Problemas con OpenVpn
-
Alguien puede ayudarme a configurar OpenVpn para RoadWarrior lo he intentado muchas veces y no me resulta, incluso viendo los Tutoriales pero no hay caso.
Tengo la siguiente configuracion
En la empresa (Office) Lan 175.0.0.0/24
La configuracion del PfSense es la siguiente
Interfaces
Lan Interface
bridge With None
Ip Address 175.0.0.2 /24
Wan Interface
Type staticStatic Ip Configuration
IpAddress 201.XXX.XXX.100 /29
gateWay 201.XXX.XXX.97
Block private networks Checked (Marcado)–---------- Fin Iterfaces -------------
OpenVpn Server
Protocol Tcp
Dinamic Ip Checked
Local Port 1194
Address Pool 192.168.200.0/24
Local network 175.0.0.0/24
Auth Method PKI
Todos Los certificados Copiados y Pegados en sus respectivos espacios--------------- Fin OpenVpn Server --------------------
Firewall Rules
Action pass
Interface WAN
Protocol Tcp
Source Any
Destination Any
Destination Port range OpenVpn to OpenVpn
Log Checked
gateway Default------------------Fin Firewall rules ---------------------
El log del OpenVpn es el siguiente
Dec 20 13:45:12 openvpn[67488]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
Dec 20 13:45:14 openvpn[68804]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
Dec 20 13:45:14 openvpn[68804]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
Dec 20 13:45:14 openvpn[68804]: gw 201.236.23.97
Dec 20 13:45:14 openvpn[68804]: TUN/TAP device /dev/tun0 opened
Dec 20 13:45:14 openvpn[68804]: /sbin/ifconfig tun0 192.168.200.1 192.168.200.2 mtu 1500 netmask 255.255.255.255 up
Dec 20 13:45:14 openvpn[68804]: /etc/rc.filter_configure tun0 1500 1543 192.168.200.1 192.168.200.2 init
Dec 20 13:45:15 openvpn[67488]: SIGTERM[hard,] received, process exiting
Dec 20 13:45:17 openvpn[68817]: Listening for incoming TCP connection on [undef]:1194
Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link local (bound): [undef]:1194
Dec 20 13:45:17 openvpn[68817]: TCPv4_SERVER link remote: [undef]
Dec 20 13:45:17 openvpn[68817]: Initialization Sequence CompletedEl log del OpenVpn GUI V1.0.3 es el siguiente
Sat Dec 20 15:01:01 2008 us=206082 Current Parameter Settings:
Sat Dec 20 15:01:01 2008 us=206153 config = 'pfsense-clinte.ovpn'
Sat Dec 20 15:01:01 2008 us=206167 mode = 0
Sat Dec 20 15:01:01 2008 us=206180 show_ciphers = DISABLED
Sat Dec 20 15:01:01 2008 us=206194 show_digests = DISABLED
Sat Dec 20 15:01:01 2008 us=206207 show_engines = DISABLED
Sat Dec 20 15:01:01 2008 us=206220 genkey = DISABLED
Sat Dec 20 15:01:01 2008 us=206233 key_pass_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206245 show_tls_ciphers = DISABLED
Sat Dec 20 15:01:01 2008 us=206257 proto = 2
Sat Dec 20 15:01:01 2008 us=206269 local = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206284 remote_list[0] = {'201.236.23.100', 1194}
Sat Dec 20 15:01:01 2008 us=206298 remote_random = DISABLED
Sat Dec 20 15:01:01 2008 us=206312 local_port = 1194
Sat Dec 20 15:01:01 2008 us=206325 remote_port = 1194
Sat Dec 20 15:01:01 2008 us=206338 remote_float = ENABLED
Sat Dec 20 15:01:01 2008 us=206351 ipchange = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206365 bind_local = ENABLED
Sat Dec 20 15:01:01 2008 us=206377 dev = 'tun'
Sat Dec 20 15:01:01 2008 us=206391 dev_type = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206404 dev_node = 'Tap'
Sat Dec 20 15:01:01 2008 us=206417 tun_ipv6 = DISABLED
Sat Dec 20 15:01:01 2008 us=206430 ifconfig_local = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206442 ifconfig_remote_netmask = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206455 ifconfig_noexec = DISABLED
Sat Dec 20 15:01:01 2008 us=206473 ifconfig_nowarn = DISABLED
Sat Dec 20 15:01:01 2008 us=206487 shaper = 0
Sat Dec 20 15:01:01 2008 us=206499 tun_mtu = 1500
Sat Dec 20 15:01:01 2008 us=206512 tun_mtu_defined = ENABLED
Sat Dec 20 15:01:01 2008 us=206524 link_mtu = 1500
Sat Dec 20 15:01:01 2008 us=206536 link_mtu_defined = DISABLED
Sat Dec 20 15:01:01 2008 us=206548 tun_mtu_extra = 0
Sat Dec 20 15:01:01 2008 us=206561 tun_mtu_extra_defined = DISABLED
Sat Dec 20 15:01:01 2008 us=206573 fragment = 0
Sat Dec 20 15:01:01 2008 us=206586 mtu_discover_type = -1
Sat Dec 20 15:01:01 2008 us=206598 mtu_test = 0
Sat Dec 20 15:01:01 2008 us=206610 mlock = DISABLED
Sat Dec 20 15:01:01 2008 us=206622 keepalive_ping = 0
Sat Dec 20 15:01:01 2008 us=206635 keepalive_timeout = 0
Sat Dec 20 15:01:01 2008 us=206647 inactivity_timeout = 0
Sat Dec 20 15:01:01 2008 us=206660 ping_send_timeout = 10
Sat Dec 20 15:01:01 2008 us=206672 ping_rec_timeout = 0
Sat Dec 20 15:01:01 2008 us=206685 ping_rec_timeout_action = 0
Sat Dec 20 15:01:01 2008 us=206699 ping_timer_remote = DISABLED
Sat Dec 20 15:01:01 2008 us=206711 remap_sigusr1 = 0
Sat Dec 20 15:01:01 2008 us=206723 explicit_exit_notification = 0
Sat Dec 20 15:01:01 2008 us=206737 persist_tun = ENABLED
Sat Dec 20 15:01:01 2008 us=206751 persist_local_ip = DISABLED
Sat Dec 20 15:01:01 2008 us=206764 persist_remote_ip = DISABLED
Sat Dec 20 15:01:01 2008 us=206777 persist_key = ENABLED
Sat Dec 20 15:01:01 2008 us=206790 mssfix = 1450
Sat Dec 20 15:01:01 2008 us=206804 resolve_retry_seconds = 1000000000
Sat Dec 20 15:01:01 2008 us=206817 connect_retry_seconds = 5
Sat Dec 20 15:01:01 2008 us=206830 username = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206842 groupname = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206854 chroot_dir = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206867 cd_dir = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206879 writepid = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206892 up_script = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206904 down_script = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=206917 down_pre = DISABLED
Sat Dec 20 15:01:01 2008 us=206929 up_restart = DISABLED
Sat Dec 20 15:01:01 2008 us=206942 up_delay = DISABLED
Sat Dec 20 15:01:01 2008 us=206955 daemon = DISABLED
Sat Dec 20 15:01:01 2008 us=206967 inetd = 0
Sat Dec 20 15:01:01 2008 us=206980 log = DISABLED
Sat Dec 20 15:01:01 2008 us=206993 suppress_timestamps = DISABLED
Sat Dec 20 15:01:01 2008 us=207005 nice = 0
Sat Dec 20 15:01:01 2008 us=207017 verbosity = 4
Sat Dec 20 15:01:01 2008 us=388034 mute = 0
Sat Dec 20 15:01:01 2008 us=388061 gremlin = 0
Sat Dec 20 15:01:01 2008 us=388074 status_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=388087 status_file_version = 1
Sat Dec 20 15:01:01 2008 us=388100 status_file_update_freq = 60
Sat Dec 20 15:01:01 2008 us=388113 occ = ENABLED
Sat Dec 20 15:01:01 2008 us=388125 rcvbuf = 0
Sat Dec 20 15:01:01 2008 us=388139 sndbuf = 0
Sat Dec 20 15:01:01 2008 us=388462 socks_proxy_server = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=388494 socks_proxy_port = 0
Sat Dec 20 15:01:01 2008 us=388508 socks_proxy_retry = DISABLED
Sat Dec 20 15:01:01 2008 us=388522 fast_io = DISABLED
Sat Dec 20 15:01:01 2008 us=388534 comp_lzo = DISABLED
Sat Dec 20 15:01:01 2008 us=388547 comp_lzo_adaptive = ENABLED
Sat Dec 20 15:01:01 2008 us=388559 route_script = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=388572 route_default_gateway = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=388585 route_noexec = DISABLED
Sat Dec 20 15:01:01 2008 us=405672 route_delay = 0
Sat Dec 20 15:01:01 2008 us=405697 route_delay_window = 30
Sat Dec 20 15:01:01 2008 us=405710 route_delay_defined = ENABLED
Sat Dec 20 15:01:01 2008 us=405723 management_addr = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=405737 management_port = 0
Sat Dec 20 15:01:01 2008 us=405750 management_user_pass = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=405763 management_log_history_cache = 250
Sat Dec 20 15:01:01 2008 us=405777 management_echo_buffer_size = 100
Sat Dec 20 15:01:01 2008 us=405790 management_query_passwords = DISABLED
Sat Dec 20 15:01:01 2008 us=405804 management_hold = DISABLED
Sat Dec 20 15:01:01 2008 us=405817 shared_secret_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=405830 key_direction = 0
Sat Dec 20 15:01:01 2008 us=405843 ciphername_defined = ENABLED
Sat Dec 20 15:01:01 2008 us=405856 ciphername = 'BF-CBC'
Sat Dec 20 15:01:01 2008 us=405869 authname_defined = ENABLED
Sat Dec 20 15:01:01 2008 us=440884 authname = 'SHA1'
Sat Dec 20 15:01:01 2008 us=440909 keysize = 0
Sat Dec 20 15:01:01 2008 us=440921 engine = DISABLED
Sat Dec 20 15:01:01 2008 us=440934 replay = ENABLED
Sat Dec 20 15:01:01 2008 us=440948 mute_replay_warnings = DISABLED
Sat Dec 20 15:01:01 2008 us=440959 replay_window = 0
Sat Dec 20 15:01:01 2008 us=440971 replay_time = 0
Sat Dec 20 15:01:01 2008 us=440984 packet_id_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=441005 use_iv = ENABLED
Sat Dec 20 15:01:01 2008 us=441017 test_crypto = DISABLED
Sat Dec 20 15:01:01 2008 us=441028 tls_server = DISABLED
Sat Dec 20 15:01:01 2008 us=441041 tls_client = ENABLED
Sat Dec 20 15:01:01 2008 us=441054 key_method = 2
Sat Dec 20 15:01:01 2008 us=441066 ca_file = 'ca.crt'
Sat Dec 20 15:01:01 2008 us=441078 dh_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=441091 cert_file = 'cliente1.crt'
Sat Dec 20 15:01:01 2008 us=441104 priv_key_file = 'cliente1.key'
Sat Dec 20 15:01:01 2008 us=477117 pkcs12_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=477144 cryptoapi_cert = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=477157 cipher_list = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=477171 tls_verify = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=477184 tls_remote = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=477196 crl_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=477209 ns_cert_type = 64
Sat Dec 20 15:01:01 2008 us=477220 tls_timeout = 2
Sat Dec 20 15:01:01 2008 us=477233 renegotiate_bytes = 0
Sat Dec 20 15:01:01 2008 us=477244 renegotiate_packets = 0
Sat Dec 20 15:01:01 2008 us=477257 renegotiate_seconds = 3600
Sat Dec 20 15:01:01 2008 us=477269 handshake_window = 60
Sat Dec 20 15:01:01 2008 us=477281 transition_window = 3600
Sat Dec 20 15:01:01 2008 us=477293 single_session = DISABLED
Sat Dec 20 15:01:01 2008 us=477305 tls_exit = DISABLED
Sat Dec 20 15:01:01 2008 us=477317 tls_auth_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=523519 server_network = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523544 server_netmask = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523559 server_bridge_ip = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523573 server_bridge_netmask = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523587 server_bridge_pool_start = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523602 server_bridge_pool_end = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523615 ifconfig_pool_defined = DISABLED
Sat Dec 20 15:01:01 2008 us=523631 ifconfig_pool_start = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523646 ifconfig_pool_end = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523660 ifconfig_pool_netmask = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=523675 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=523689 ifconfig_pool_persist_refresh_freq = 600
Sat Dec 20 15:01:01 2008 us=523702 ifconfig_pool_linear = DISABLED
Sat Dec 20 15:01:01 2008 us=523716 n_bcast_buf = 256
Sat Dec 20 15:01:01 2008 us=523727 tcp_queue_limit = 64
Sat Dec 20 15:01:01 2008 us=570036 real_hash_size = 256
Sat Dec 20 15:01:01 2008 us=570062 virtual_hash_size = 256
Sat Dec 20 15:01:01 2008 us=570074 client_connect_script = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=570089 learn_address_script = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=570102 client_disconnect_script = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=570115 client_config_dir = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=570126 ccd_exclusive = DISABLED
Sat Dec 20 15:01:01 2008 us=570139 tmp_dir = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=570167 push_ifconfig_defined = DISABLED
Sat Dec 20 15:01:01 2008 us=570191 push_ifconfig_local = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=570205 push_ifconfig_remote_netmask = 0.0.0.0
Sat Dec 20 15:01:01 2008 us=570219 enable_c2c = DISABLED
Sat Dec 20 15:01:01 2008 us=570232 duplicate_cn = DISABLED
Sat Dec 20 15:01:01 2008 us=570244 cf_max = 0
Sat Dec 20 15:01:01 2008 us=570257 cf_per = 0
Sat Dec 20 15:01:01 2008 us=621333 max_clients = 1024
Sat Dec 20 15:01:01 2008 us=621366 max_routes_per_client = 256
Sat Dec 20 15:01:01 2008 us=621380 client_cert_not_required = DISABLED
Sat Dec 20 15:01:01 2008 us=621394 username_as_common_name = DISABLED
Sat Dec 20 15:01:01 2008 us=621409 auth_user_pass_verify_script = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=621424 auth_user_pass_verify_script_via_file = DISABLED
Sat Dec 20 15:01:01 2008 us=621437 client = DISABLED
Sat Dec 20 15:01:01 2008 us=621449 pull = ENABLED
Sat Dec 20 15:01:01 2008 us=621462 auth_user_pass_file = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=621480 show_net_up = DISABLED
Sat Dec 20 15:01:01 2008 us=621494 route_method = 0
Sat Dec 20 15:01:01 2008 us=621508 ip_win32_defined = DISABLED
Sat Dec 20 15:01:01 2008 us=621519 ip_win32_type = 3
Sat Dec 20 15:01:01 2008 us=621532 dhcp_masq_offset = 0
Sat Dec 20 15:01:01 2008 us=621544 dhcp_lease_time = 31536000
Sat Dec 20 15:01:01 2008 us=650386 tap_sleep = 0
Sat Dec 20 15:01:01 2008 us=650412 dhcp_options = DISABLED
Sat Dec 20 15:01:01 2008 us=650425 dhcp_renew = DISABLED
Sat Dec 20 15:01:01 2008 us=650438 dhcp_pre_release = DISABLED
Sat Dec 20 15:01:01 2008 us=650450 dhcp_release = DISABLED
Sat Dec 20 15:01:01 2008 us=650462 domain = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=650474 netbios_scope = '[UNDEF]'
Sat Dec 20 15:01:01 2008 us=650485 netbios_node_type = 0
Sat Dec 20 15:01:01 2008 us=650497 disable_nbt = DISABLED
Sat Dec 20 15:01:01 2008 us=650526 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 20 15:01:01 2008 us=650681 WARNING: –ping should normally be used with --ping-restart or --ping-exit
Sat Dec 20 15:01:01 2008 us=662062 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Dec 20 15:01:01 2008 us=679583 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Sat Dec 20 15:01:01 2008 us=679653 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Dec 20 15:01:01 2008 us=692370 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Dec 20 15:01:01 2008 us=692438 Local Options hash (VER=V4): 'db02a8f8'
Sat Dec 20 15:01:01 2008 us=692462 Expected Remote Options hash (VER=V4): '7e068940'
Sat Dec 20 15:01:01 2008 us=692511 Attempting to establish TCP connection with 201.XXX.XXX.100:1194
Sat Dec 20 15:01:22 2008 us=684857 TCP: connect to 201.XXX.XXX.100:1194 failed, will try again in 5 secondsGracias por los posibles consejos
CBA
-
¡Hola!
¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?
Saludos,
Josep Pujadas
-
¡Hola!
¿ Miraste en http://www.bellera.cat/josep/pfsense/openvpn_cs.html ?
Saludos,
Josep Pujadas
Gracias por la respuesta pero me queda una duda
en mi configuracionOpenVpn Server
Protocol Tcp
Dinamic Ip Checked
Local Port 1194
Address Pool 192.168.200.0/24 <– Esta bien esto?
Local network 175.0.0.0/24 <– y esto?
Auth Method PKIpara que los usuarios que se conecten a traves del Vpn puedan ver los equipos que estan detras del Pfsense es decir la red 175.0.0.0/24?
Gracias -
¡Hola!
Sí, parece correcto.
Saludos,
Josep Pujadas