Problema Open VPN



  • Galera bom dia ja estou a 4 dias tentando fazer a openvpn subir mais ela nao sobe, aparece apenas o status reconecting, restart algo assim ai esta o logs do client side.

    Nov 21 11:34:28	openvpn[75941]: Inactivity timeout (--ping-restart), restarting
    Nov 21 11:34:28	openvpn[75941]: SIGUSR1[soft,ping-restart] received, process restarting
    Nov 21 11:34:30	openvpn[75941]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 21 11:34:30	openvpn[75941]: Re-using pre-shared static key
    Nov 21 11:34:31	openvpn[75941]: Preserving previous TUN/TAP instance: ovpnc1
    Nov 21 11:34:31	openvpn[75941]: UDPv4 link local (bound): [AF_INET]189.**.**.***
    Nov 21 11:34:31	openvpn[75941]: UDPv4 link remote: [AF_INET]179.***.***.**:9876
    Nov 21 11:35:31	openvpn[75941]: Inactivity timeout (--ping-restart), restarting
    Nov 21 11:35:31	openvpn[75941]: SIGUSR1[soft,ping-restart] received, process restarting
    Nov 21 11:35:33	openvpn[75941]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 21 11:35:33	openvpn[75941]: Re-using pre-shared static key
    Nov 21 11:35:34	openvpn[75941]: Preserving previous TUN/TAP instance: ovpnc1
    Nov 21 11:35:34	openvpn[75941]: UDPv4 link local (bound): [AF_INET]189.**.**.***
    Nov 21 11:35:34	openvpn[75941]: UDPv4 link remote: [AF_INET]179.***.***.***:9876
    

    E aqui o log do servidor :

    Nov 21 11:27:01	kernel: in /boot/loader.conf.
    Nov 21 11:27:01	kernel: ZFS filesystem version 5
    Nov 21 11:27:01	kernel: ZFS storage pool version 28
    Nov 21 11:27:01	kernel: bge0: link state changed to DOWN
    Nov 21 11:27:01	check_reload_status: Linkup starting bge0
    Nov 21 11:27:02	check_reload_status: Linkup starting bge0
    Nov 21 11:27:02	kernel: bge0: link state changed to UP
    Nov 21 11:27:03	check_reload_status: rc.newwanip starting bge0
    Nov 21 11:27:03	php: rc.bootup: Accept router advertisements on interface bge0
    Nov 21 11:27:04	php: rc.bootup: Resyncing OpenVPN instances.
    Nov 21 11:27:04	rtsold[15530]: <rtsock_input_ifannounce> interface tun1 removed
    Nov 21 11:27:04	kernel: tun1: changing name to 'ovpnc1'
    Nov 21 11:27:04	kernel: pflog0: promiscuous mode enabled
    Nov 21 11:27:05	php: rc.newwanip: rc.newwanip: Informational is starting bge0.
    Nov 21 11:27:05	php: rc.newwanip: rc.newwanip: on (IP address: 189.**.**.***) (interface: wan) (real interface: bge0).
    Nov 21 11:27:05	php: rc.newwanip: ROUTING: setting default route to 189.**.**.*
    Nov 21 11:27:08	php: rc.bootup: ROUTING: setting default route to 189.**.**.*
    Nov 21 11:27:08	check_reload_status: Updating all dyndns
    Nov 21 11:27:09	kernel: ovpnc1: link state changed to UP
    Nov 21 11:27:09	check_reload_status: rc.newwanip starting ovpnc1
    Nov 21 11:27:12	php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1.
    Nov 21 11:27:12	php: rc.newwanip: rc.newwanip: on (IP address: 192.*.***.*) (interface: ) (real interface: ovpnc1).
    Nov 21 11:27:12	check_reload_status: Reloading filter
    Nov 21 11:27:12	php: rc.newwanip: pfSense package system has detected an ip change -> 192.***.***.* ... Restarting packages.
    Nov 21 11:27:12	check_reload_status: Starting packages
    Nov 21 11:27:13	php: rc.newwanip: Resyncing OpenVPN instances for interface WAN.
    Nov 21 11:27:13	kernel: ovpnc1: link state changed to DOWN
    Nov 21 11:27:13	php: rc.bootup: Creating rrd update script
    Nov 21 11:27:13	syslogd: exiting on signal 15
    Nov 21 11:27:13	syslogd: kernel boot file is /boot/kernel/kernel
    Nov 21 11:27:13	php: rc.newwanip: Creating rrd update script
    Nov 21 11:27:13	kernel: ovpnc1: link state changed to UP
    Nov 21 11:27:13	php: rc.start_packages: Restarting/Starting all packages.
    Nov 21 11:27:13	check_reload_status: rc.newwanip starting ovpnc1
    Nov 21 11:27:14	php: rc.start_packages: Restarting/Starting all packages.
    Nov 21 11:27:15	login: login on ttyv0 as root
    Nov 21 11:27:15	sshlockout[87408]: sshlockout/webConfigurator v3.0 starting up
    Nov 21 11:27:15	php: rc.newwanip: pfSense package system has detected an ip change 189.**.**.*** -> 189.**.**.*** ... Restarting packages.
    Nov 21 11:27:16	php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1.
    Nov 21 11:27:16	php: rc.newwanip: rc.newwanip: on (IP address: 192.168.204.2) (interface: ) (real interface: ovpnc1).
    Nov 21 11:27:16	php: rc.newwanip: pfSense package system has detected an ip change -> 192.168.204.2 ... Restarting packages.
    Nov 21 11:27:21	php: rc.start_packages: Restarting/Starting all packages.
    Nov 21 11:30:17	php: /status_openvpn.php: Successful login for user 'admin' from: 192.168.0.10
    Nov 21 11:30:17	php: /status_openvpn.php: Successful login for user 'admin' from: 192.168.0.10
    Nov 21 11:33:55	syslogd: exiting on signal 15
    Nov 21 11:33:55	syslogd: kernel boot file is /boot/kernel/kernel
    Nov 21 11:47:09	php: /index.php: User logged out for user 'admin' from: 192.168.0.10
    Nov 21 11:47:15	php: /index.php: Successful login for user 'admin' from: 192.168.0.10
    Nov 21 11:47:15	php: /index.php: Successful login for user 'admin' from: 192.168.0.10
    Nov 21 11:47:15	sshlockout[86556]: sshlockout/webConfigurator v3.0 starting up</rtsock_input_ifannounce>
    

    Eu so novo no Pfsense e segui um tutorial a risca que o cara funfo no meu não.

    Att



  • Esse daí é o log do sistema, não do openVPN (status -> system log -> openVPN). Pelo log parece que não é problema de firewall, a vpn chegou a funcionar alguma vez?  o servidor ta escutando na porta 9876 ?



  • Ele fica so se conectando e desconectando com o seguinte erro:
    openvpn connection timing out - > reconnecting; ping-restart

    Eu dei um ping -t ele chega a se conectar mais desconecta sozinho.

    <



  • Verifica se os dois estão usando compressão, provavelmente vc deixou de configurar em um dos dois.



  • Desculpe a demora, verifiquei agora e continua a mesma coisa:

    Log do sistema Filial:

    Nov 30 18:27:52 	openvpn[63241]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    Nov 30 18:27:52 	openvpn[63241]: SIGUSR1[soft,ping-restart] received, process restarting
    Nov 30 18:27:54 	openvpn[63241]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Nov 30 18:27:54 	openvpn[63241]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 30 18:27:54 	openvpn[63241]: UDPv4 link local (bound): [AF_INET]192.168.10.11
    Nov 30 18:27:54 	openvpn[63241]: UDPv4 link remote: [AF_INET]***.***.136.239:1194
    

    E do lado da matriz o system log da openvpn aparece isso:

    Nov 30 18:31:36 	openvpn[1559]: event_wait : Interrupted system call (code=4)
    Nov 30 18:31:36 	openvpn[1559]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1542 10.0.8.1 10.0.8.2 init
    Nov 30 18:31:36 	openvpn[1559]: SIGTERM[hard,] received, process exiting
    Nov 30 18:31:36 	openvpn[83413]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Nov 30 18:31:36 	openvpn[83413]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
    Nov 30 18:31:36 	openvpn[83413]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 30 18:31:36 	openvpn[83413]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Nov 30 18:31:36 	openvpn[83413]: TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 30 18:31:36 	openvpn[83413]: TUN/TAP device /dev/tun1 opened
    Nov 30 18:31:36 	openvpn[83413]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Nov 30 18:31:36 	openvpn[83413]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
    Nov 30 18:31:36 	openvpn[83413]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1542 10.0.8.1 10.0.8.2 init
    Nov 30 18:31:36 	openvpn[83413]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Nov 30 18:31:36 	openvpn[85334]: UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
    Nov 30 18:31:36 	openvpn[85334]: UDPv4 link remote: [undef]
    

    O Status da filial ta sempre DOWN, eu deixei um ping - t no ip da rede da matriz e em algum momento ele pinga, porem  cai logo sem seguida.



  • Ta dizendo que deu problema na configuração de rota, posta sua configuração do openVPN.



  • E como eu posto isso ? onde fica?



  • Ué, não estou te entendendo, você não configurou o openVPN em VPN -> openVPN ? só precisa tirar um print e postar aqui.



  • Resolvido, era a porcaria do modem da net.



  • Olá throel, edite a primeira postagem do seu tópico e coloque [RESOLVIDO] no
    final do título pois ajuda os demais membros em uma futura pesquisa.