client windows 10 vpn ssl

nnicola82

ciao a tutti,
scrivo qui certo del vs supporto

ho configurato un server vpn tun SSL/TLS+user_auth in ascolto sulla porta 1196 (ne ho altri sullo stesso server pfsense)
WAN UDP4 / 1196 10.251.48.0/27 Crypto: AES-128-CBC/SHA256
D-H Params: 1024 bits no compression
con abilitatI Force all client-generated IPv4 traffic through the tunnel, Allow connected clients to retain their connections if their IP address changes.

non è stato abilitato Block Outside DNS e Force DNS cache update ma sono stati inseriti i DNS della sede

Firewall rules
interfaccia OpenVPN >> any any con Gateway WAN
interfaccia WAN >> source * port * destination WAN addr. port 1196 *Gateway

ho creato un utenza, installato openvpn client, installato il certificato
il client Pinga un host della sottorete raggiunta MA "non navigo", non "pingo" ad es. il DNS di Google ma raggiungo i DNS del server a cui mi collego ma non riesco a navigare.

dove sbaglio/cosa ho dimenticato? su windows 10 c'è qualche operazione da fare? questo quanto posso postare.. ringrazio anticipatamente

avviato come amministratore...
"C:\Program Files\OpenVPN\bin\openvpn.exe" --config FWOPENVPN-UDP4-1196-ACVAC01.ovpn
Thu Apr 01 14:18:44 2021 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Thu Apr 01 14:18:44 2021 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Apr 01 14:18:44 2021 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Enter Auth Username:ACVAC01
Enter Auth Password:
Thu Apr 01 14:19:30 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXX:1196
Thu Apr 01 14:19:30 2021 UDP link local (bound): [AF_INET][undef]:1194
Thu Apr 01 14:19:30 2021 UDP link remote: [AF_INET]XXXXXX:1196
Thu Apr 01 14:19:31 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Apr 01 14:20:06 2021 write UDP: Unknown error (code=10051)
Thu Apr 01 14:20:30 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 01 14:20:30 2021 TLS Error: TLS handshake failed
Thu Apr 01 14:20:30 2021 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr 01 14:20:35 2021 TCP/UDP: Preserving recently used remote address: [AF_INET] XXXXXX:1196
Thu Apr 01 14:20:35 2021 UDP link local (bound): [AF_INET][undef]:1194
Thu Apr 01 14:20:35 2021 UDP link remote: [AF_INET] XXXXXX :1196
Thu Apr 01 14:20:39 2021 [ovpncert] Peer Connection Initiated with [AF_INET]XXXXXX:1196
Thu Apr 01 14:20:41 2021 open_tun
Thu Apr 01 14:20:41 2021 TAP-WIN32 device [Connessione alla rete locale (LAN)] opened: \.\Global{429C0123-C008-44AC-94D2-3CF9882B68CE}.tap
Thu Apr 01 14:20:41 2021 Set TAP-Windows TUN subnet mode network/local/netmask = 10.251.48.0/10.251.48.2/255.255.255.224 [SUCCEEDED]
Thu Apr 01 14:20:41 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.251.48.2/255.255.255.224 on interface {429C0123-C008-44AC-94D2-3CF9882B68CE} [DHCP-serv: 10.251.48.30, lease-time: 31536000]
Thu Apr 01 14:20:41 2021 Successful ARP Flush on interface [9] {429C0123-C008-44AC-94D2-3CF9882B68CE}
Thu Apr 01 14:20:46 2021 Initialization Sequence Completed

con questa tabella di route attiva

IPv4 Tabella route

Route attive:
Indirizzo rete Mask Gateway Interfaccia Metrica
0.0.0.0 0.0.0.0 192.168.43.183 192.168.43.116 55
0.0.0.0 128.0.0.0 10.251.48.1 10.251.48.2 25
10.251.48.0 255.255.255.224 On-link 10.251.48.2 281
10.251.48.2 255.255.255.255 On-link 10.251.48.2 281
10.251.48.31 255.255.255.255 On-link 10.251.48.2 281
XXXXXX 255.255.255.255 192.168.43.183 192.168.43.116 55
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 10.251.48.1 10.251.48.2 25

kiokoman

@nnicola82
hai impostato Firewall / NAT / Outbound in hybrid e aggiunto la rete vpn per l'uscita?

nnicola82

@kiokoman si, era l'altro firewall prima del proxy che bloccava le connessioni.. grazie comunque