Openvpn CentOS - pfSense

charneval

Salve a tutti.
Qualche utente del forum ha mai realizzato una vpn tra un server centOS sul quale gira openvpn server ed un pfSense dove ho il client openvpn ?

kiokoman

avevo fatto una openvpn tra pfsense e ubuntu
dove però avevo ubuntu come client e pfsense come server openvpn
che difficoltà stai riscontrando?

charneval

Ti allego il report

Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: CMD 'state 1'
Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client disconnected
Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: CMD 'state 1'
Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client disconnected
Oct 9 19:09:22 	openvpn 	6186 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Oct 9 19:09:22 	openvpn 	6186 	MANAGEMENT: CMD 'state 1'
Oct 9 19:09:22 	openvpn 	6186 	MANAGEMENT: Client disconnected
Oct 9 19:09:24 	openvpn 	6186 	[UNDEF] Inactivity timeout (--ping-restart), restarting
Oct 9 19:09:24 	openvpn 	6186 	SIGUSR1[soft,ping-restart] received, process restarting
Oct 9 19:09:24 	openvpn 	6186 	Restart pause, 5 second(s)
Oct 9 19:09:29 	openvpn 	6186 	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 9 19:09:29 	openvpn 	6186 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 9 19:09:29 	openvpn 	6186 	TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196
Oct 9 19:09:29 	openvpn 	6186 	Socket Buffers: R=[42080->42080] S=[57344->57344]
Oct 9 19:09:29 	openvpn 	6186 	UDPv4 link local (bound): [AF_INET]192.168.250.1:0
Oct 9 19:09:29 	openvpn 	6186 	UDPv4 link remote: [AF_INET]5.189.151.220:1196
Oct 9 19:10:07 	openvpn 	6186 	event_wait : Interrupted system call (code=4)
Oct 9 19:10:07 	openvpn 	6186 	SIGTERM[hard,] received, process exiting
Oct 9 19:10:07 	openvpn 	55258 	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Oct 9 19:10:07 	openvpn 	55258 	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 9 19:10:07 	openvpn 	55529 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock
Oct 9 19:10:07 	openvpn 	55529 	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 9 19:10:07 	openvpn 	55529 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 9 19:10:07 	openvpn 	55529 	Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 9 19:10:07 	openvpn 	55529 	Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 9 19:10:07 	openvpn 	55529 	TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196
Oct 9 19:10:07 	openvpn 	55529 	Socket Buffers: R=[42080->42080] S=[57344->57344]
Oct 9 19:10:07 	openvpn 	55529 	UDPv4 link local (bound): [AF_INET]192.168.250.1:0
Oct 9 19:10:07 	openvpn 	55529 	UDPv4 link remote: [AF_INET]5.189.151.220:1196
Oct 9 19:10:10 	openvpn 	55529 	event_wait : Interrupted system call (code=4)
Oct 9 19:10:10 	openvpn 	55529 	SIGTERM[hard,] received, process exiting
Oct 9 19:10:10 	openvpn 	93642 	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
Oct 9 19:10:10 	openvpn 	93642 	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 9 19:10:10 	openvpn 	93953 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock
Oct 9 19:10:10 	openvpn 	93953 	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Oct 9 19:10:10 	openvpn 	93953 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 9 19:10:10 	openvpn 	93953 	Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 9 19:10:10 	openvpn 	93953 	Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 9 19:10:10 	openvpn 	93953 	TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196
Oct 9 19:10:10 	openvpn 	93953 	Socket Buffers: R=[42080->42080] S=[57344->57344]
Oct 9 19:10:10 	openvpn 	93953 	UDPv4 link local (bound): [AF_INET]192.168.250.1:0
Oct 9 19:10:10 	openvpn 	93953 	UDPv4 link remote: [AF_INET]5.189.151.220:1196
Oct 9 19:10:15 	openvpn 	93953 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Oct 9 19:10:15 	openvpn 	93953 	MANAGEMENT: CMD 'state 1'
Oct 9 19:10:15 	openvpn 	93953 	MANAGEMENT: Client disconnected
Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: CMD 'state 1'
Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client disconnected
Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: CMD 'state 1'
Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client disconnected 

kiokoman

come vuoi configurarlo con certificato o con chiave condivisa?
cosa dice il log di centos ?
riesci a postare il file di configurazione del server ?

io usavo per generare la chiave condivisa

openvpn --genkey --secret static.key

e una configurazione base del server potrebbe essere

dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key

il contenuto di static.key lo metti sul client di pfsense come chiave