Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN + pfSense 2.0 RC3 + Cliente Debian

    Scheduled Pinned Locked Moved Español
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spinoza
      last edited by

      Buenas.

      Configuré OpenVPN en pfSense 2.0 RC3.

      Al parecer la generación de los certificados y las llaves quedó bien.

      Desde un cliente OpenVPN bajo Debian efectivamente me puedo conectar, pero no tengo comunicación con la LAN, no puedo hacer PING.

      Ya autoricé el tráfico UDP por el pueto 1194.

      Reitero me puedo conectar, pero no tengo comunicación con la LAN.

      A continuación el log del cliente Debian:

      openvpn --config calcar.conf 
Thu Jun 30 12:00:10 2011 OpenVPN 2.2.0 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 16 2011
Thu Jun 30 12:00:10 2011 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 30 12:00:10 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 30 12:00:10 2011 LZO compression initialized
Thu Jun 30 12:00:10 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jun 30 12:00:10 2011 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Jun 30 12:00:10 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 30 12:00:10 2011 Local Options hash (VER=V4): '41690919'
Thu Jun 30 12:00:10 2011 Expected Remote Options hash (VER=V4): '530fdded'
Thu Jun 30 12:00:10 2011 UDPv4 link local: [undef]
Thu Jun 30 12:00:10 2011 UDPv4 link remote: [AF_INET]190.xx.xx.24:1194
Thu Jun 30 12:00:10 2011 TLS: Initial packet from [AF_INET]190.xx.xx.24:1194, sid=1e5a7cb0 183e966f
Thu Jun 30 12:00:11 2011 VERIFY OK: depth=1, /C=CO/ST=ANTIOQUIA/L=MEDELLIN/O=CALCAR/CN=CALCAR_CA/emailAddress=pfsense@local
Thu Jun 30 12:00:11 2011 VERIFY OK: depth=0, /C=CO/ST=ANTIOQUIA/L=MEDELLIN/O=CALCAR/CN=server/emailAddress=pfsense@local
Thu Jun 30 12:00:11 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jun 30 12:00:11 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 30 12:00:11 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jun 30 12:00:11 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 30 12:00:11 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 30 12:00:11 2011 [server] Peer Connection Initiated with [AF_INET]190.xx.xx.24:1194
Thu Jun 30 12:00:13 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 30 12:00:13 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.16.0 255.255.255.0,route 10.0.8.1,topology net30,ping 10,ping-restart 60,ifconfig 10.0.8.6 10.0.8.5'
Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: route options modified
Thu Jun 30 12:00:13 2011 ROUTE default_gateway=192.168.1.1
Thu Jun 30 12:00:13 2011 TUN/TAP device tun0 opened
Thu Jun 30 12:00:13 2011 TUN/TAP TX queue length set to 100
Thu Jun 30 12:00:13 2011 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jun 30 12:00:13 2011 /sbin/ifconfig tun0 10.0.8.6 pointopoint 10.0.8.5 mtu 1500
Thu Jun 30 12:00:13 2011 /sbin/route add -net 192.168.16.0 netmask 255.255.255.0 gw 10.0.8.5
Thu Jun 30 12:00:13 2011 /sbin/route add -net 10.0.8.1 netmask 255.255.255.255 gw 10.0.8.5
Thu Jun 30 12:00:13 2011 Initialization Sequence Completed

      Ping a pfSense:

      ping 192.168.16.2
PING 192.168.16.2 (192.168.16.2) 56(84) bytes of data.
^C
--- 192.168.16.2 ping statistics ---
25 packets transmitted, 0 received, 100% packet loss, time 24190ms

      Tabla de enrutamiento del cliente Debian:

      sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
10.0.8.1        10.0.8.5        255.255.255.255 UGH   0      0        0 tun0
10.0.8.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     2      0        0 wlan0
192.168.16.0    10.0.8.5        255.255.255.0   UG    0      0        0 tun0

      Gracias por su colaboración,

      S.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.