Openvpn CentOS - pfSense
-
Salve a tutti.
Qualche utente del forum ha mai realizzato una vpn tra un server centOS sul quale gira openvpn server ed un pfSense dove ho il client openvpn ? -
avevo fatto una openvpn tra pfsense e ubuntu
dove però avevo ubuntu come client e pfsense come server openvpn
che difficoltà stai riscontrando? -
Ti allego il report
Oct 9 19:09:14 openvpn 6186 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Oct 9 19:09:14 openvpn 6186 MANAGEMENT: CMD 'state 1' Oct 9 19:09:14 openvpn 6186 MANAGEMENT: Client disconnected Oct 9 19:09:14 openvpn 6186 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Oct 9 19:09:14 openvpn 6186 MANAGEMENT: CMD 'state 1' Oct 9 19:09:14 openvpn 6186 MANAGEMENT: Client disconnected Oct 9 19:09:22 openvpn 6186 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Oct 9 19:09:22 openvpn 6186 MANAGEMENT: CMD 'state 1' Oct 9 19:09:22 openvpn 6186 MANAGEMENT: Client disconnected Oct 9 19:09:24 openvpn 6186 [UNDEF] Inactivity timeout (--ping-restart), restarting Oct 9 19:09:24 openvpn 6186 SIGUSR1[soft,ping-restart] received, process restarting Oct 9 19:09:24 openvpn 6186 Restart pause, 5 second(s) Oct 9 19:09:29 openvpn 6186 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Oct 9 19:09:29 openvpn 6186 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 9 19:09:29 openvpn 6186 TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196 Oct 9 19:09:29 openvpn 6186 Socket Buffers: R=[42080->42080] S=[57344->57344] Oct 9 19:09:29 openvpn 6186 UDPv4 link local (bound): [AF_INET]192.168.250.1:0 Oct 9 19:09:29 openvpn 6186 UDPv4 link remote: [AF_INET]5.189.151.220:1196 Oct 9 19:10:07 openvpn 6186 event_wait : Interrupted system call (code=4) Oct 9 19:10:07 openvpn 6186 SIGTERM[hard,] received, process exiting Oct 9 19:10:07 openvpn 55258 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Oct 9 19:10:07 openvpn 55258 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Oct 9 19:10:07 openvpn 55529 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock Oct 9 19:10:07 openvpn 55529 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Oct 9 19:10:07 openvpn 55529 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 9 19:10:07 openvpn 55529 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 9 19:10:07 openvpn 55529 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 9 19:10:07 openvpn 55529 TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196 Oct 9 19:10:07 openvpn 55529 Socket Buffers: R=[42080->42080] S=[57344->57344] Oct 9 19:10:07 openvpn 55529 UDPv4 link local (bound): [AF_INET]192.168.250.1:0 Oct 9 19:10:07 openvpn 55529 UDPv4 link remote: [AF_INET]5.189.151.220:1196 Oct 9 19:10:10 openvpn 55529 event_wait : Interrupted system call (code=4) Oct 9 19:10:10 openvpn 55529 SIGTERM[hard,] received, process exiting Oct 9 19:10:10 openvpn 93642 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018 Oct 9 19:10:10 openvpn 93642 library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10 Oct 9 19:10:10 openvpn 93953 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock Oct 9 19:10:10 openvpn 93953 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Oct 9 19:10:10 openvpn 93953 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 9 19:10:10 openvpn 93953 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 9 19:10:10 openvpn 93953 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 9 19:10:10 openvpn 93953 TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196 Oct 9 19:10:10 openvpn 93953 Socket Buffers: R=[42080->42080] S=[57344->57344] Oct 9 19:10:10 openvpn 93953 UDPv4 link local (bound): [AF_INET]192.168.250.1:0 Oct 9 19:10:10 openvpn 93953 UDPv4 link remote: [AF_INET]5.189.151.220:1196 Oct 9 19:10:15 openvpn 93953 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Oct 9 19:10:15 openvpn 93953 MANAGEMENT: CMD 'state 1' Oct 9 19:10:15 openvpn 93953 MANAGEMENT: Client disconnected Oct 9 19:10:20 openvpn 93953 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Oct 9 19:10:20 openvpn 93953 MANAGEMENT: CMD 'state 1' Oct 9 19:10:20 openvpn 93953 MANAGEMENT: Client disconnected Oct 9 19:10:20 openvpn 93953 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock Oct 9 19:10:20 openvpn 93953 MANAGEMENT: CMD 'state 1' Oct 9 19:10:20 openvpn 93953 MANAGEMENT: Client disconnected
-
come vuoi configurarlo con certificato o con chiave condivisa?
cosa dice il log di centos ?
riesci a postare il file di configurazione del server ?io usavo per generare la chiave condivisa
openvpn --genkey --secret static.key
e una configurazione base del server potrebbe essere
dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.key
il contenuto di static.key lo metti sul client di pfsense come chiave