4. OpenVPN + pfSense 2.0 RC3 + Cliente Debian

OpenVPN + pfSense 2.0 RC3 + Cliente Debian

  • S

    Buenas.

    Configuré OpenVPN en pfSense 2.0 RC3.

    Al parecer la generación de los certificados y las llaves quedó bien.

    Desde un cliente OpenVPN bajo Debian efectivamente me puedo conectar, pero no tengo comunicación con la LAN, no puedo hacer PING.

    Ya autoricé el tráfico UDP por el pueto 1194.

    Reitero me puedo conectar, pero no tengo comunicación con la LAN.

    A continuación el log del cliente Debian:

    openvpn --config calcar.conf 
Thu Jun 30 12:00:10 2011 OpenVPN 2.2.0 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 16 2011
Thu Jun 30 12:00:10 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 30 12:00:10 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 30 12:00:10 2011 LZO compression initialized
Thu Jun 30 12:00:10 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jun 30 12:00:10 2011 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Jun 30 12:00:10 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 30 12:00:10 2011 Local Options hash (VER=V4): '41690919'
Thu Jun 30 12:00:10 2011 Expected Remote Options hash (VER=V4): '530fdded'
Thu Jun 30 12:00:10 2011 UDPv4 link local: [undef]
Thu Jun 30 12:00:10 2011 UDPv4 link remote: [AF_INET]190.xx.xx.24:1194
Thu Jun 30 12:00:10 2011 TLS: Initial packet from [AF_INET]190.xx.xx.24:1194, sid=1e5a7cb0 183e966f
Thu Jun 30 12:00:11 2011 VERIFY OK: depth=1, /C=CO/ST=ANTIOQUIA/L=MEDELLIN/O=CALCAR/CN=CALCAR_CA/emailAddress=pfsense@local
Thu Jun 30 12:00:11 2011 VERIFY OK: depth=0, /C=CO/ST=ANTIOQUIA/L=MEDELLIN/O=CALCAR/CN=server/emailAddress=pfsense@local
Thu Jun 30 12:00:11 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jun 30 12:00:11 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 30 12:00:11 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jun 30 12:00:11 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 30 12:00:11 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 30 12:00:11 2011 [server] Peer Connection Initiated with [AF_INET]190.xx.xx.24:1194
Thu Jun 30 12:00:13 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 30 12:00:13 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.16.0 255.255.255.0,route 10.0.8.1,topology net30,ping 10,ping-restart 60,ifconfig 10.0.8.6 10.0.8.5'
Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: route options modified
Thu Jun 30 12:00:13 2011 ROUTE default_gateway=192.168.1.1
Thu Jun 30 12:00:13 2011 TUN/TAP device tun0 opened
Thu Jun 30 12:00:13 2011 TUN/TAP TX queue length set to 100
Thu Jun 30 12:00:13 2011 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jun 30 12:00:13 2011 /sbin/ifconfig tun0 10.0.8.6 pointopoint 10.0.8.5 mtu 1500
Thu Jun 30 12:00:13 2011 /sbin/route add -net 192.168.16.0 netmask 255.255.255.0 gw 10.0.8.5
Thu Jun 30 12:00:13 2011 /sbin/route add -net 10.0.8.1 netmask 255.255.255.255 gw 10.0.8.5
Thu Jun 30 12:00:13 2011 Initialization Sequence Completed

    Ping a pfSense:

    ping 192.168.16.2
PING 192.168.16.2 (192.168.16.2) 56(84) bytes of data.
^C
--- 192.168.16.2 ping statistics ---
25 packets transmitted, 0 received, 100% packet loss, time 24190ms

    Tabla de enrutamiento del cliente Debian:

    sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
10.0.8.1        10.0.8.5        255.255.255.255 UGH   0      0        0 tun0
10.0.8.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0
192.168.16.0    10.0.8.5        255.255.255.0   UG    0      0        0 tun0

    Gracias por su colaboración,

    S.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy