Openvpn CentOS - pfSense



  • Salve a tutti.
    Qualche utente del forum ha mai realizzato una vpn tra un server centOS sul quale gira openvpn server ed un pfSense dove ho il client openvpn ?


  • LAYER 8

    avevo fatto una openvpn tra pfsense e ubuntu
    dove però avevo ubuntu come client e pfsense come server openvpn
    che difficoltà stai riscontrando?



  • Ti allego il report

    Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
    Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: CMD 'state 1'
    Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client disconnected
    Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
    Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: CMD 'state 1'
    Oct 9 19:09:14 	openvpn 	6186 	MANAGEMENT: Client disconnected
    Oct 9 19:09:22 	openvpn 	6186 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
    Oct 9 19:09:22 	openvpn 	6186 	MANAGEMENT: CMD 'state 1'
    Oct 9 19:09:22 	openvpn 	6186 	MANAGEMENT: Client disconnected
    Oct 9 19:09:24 	openvpn 	6186 	[UNDEF] Inactivity timeout (--ping-restart), restarting
    Oct 9 19:09:24 	openvpn 	6186 	SIGUSR1[soft,ping-restart] received, process restarting
    Oct 9 19:09:24 	openvpn 	6186 	Restart pause, 5 second(s)
    Oct 9 19:09:29 	openvpn 	6186 	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Oct 9 19:09:29 	openvpn 	6186 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 9 19:09:29 	openvpn 	6186 	TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196
    Oct 9 19:09:29 	openvpn 	6186 	Socket Buffers: R=[42080->42080] S=[57344->57344]
    Oct 9 19:09:29 	openvpn 	6186 	UDPv4 link local (bound): [AF_INET]192.168.250.1:0
    Oct 9 19:09:29 	openvpn 	6186 	UDPv4 link remote: [AF_INET]5.189.151.220:1196
    Oct 9 19:10:07 	openvpn 	6186 	event_wait : Interrupted system call (code=4)
    Oct 9 19:10:07 	openvpn 	6186 	SIGTERM[hard,] received, process exiting
    Oct 9 19:10:07 	openvpn 	55258 	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Oct 9 19:10:07 	openvpn 	55258 	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Oct 9 19:10:07 	openvpn 	55529 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock
    Oct 9 19:10:07 	openvpn 	55529 	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Oct 9 19:10:07 	openvpn 	55529 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 9 19:10:07 	openvpn 	55529 	Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 9 19:10:07 	openvpn 	55529 	Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 9 19:10:07 	openvpn 	55529 	TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196
    Oct 9 19:10:07 	openvpn 	55529 	Socket Buffers: R=[42080->42080] S=[57344->57344]
    Oct 9 19:10:07 	openvpn 	55529 	UDPv4 link local (bound): [AF_INET]192.168.250.1:0
    Oct 9 19:10:07 	openvpn 	55529 	UDPv4 link remote: [AF_INET]5.189.151.220:1196
    Oct 9 19:10:10 	openvpn 	55529 	event_wait : Interrupted system call (code=4)
    Oct 9 19:10:10 	openvpn 	55529 	SIGTERM[hard,] received, process exiting
    Oct 9 19:10:10 	openvpn 	93642 	OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 4 2018
    Oct 9 19:10:10 	openvpn 	93642 	library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
    Oct 9 19:10:10 	openvpn 	93953 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock
    Oct 9 19:10:10 	openvpn 	93953 	WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Oct 9 19:10:10 	openvpn 	93953 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 9 19:10:10 	openvpn 	93953 	Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 9 19:10:10 	openvpn 	93953 	Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 9 19:10:10 	openvpn 	93953 	TCP/UDP: Preserving recently used remote address: [AF_INET]5.189.151.220:1196
    Oct 9 19:10:10 	openvpn 	93953 	Socket Buffers: R=[42080->42080] S=[57344->57344]
    Oct 9 19:10:10 	openvpn 	93953 	UDPv4 link local (bound): [AF_INET]192.168.250.1:0
    Oct 9 19:10:10 	openvpn 	93953 	UDPv4 link remote: [AF_INET]5.189.151.220:1196
    Oct 9 19:10:15 	openvpn 	93953 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
    Oct 9 19:10:15 	openvpn 	93953 	MANAGEMENT: CMD 'state 1'
    Oct 9 19:10:15 	openvpn 	93953 	MANAGEMENT: Client disconnected
    Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
    Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: CMD 'state 1'
    Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client disconnected
    Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
    Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: CMD 'state 1'
    Oct 9 19:10:20 	openvpn 	93953 	MANAGEMENT: Client disconnected 
    
    

  • LAYER 8

    come vuoi configurarlo con certificato o con chiave condivisa?
    cosa dice il log di centos ?
    riesci a postare il file di configurazione del server ?

    io usavo per generare la chiave condivisa

    openvpn --genkey --secret static.key
    

    e una configurazione base del server potrebbe essere

    dev tun
    ifconfig 10.8.0.1 10.8.0.2
    secret static.key
    

    il contenuto di static.key lo metti sul client di pfsense come chiave


Log in to reply