 20 15:01:01 2008 us=206473  ifconfig_nowarn = DISABLED
    Sat Dec 20 15:01:01 2008 us=206487  shaper = 0
    Sat Dec 20 15:01:01 2008 us=206499  tun_mtu = 1500
    Sat Dec 20 15:01:01 2008 us=206512  tun_mtu_defined = ENABLED
    Sat Dec 20 15:01:01 2008 us=206524  link_mtu = 1500
    Sat Dec 20 15:01:01 2008 us=206536  link_mtu_defined = DISABLED
    Sat Dec 20 15:01:01 2008 us=206548  tun_mtu_extra = 0
    Sat Dec 20 15:01:01 2008 us=206561  tun_mtu_extra_defined = DISABLED
    Sat Dec 20 15:01:01 2008 us=206573  fragment = 0
    Sat Dec 20 15:01:01 2008 us=206586  mtu_discover_type = -1
    Sat Dec 20 15:01:01 2008 us=206598  mtu_test = 0
    Sat Dec 20 15:01:01 2008 us=206610  mlock = DISABLED
    Sat Dec 20 15:01:01 2008 us=206622  keepalive_ping = 0
    Sat Dec 20 15:01:01 2008 us=206635  keepalive_timeout = 0
    Sat Dec 20 15:01:01 2008 us=206647  inactivity_timeout = 0
    Sat Dec 20 15:01:01 2008 us=206660  ping_send_timeout = 10
    Sat Dec 20 15:01:01 2008 us=206672  ping_rec_timeout = 0
    Sat Dec 20 15:01:01 2008 us=206685  ping_rec_timeout_action = 0
    Sat Dec 20 15:01:01 2008 us=206699  ping_timer_remote = DISABLED
    Sat Dec 20 15:01:01 2008 us=206711  remap_sigusr1 = 0
    Sat Dec 20 15:01:01 2008 us=206723  explicit_exit_notification = 0
    Sat Dec 20 15:01:01 2008 us=206737  persist_tun = ENABLED
    Sat Dec 20 15:01:01 2008 us=206751  persist_local_ip = DISABLED
    Sat Dec 20 15:01:01 2008 us=206764  persist_remote_ip = DISABLED
    Sat Dec 20 15:01:01 2008 us=206777  persist_key = ENABLED
    Sat Dec 20 15:01:01 2008 us=206790  mssfix = 1450
    Sat Dec 20 15:01:01 2008 us=206804  resolve_retry_seconds = 1000000000
    Sat Dec 20 15:01:01 2008 us=206817  connect_retry_seconds = 5
    Sat Dec 20 15:01:01 2008 us=206830  username = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206842  groupname = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206854  chroot_dir = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206867  cd_dir = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206879  writepid = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206892  up_script = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206904  down_script = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=206917  down_pre = DISABLED
    Sat Dec 20 15:01:01 2008 us=206929  up_restart = DISABLED
    Sat Dec 20 15:01:01 2008 us=206942  up_delay = DISABLED
    Sat Dec 20 15:01:01 2008 us=206955  daemon = DISABLED
    Sat Dec 20 15:01:01 2008 us=206967  inetd = 0
    Sat Dec 20 15:01:01 2008 us=206980  log = DISABLED
    Sat Dec 20 15:01:01 2008 us=206993  suppress_timestamps = DISABLED
    Sat Dec 20 15:01:01 2008 us=207005  nice = 0
    Sat Dec 20 15:01:01 2008 us=207017  verbosity = 4
    Sat Dec 20 15:01:01 2008 us=388034  mute = 0
    Sat Dec 20 15:01:01 2008 us=388061  gremlin = 0
    Sat Dec 20 15:01:01 2008 us=388074  status_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=388087  status_file_version = 1
    Sat Dec 20 15:01:01 2008 us=388100  status_file_update_freq = 60
    Sat Dec 20 15:01:01 2008 us=388113  occ = ENABLED
    Sat Dec 20 15:01:01 2008 us=388125  rcvbuf = 0
    Sat Dec 20 15:01:01 2008 us=388139  sndbuf = 0
    Sat Dec 20 15:01:01 2008 us=388462  socks_proxy_server = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=388494  socks_proxy_port = 0
    Sat Dec 20 15:01:01 2008 us=388508  socks_proxy_retry = DISABLED
    Sat Dec 20 15:01:01 2008 us=388522  fast_io = DISABLED
    Sat Dec 20 15:01:01 2008 us=388534  comp_lzo = DISABLED
    Sat Dec 20 15:01:01 2008 us=388547  comp_lzo_adaptive = ENABLED
    Sat Dec 20 15:01:01 2008 us=388559  route_script = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=388572  route_default_gateway = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=388585  route_noexec = DISABLED
    Sat Dec 20 15:01:01 2008 us=405672  route_delay = 0
    Sat Dec 20 15:01:01 2008 us=405697  route_delay_window = 30
    Sat Dec 20 15:01:01 2008 us=405710  route_delay_defined = ENABLED
    Sat Dec 20 15:01:01 2008 us=405723  management_addr = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=405737  management_port = 0
    Sat Dec 20 15:01:01 2008 us=405750  management_user_pass = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=405763  management_log_history_cache = 250
    Sat Dec 20 15:01:01 2008 us=405777  management_echo_buffer_size = 100
    Sat Dec 20 15:01:01 2008 us=405790  management_query_passwords = DISABLED
    Sat Dec 20 15:01:01 2008 us=405804  management_hold = DISABLED
    Sat Dec 20 15:01:01 2008 us=405817  shared_secret_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=405830  key_direction = 0
    Sat Dec 20 15:01:01 2008 us=405843  ciphername_defined = ENABLED
    Sat Dec 20 15:01:01 2008 us=405856  ciphername = 'BF-CBC'
    Sat Dec 20 15:01:01 2008 us=405869  authname_defined = ENABLED
    Sat Dec 20 15:01:01 2008 us=440884  authname = 'SHA1'
    Sat Dec 20 15:01:01 2008 us=440909  keysize = 0
    Sat Dec 20 15:01:01 2008 us=440921  engine = DISABLED
    Sat Dec 20 15:01:01 2008 us=440934  replay = ENABLED
    Sat Dec 20 15:01:01 2008 us=440948  mute_replay_warnings = DISABLED
    Sat Dec 20 15:01:01 2008 us=440959  replay_window = 0
    Sat Dec 20 15:01:01 2008 us=440971  replay_time = 0
    Sat Dec 20 15:01:01 2008 us=440984  packet_id_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=441005  use_iv = ENABLED
    Sat Dec 20 15:01:01 2008 us=441017  test_crypto = DISABLED
    Sat Dec 20 15:01:01 2008 us=441028  tls_server = DISABLED
    Sat Dec 20 15:01:01 2008 us=441041  tls_client = ENABLED
    Sat Dec 20 15:01:01 2008 us=441054  key_method = 2
    Sat Dec 20 15:01:01 2008 us=441066  ca_file = 'ca.crt'
    Sat Dec 20 15:01:01 2008 us=441078  dh_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=441091  cert_file = 'cliente1.crt'
    Sat Dec 20 15:01:01 2008 us=441104  priv_key_file = 'cliente1.key'
    Sat Dec 20 15:01:01 2008 us=477117  pkcs12_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=477144  cryptoapi_cert = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=477157  cipher_list = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=477171  tls_verify = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=477184  tls_remote = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=477196  crl_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=477209  ns_cert_type = 64
    Sat Dec 20 15:01:01 2008 us=477220  tls_timeout = 2
    Sat Dec 20 15:01:01 2008 us=477233  renegotiate_bytes = 0
    Sat Dec 20 15:01:01 2008 us=477244  renegotiate_packets = 0
    Sat Dec 20 15:01:01 2008 us=477257  renegotiate_seconds = 3600
    Sat Dec 20 15:01:01 2008 us=477269  handshake_window = 60
    Sat Dec 20 15:01:01 2008 us=477281  transition_window = 3600
    Sat Dec 20 15:01:01 2008 us=477293  single_session = DISABLED
    Sat Dec 20 15:01:01 2008 us=477305  tls_exit = DISABLED
    Sat Dec 20 15:01:01 2008 us=477317  tls_auth_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=523519  server_network = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523544  server_netmask = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523559  server_bridge_ip = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523573  server_bridge_netmask = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523587  server_bridge_pool_start = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523602  server_bridge_pool_end = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523615  ifconfig_pool_defined = DISABLED
    Sat Dec 20 15:01:01 2008 us=523631  ifconfig_pool_start = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523646  ifconfig_pool_end = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523660  ifconfig_pool_netmask = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=523675  ifconfig_pool_persist_filename = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=523689  ifconfig_pool_persist_refresh_freq = 600
    Sat Dec 20 15:01:01 2008 us=523702  ifconfig_pool_linear = DISABLED
    Sat Dec 20 15:01:01 2008 us=523716  n_bcast_buf = 256
    Sat Dec 20 15:01:01 2008 us=523727  tcp_queue_limit = 64
    Sat Dec 20 15:01:01 2008 us=570036  real_hash_size = 256
    Sat Dec 20 15:01:01 2008 us=570062  virtual_hash_size = 256
    Sat Dec 20 15:01:01 2008 us=570074  client_connect_script = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=570089  learn_address_script = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=570102  client_disconnect_script = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=570115  client_config_dir = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=570126  ccd_exclusive = DISABLED
    Sat Dec 20 15:01:01 2008 us=570139  tmp_dir = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=570167  push_ifconfig_defined = DISABLED
    Sat Dec 20 15:01:01 2008 us=570191  push_ifconfig_local = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=570205  push_ifconfig_remote_netmask = 0.0.0.0
    Sat Dec 20 15:01:01 2008 us=570219  enable_c2c = DISABLED
    Sat Dec 20 15:01:01 2008 us=570232  duplicate_cn = DISABLED
    Sat Dec 20 15:01:01 2008 us=570244  cf_max = 0
    Sat Dec 20 15:01:01 2008 us=570257  cf_per = 0
    Sat Dec 20 15:01:01 2008 us=621333  max_clients = 1024
    Sat Dec 20 15:01:01 2008 us=621366  max_routes_per_client = 256
    Sat Dec 20 15:01:01 2008 us=621380  client_cert_not_required = DISABLED
    Sat Dec 20 15:01:01 2008 us=621394  username_as_common_name = DISABLED
    Sat Dec 20 15:01:01 2008 us=621409  auth_user_pass_verify_script = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=621424  auth_user_pass_verify_script_via_file = DISABLED
    Sat Dec 20 15:01:01 2008 us=621437  client = DISABLED
    Sat Dec 20 15:01:01 2008 us=621449  pull = ENABLED
    Sat Dec 20 15:01:01 2008 us=621462  auth_user_pass_file = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=621480  show_net_up = DISABLED
    Sat Dec 20 15:01:01 2008 us=621494  route_method = 0
    Sat Dec 20 15:01:01 2008 us=621508  ip_win32_defined = DISABLED
    Sat Dec 20 15:01:01 2008 us=621519  ip_win32_type = 3
    Sat Dec 20 15:01:01 2008 us=621532  dhcp_masq_offset = 0
    Sat Dec 20 15:01:01 2008 us=621544  dhcp_lease_time = 31536000
    Sat Dec 20 15:01:01 2008 us=650386  tap_sleep = 0
    Sat Dec 20 15:01:01 2008 us=650412  dhcp_options = DISABLED
    Sat Dec 20 15:01:01 2008 us=650425  dhcp_renew = DISABLED
    Sat Dec 20 15:01:01 2008 us=650438  dhcp_pre_release = DISABLED
    Sat Dec 20 15:01:01 2008 us=650450  dhcp_release = DISABLED
    Sat Dec 20 15:01:01 2008 us=650462  domain = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=650474  netbios_scope = '[UNDEF]'
    Sat Dec 20 15:01:01 2008 us=650485  netbios_node_type = 0
    Sat Dec 20 15:01:01 2008 us=650497  disable_nbt = DISABLED
    Sat Dec 20 15:01:01 2008 us=650526 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
    Sat Dec 20 15:01:01 2008 us=650681 WARNING: –ping should normally be used with --ping-restart or --ping-exit
    Sat Dec 20 15:01:01 2008 us=662062 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Sat Dec 20 15:01:01 2008 us=679583 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
    Sat Dec 20 15:01:01 2008 us=679653 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Sat Dec 20 15:01:01 2008 us=692370 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Sat Dec 20 15:01:01 2008 us=692438 Local Options hash (VER=V4): 'db02a8f8'
    Sat Dec 20 15:01:01 2008 us=692462 Expected Remote Options hash (VER=V4): '7e068940'
    Sat Dec 20 15:01:01 2008 us=692511 Attempting to establish TCP connection with 201.XXX.XXX.100:1194
    Sat Dec 20 15:01:22 2008 us=684857 TCP: connect to 201.XXX.XXX.100:1194 failed, will try again in 5 seconds

    Gracias por los posibles consejos

    CBA

    0

  • ¡Hola!

    ¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?

    Saludos,

    Josep Pujadas

    0
  • S

    @bellera:

    ¡Hola!

    ¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?

    Saludos,

    Josep Pujadas

    Gracias por la respuesta pero me queda una duda
    en mi configuracion

    OpenVpn Server

    Protocol  Tcp
    Dinamic Ip Checked
    Local Port 1194
    Address Pool 192.168.200.0/24  <– Esta bien esto?
    Local network 175.0.0.0/24 <– y esto?
    Auth Method PKI

    para que los usuarios que se conecten a traves del Vpn puedan ver los equipos que estan detras del Pfsense es decir la red 175.0.0.0/24?
    Gracias

    0

  • ¡Hola!

    Sí, parece correcto.

    Saludos,

    Josep Pujadas

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy