Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN mit mehreren road warrior klappt nicht

    Deutsch
    3
    4
    248
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      achim55
      last edited by

      Hallo Zusammen,
      ich habe die Tage ein road warrior Client eingerichtet, der unter Linux, problemlos läuft.
      Also die Zertifikate, User usw eingerichtet und den Rest dann per Client Export.

      Soweit klappt alles von dem Linux Notebook aus, ich kann  ein Ping auf dem Server hinter der pfSense abgeben.

      Leider geht das nicht von dem Windows 10 Rechner aus. Der baute die VPN Verbindung auf aber es geht kein Ping auf den Server durch.
      Da gibt es eine Fehlermeldung was das Routen angeht.
      Müsste da nicht auch das Routen über die pfSense erfolgen, klappt bei dem Linuxnotebook ja auch?

      Log Linux Notebook

      
Apr 12 13:32:56 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532776.5331] audit: op="connection-activate" uuid="06f332c6-5e86-4642-8d6f-37ed3632565d" name="pfSense-UDP4-1196-config" pid=1869 uid=1000 result="success"
Apr 12 13:32:56 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532776.5397] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",0]: Started the VPN service, PID 4142
Apr 12 13:32:56 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532776.5556] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",0]: Saw the service appear; activating connection
Apr 12 13:32:56 xx-ThinkPad-T530 NetworkManager[1087]: nm-openvpn-Message: openvpn[4150] started
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Apr 12 13:32:56 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532776.7098] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",0]: VPN plugin: state changed: starting (3)
Apr 12 13:32:56 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532776.7099] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",0]: VPN connection: (ConnectInteractive) reply received
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: WARNING: file '/home/xx/Downloads/pfSense-UDP4-1196/pfSense-UDP4-1196-tls.key' is group or others accessible
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: Control Channel Authentication: using '/home/xx/Downloads/pfSense-UDP4-1196/pfSense-UDP4-1196-tls.key' as a OpenVPN static key file
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: NOTE: chroot will be delayed because of --client, --pull, or --up-delay
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: UDPv4 link local: [undef]
Apr 12 13:32:56 xx-ThinkPad-T530 nm-openvpn[4150]: UDPv4 link remote: [AF_INET]xx.xx.xx.xx:1196
Apr 12 13:33:11 xx-ThinkPad-T530 nm-openvpn[4150]: [openvpn-server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1196
Apr 12 13:33:13 xx-ThinkPad-T530 nm-openvpn[4150]: TUN/TAP device tun0 opened
Apr 12 13:33:13 xx-ThinkPad-T530 nm-openvpn[4150]: /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper --bus-name org.freedesktop.NetworkManager.openvpn.Connection_3 --tun -- tun0 1500 1560 10.0.8.2 255.255.255.0 init
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.8727] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/4)
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.8881] devices added (path: /sys/devices/virtual/net/tun0, iface: tun0)
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.8882] device added (path: /sys/devices/virtual/net/tun0, iface: tun0): no ifupdown configuration found.
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.8956] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",0]: VPN connection: (IP Config Get) reply received.
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.8981] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: VPN connection: (IP4 Config Get) reply received
Apr 12 13:33:13 xx-ThinkPad-T530 nm-openvpn[4150]: chroot to '/var/lib/openvpn/chroot' and cd to '/' succeeded
Apr 12 13:33:13 xx-ThinkPad-T530 nm-openvpn[4150]: GID set to nm-openvpn
Apr 12 13:33:13 xx-ThinkPad-T530 nm-openvpn[4150]: UID set to nm-openvpn
Apr 12 13:33:13 xx-ThinkPad-T530 nm-openvpn[4150]: Initialization Sequence Completed
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9034] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data: VPN Gateway: xx.xx.xx.xx
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9039] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data: Tunnel Device: "tun0"
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9044] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data: IPv4 configuration:
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9049] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Internal Gateway: 10.0.8.1
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9054] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Internal Address: 10.0.8.2
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9060] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Internal Prefix: 24
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9065] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Internal Point-to-Point Address: 10.0.8.2
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9070] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Maximum Segment Size (MSS): 0
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9074] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Forbid Default Route: no
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9075] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Internal DNS: 8.8.8.8
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9075] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   Internal DNS: 8.8.4.4
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9075] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data:   DNS Domain: '(none)'
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9076] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: Data: No IPv6 configuration
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9077] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: VPN plugin: state changed: started (4)
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9100] vpn-connection[0xe023c0,06f332c6-5e86-4642-8d6f-37ed3632565d,"pfSense-UDP4-1196-config",5:(tun0)]: VPN connection: (IP Config Get) complete
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9105] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed') [10 20 41]
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9188] dns-mgr: Writing DNS information to /sbin/resolvconf
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: vorgelagerte Server von DBus gesetzt
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 8.8.8.8#53(via tun0)
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 8.8.4.4#53(via tun0)
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 2a03:2260:300a:1000::16#53(via wlp3s0)
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 2a03:2260:300a:1000::32#53(via wlp3s0)
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 2a03:2260:300a:1000::8#53(via wlp3s0)
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 2a03:2260:300a:1000::24#53(via wlp3s0)
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 8.8.8.8#53 für Domain 8.0.10.in-addr.arpa
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 8.8.4.4#53 für Domain 8.0.10.in-addr.arpa
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 2a03:2260:300a:1000::ffd0#53(via wlp3s0)
Apr 12 13:33:13 xx-ThinkPad-T530 dnsmasq[3048]: Benutze Namensserver 10.233.8.1#53(via wlp3s0)
Apr 12 13:33:13 xx-ThinkPad-T530 dbus[1016]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9352] keyfile: add connection in-memory (9c69171a-b19c-4043-9a8c-92863caddd2c,"tun0")
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9363] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed') [20 30 41]
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9423] device (tun0): Activation: starting connection 'tun0' (9c69171a-b19c-4043-9a8c-92863caddd2c)
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9502] device (tun0): state change: disconnected -> prepare (reason 'none') [30 40 0]
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9531] device (tun0): state change: prepare -> config (reason 'none') [40 50 0]
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9540] device (tun0): state change: config -> ip-config (reason 'none') [50 70 0]
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9552] device (tun0): state change: ip-config -> ip-check (reason 'none') [70 80 0]
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9561] device (tun0): state change: ip-check -> secondaries (reason 'none') [80 90 0]
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9570] device (tun0): state change: secondaries -> activated (reason 'none') [90 100 0]
Apr 12 13:33:13 xx-ThinkPad-T530 systemd[1]: Starting Network Manager Script Dispatcher Service...
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9682] policy: set 'tun0' (tun0) as default for IPv4 routing and DNS
Apr 12 13:33:13 xx-ThinkPad-T530 NetworkManager[1087]: <info>[1523532793.9695] device (tun0): Activation: successful, device activated.
Apr 12 13:33:13 xx-ThinkPad-T530 dbus[1016]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Apr 12 13:33:13 xx-ThinkPad-T530 systemd[1]: Started Network Manager Script Dispatcher Service.
Apr 12 13:33:13 xx-ThinkPad-T530 nm-dispatcher: req:1 'vpn-up' [tun0]: new request (1 scripts)
Apr 12 13:33:13 xx-ThinkPad-T530 nm-dispatcher: req:1 'vpn-up' [tun0]: start running ordered scripts...
Apr 12 13:33:13 xx-ThinkPad-T530 nm-dispatcher: req:2 'up' [tun0]: new request (1 scripts)
Apr 12 13:33:14 xx-ThinkPad-T530 systemd[1]: Reloading OpenBSD Secure Shell server.
Apr 12 13:33:14 xx-ThinkPad-T530 systemd[1]: Reloaded OpenBSD Secure Shell server.
Apr 12 13:33:14 xx-ThinkPad-T530 nm-dispatcher: req:2 'up' [tun0]: start running ordered scripts...
Apr 12 13:33:14 xx-ThinkPad-T530 systemd[1]: Reloading OpenBSD Secure Shell server.
Apr 12 13:33:14 xx-ThinkPad-T530 systemd[1]: Reloaded OpenBSD Secure Shell server.
Apr 12 13:33:14 xx-ThinkPad-T530 ntpdate[4262]: the NTP socket is in use, exiting
Apr 12 13:33:15 xx-ThinkPad-T530 ntpd[1468]: Listen normally on 9 tun0 10.0.8.2:123
Apr 12 13:33:15 xx-ThinkPad-T530 ntpd[1468]: new interface(s) found: waking up resolver</info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info></info>

      Log windows

      
Thu Apr 12 12:22:13 2018 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\pfSense-UDP4-1196-xx_Mi2.log: Zugriff verweigert   (errno=5)
Thu Apr 12 12:22:13 2018 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan  4 2016
Thu Apr 12 12:22:13 2018 Windows version 6.2 (Windows 8 or greater)
Thu Apr 12 12:22:13 2018 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Thu Apr 12 12:23:11 2018 Control Channel Authentication: using 'pfSense-UDP4-1196-xx_Mi2-tls.key' as a OpenVPN static key file
Thu Apr 12 12:23:11 2018 UDPv4 link local (bound): [undef]
Thu Apr 12 12:23:11 2018 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:1196
Thu Apr 12 12:23:11 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Apr 12 12:23:12 2018 [openvpn-server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1196
Thu Apr 12 12:23:14 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 12 12:23:14 2018 open_tun, tt->ipv6=0
Thu Apr 12 12:23:14 2018 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{ABFB0395-413F-466B-A003-5FD8B1FF9526}.tap
Thu Apr 12 12:23:14 2018 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.8.0/10.0.8.3/255.255.255.0 [SUCCEEDED]
Thu Apr 12 12:23:14 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.8.3/255.255.255.0 on interface {ABFB0395-413F-466B-A003-5FD8B1FF9526} [DHCP-serv: 10.0.8.254, lease-time: 31536000]
Thu Apr 12 12:23:19 2018 ROUTE: route addition failed using CreateIpForwardEntry: Zugriff verweigert   [status=5 if_index=6]
Thu Apr 12 12:23:19 2018 env_block: add PATH=C:\windows\System32;C:\windows;C:\windows\System32\Wbem
Thu Apr 12 12:23:19 2018 ERROR: Windows route add command failed [adaptive]: returned error code 1
Thu Apr 12 12:23:19 2018 ROUTE: route addition failed using CreateIpForwardEntry: Zugriff verweigert   [status=5 if_index=30]
Thu Apr 12 12:23:19 2018 env_block: add PATH=C:\windows\System32;C:\windows;C:\windows\System32\Wbem
Thu Apr 12 12:23:20 2018 ERROR: Windows route add command failed [adaptive]: returned error code 1
Thu Apr 12 12:23:20 2018 ROUTE: route addition failed using CreateIpForwardEntry: Zugriff verweigert   [status=5 if_index=30]
Thu Apr 12 12:23:20 2018 env_block: add PATH=C:\windows\System32;C:\windows;C:\windows\System32\Wbem
Thu Apr 12 12:23:20 2018 ERROR: Windows route add command failed [adaptive]: returned error code 1
Thu Apr 12 12:23:20 2018 Initialization Sequence Completed

```![route1.png](/public/_imported_attachments_/1/route1.png)
![route1.png_thumb](/public/_imported_attachments_/1/route1.png_thumb)
![openvpn.png](/public/_imported_attachments_/1/openvpn.png)
![openvpn.png_thumb](/public/_imported_attachments_/1/openvpn.png_thumb)
![lan.png](/public/_imported_attachments_/1/lan.png)
![lan.png_thumb](/public/_imported_attachments_/1/lan.png_thumb)
![wan.png](/public/_imported_attachments_/1/wan.png)
![wan.png_thumb](/public/_imported_attachments_/1/wan.png_thumb)
      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Ja, der Client ist nicht berechtig, die Routen zu ändern.

        Verwendest du eine aktuelle pfSense Version? Und hast du im Client Export Utility die aktuelle Installer-Version für Windows augewählt: Current Windows Installer?
        Damit sollte es eigentlich keine Probleme geben.

        Ansonsten kannst du versuchen, den Client in Windows mit Admin-Rechten zu starten. Dann darf er Routen ändern.

        1 Reply Last reply Reply Quote 0
        • A
          achim55
          last edited by

          okay, das sollte es sein weil er nicht die Adminrechte hat. Werde es Montag einmal testen 8)

          Ist die aktuelle Version 2.4.3-RELEASE mit dem Current Windows Installer.

          Gruß
          Achim

          1 Reply Last reply Reply Quote 0
          • JeGrJ
            JeGr LAYER 8 Moderator
            last edited by

            Thu Apr 12 12:23:19 2018 ERROR: Windows route add command failed [adaptive]: returned error code 1
            Thu Apr 12 12:23:19 2018 ROUTE: route addition failed using CreateIpForwardEntry: Zugriff verweigert  [status=5 if_index=30]

            Eindeutig Rechteproblem. Für Windows 10 bitte unbedingt den aktuellsten Client von OpenVPN mit Service installieren, dann sind auch keine Adminrechte des Benutzers notwendig (einmal während der Installation des Service, ja). Das liest sich aber eher nach einer Version < 2.4 von OpenVPN, bei der es noch keinen VPN Helfer Service gab.

            Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post