OpenVPN + pfSense 2.0 RC3 + Cliente Debian
-
Buenas.
Configuré OpenVPN en pfSense 2.0 RC3.
Al parecer la generación de los certificados y las llaves quedó bien.
Desde un cliente OpenVPN bajo Debian efectivamente me puedo conectar, pero no tengo comunicación con la LAN, no puedo hacer PING.
Ya autoricé el tráfico UDP por el pueto 1194.
Reitero me puedo conectar, pero no tengo comunicación con la LAN.
A continuación el log del cliente Debian:
openvpn --config calcar.conf Thu Jun 30 12:00:10 2011 OpenVPN 2.2.0 i486-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 16 2011 Thu Jun 30 12:00:10 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Jun 30 12:00:10 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Jun 30 12:00:10 2011 LZO compression initialized Thu Jun 30 12:00:10 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Jun 30 12:00:10 2011 Socket Buffers: R=[114688->131072] S=[114688->131072] Thu Jun 30 12:00:10 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Thu Jun 30 12:00:10 2011 Local Options hash (VER=V4): '41690919' Thu Jun 30 12:00:10 2011 Expected Remote Options hash (VER=V4): '530fdded' Thu Jun 30 12:00:10 2011 UDPv4 link local: [undef] Thu Jun 30 12:00:10 2011 UDPv4 link remote: [AF_INET]190.xx.xx.24:1194 Thu Jun 30 12:00:10 2011 TLS: Initial packet from [AF_INET]190.xx.xx.24:1194, sid=1e5a7cb0 183e966f Thu Jun 30 12:00:11 2011 VERIFY OK: depth=1, /C=CO/ST=ANTIOQUIA/L=MEDELLIN/O=CALCAR/CN=CALCAR_CA/emailAddress=pfsense@local Thu Jun 30 12:00:11 2011 VERIFY OK: depth=0, /C=CO/ST=ANTIOQUIA/L=MEDELLIN/O=CALCAR/CN=server/emailAddress=pfsense@local Thu Jun 30 12:00:11 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Jun 30 12:00:11 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 30 12:00:11 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Jun 30 12:00:11 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 30 12:00:11 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Thu Jun 30 12:00:11 2011 [server] Peer Connection Initiated with [AF_INET]190.xx.xx.24:1194 Thu Jun 30 12:00:13 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Jun 30 12:00:13 2011 PUSH: Received control message: 'PUSH_REPLY,route 192.168.16.0 255.255.255.0,route 10.0.8.1,topology net30,ping 10,ping-restart 60,ifconfig 10.0.8.6 10.0.8.5' Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: timers and/or timeouts modified Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: --ifconfig/up options modified Thu Jun 30 12:00:13 2011 OPTIONS IMPORT: route options modified Thu Jun 30 12:00:13 2011 ROUTE default_gateway=192.168.1.1 Thu Jun 30 12:00:13 2011 TUN/TAP device tun0 opened Thu Jun 30 12:00:13 2011 TUN/TAP TX queue length set to 100 Thu Jun 30 12:00:13 2011 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Jun 30 12:00:13 2011 /sbin/ifconfig tun0 10.0.8.6 pointopoint 10.0.8.5 mtu 1500 Thu Jun 30 12:00:13 2011 /sbin/route add -net 192.168.16.0 netmask 255.255.255.0 gw 10.0.8.5 Thu Jun 30 12:00:13 2011 /sbin/route add -net 10.0.8.1 netmask 255.255.255.255 gw 10.0.8.5 Thu Jun 30 12:00:13 2011 Initialization Sequence Completed
Ping a pfSense:
ping 192.168.16.2 PING 192.168.16.2 (192.168.16.2) 56(84) bytes of data. ^C --- 192.168.16.2 ping statistics --- 25 packets transmitted, 0 received, 100% packet loss, time 24190ms
Tabla de enrutamiento del cliente Debian:
sudo route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 10.0.8.1 10.0.8.5 255.255.255.255 UGH 0 0 0 tun0 10.0.8.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 192.168.16.0 10.0.8.5 255.255.255.0 UG 0 0 0 tun0
Gracias por su colaboración,
S.