Problema Open VPN
-
Galera bom dia ja estou a 4 dias tentando fazer a openvpn subir mais ela nao sobe, aparece apenas o status reconecting, restart algo assim ai esta o logs do client side.
Nov 21 11:34:28 openvpn[75941]: Inactivity timeout (--ping-restart), restarting Nov 21 11:34:28 openvpn[75941]: SIGUSR1[soft,ping-restart] received, process restarting Nov 21 11:34:30 openvpn[75941]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 21 11:34:30 openvpn[75941]: Re-using pre-shared static key Nov 21 11:34:31 openvpn[75941]: Preserving previous TUN/TAP instance: ovpnc1 Nov 21 11:34:31 openvpn[75941]: UDPv4 link local (bound): [AF_INET]189.**.**.*** Nov 21 11:34:31 openvpn[75941]: UDPv4 link remote: [AF_INET]179.***.***.**:9876 Nov 21 11:35:31 openvpn[75941]: Inactivity timeout (--ping-restart), restarting Nov 21 11:35:31 openvpn[75941]: SIGUSR1[soft,ping-restart] received, process restarting Nov 21 11:35:33 openvpn[75941]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 21 11:35:33 openvpn[75941]: Re-using pre-shared static key Nov 21 11:35:34 openvpn[75941]: Preserving previous TUN/TAP instance: ovpnc1 Nov 21 11:35:34 openvpn[75941]: UDPv4 link local (bound): [AF_INET]189.**.**.*** Nov 21 11:35:34 openvpn[75941]: UDPv4 link remote: [AF_INET]179.***.***.***:9876
E aqui o log do servidor :
Nov 21 11:27:01 kernel: in /boot/loader.conf. Nov 21 11:27:01 kernel: ZFS filesystem version 5 Nov 21 11:27:01 kernel: ZFS storage pool version 28 Nov 21 11:27:01 kernel: bge0: link state changed to DOWN Nov 21 11:27:01 check_reload_status: Linkup starting bge0 Nov 21 11:27:02 check_reload_status: Linkup starting bge0 Nov 21 11:27:02 kernel: bge0: link state changed to UP Nov 21 11:27:03 check_reload_status: rc.newwanip starting bge0 Nov 21 11:27:03 php: rc.bootup: Accept router advertisements on interface bge0 Nov 21 11:27:04 php: rc.bootup: Resyncing OpenVPN instances. Nov 21 11:27:04 rtsold[15530]: <rtsock_input_ifannounce> interface tun1 removed Nov 21 11:27:04 kernel: tun1: changing name to 'ovpnc1' Nov 21 11:27:04 kernel: pflog0: promiscuous mode enabled Nov 21 11:27:05 php: rc.newwanip: rc.newwanip: Informational is starting bge0. Nov 21 11:27:05 php: rc.newwanip: rc.newwanip: on (IP address: 189.**.**.***) (interface: wan) (real interface: bge0). Nov 21 11:27:05 php: rc.newwanip: ROUTING: setting default route to 189.**.**.* Nov 21 11:27:08 php: rc.bootup: ROUTING: setting default route to 189.**.**.* Nov 21 11:27:08 check_reload_status: Updating all dyndns Nov 21 11:27:09 kernel: ovpnc1: link state changed to UP Nov 21 11:27:09 check_reload_status: rc.newwanip starting ovpnc1 Nov 21 11:27:12 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1. Nov 21 11:27:12 php: rc.newwanip: rc.newwanip: on (IP address: 192.*.***.*) (interface: ) (real interface: ovpnc1). Nov 21 11:27:12 check_reload_status: Reloading filter Nov 21 11:27:12 php: rc.newwanip: pfSense package system has detected an ip change -> 192.***.***.* ... Restarting packages. Nov 21 11:27:12 check_reload_status: Starting packages Nov 21 11:27:13 php: rc.newwanip: Resyncing OpenVPN instances for interface WAN. Nov 21 11:27:13 kernel: ovpnc1: link state changed to DOWN Nov 21 11:27:13 php: rc.bootup: Creating rrd update script Nov 21 11:27:13 syslogd: exiting on signal 15 Nov 21 11:27:13 syslogd: kernel boot file is /boot/kernel/kernel Nov 21 11:27:13 php: rc.newwanip: Creating rrd update script Nov 21 11:27:13 kernel: ovpnc1: link state changed to UP Nov 21 11:27:13 php: rc.start_packages: Restarting/Starting all packages. Nov 21 11:27:13 check_reload_status: rc.newwanip starting ovpnc1 Nov 21 11:27:14 php: rc.start_packages: Restarting/Starting all packages. Nov 21 11:27:15 login: login on ttyv0 as root Nov 21 11:27:15 sshlockout[87408]: sshlockout/webConfigurator v3.0 starting up Nov 21 11:27:15 php: rc.newwanip: pfSense package system has detected an ip change 189.**.**.*** -> 189.**.**.*** ... Restarting packages. Nov 21 11:27:16 php: rc.newwanip: rc.newwanip: Informational is starting ovpnc1. Nov 21 11:27:16 php: rc.newwanip: rc.newwanip: on (IP address: 192.168.204.2) (interface: ) (real interface: ovpnc1). Nov 21 11:27:16 php: rc.newwanip: pfSense package system has detected an ip change -> 192.168.204.2 ... Restarting packages. Nov 21 11:27:21 php: rc.start_packages: Restarting/Starting all packages. Nov 21 11:30:17 php: /status_openvpn.php: Successful login for user 'admin' from: 192.168.0.10 Nov 21 11:30:17 php: /status_openvpn.php: Successful login for user 'admin' from: 192.168.0.10 Nov 21 11:33:55 syslogd: exiting on signal 15 Nov 21 11:33:55 syslogd: kernel boot file is /boot/kernel/kernel Nov 21 11:47:09 php: /index.php: User logged out for user 'admin' from: 192.168.0.10 Nov 21 11:47:15 php: /index.php: Successful login for user 'admin' from: 192.168.0.10 Nov 21 11:47:15 php: /index.php: Successful login for user 'admin' from: 192.168.0.10 Nov 21 11:47:15 sshlockout[86556]: sshlockout/webConfigurator v3.0 starting up</rtsock_input_ifannounce>
Eu so novo no Pfsense e segui um tutorial a risca que o cara funfo no meu não.
Att
-
Esse daí é o log do sistema, não do openVPN (status -> system log -> openVPN). Pelo log parece que não é problema de firewall, a vpn chegou a funcionar alguma vez? o servidor ta escutando na porta 9876 ?
-
Ele fica so se conectando e desconectando com o seguinte erro:
openvpn connection timing out - > reconnecting; ping-restartEu dei um ping -t ele chega a se conectar mais desconecta sozinho.
<
-
Verifica se os dois estão usando compressão, provavelmente vc deixou de configurar em um dos dois.
-
Desculpe a demora, verifiquei agora e continua a mesma coisa:
Log do sistema Filial:
Nov 30 18:27:52 openvpn[63241]: [UNDEF] Inactivity timeout (--ping-restart), restarting Nov 30 18:27:52 openvpn[63241]: SIGUSR1[soft,ping-restart] received, process restarting Nov 30 18:27:54 openvpn[63241]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Nov 30 18:27:54 openvpn[63241]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 30 18:27:54 openvpn[63241]: UDPv4 link local (bound): [AF_INET]192.168.10.11 Nov 30 18:27:54 openvpn[63241]: UDPv4 link remote: [AF_INET]***.***.136.239:1194
E do lado da matriz o system log da openvpn aparece isso:
Nov 30 18:31:36 openvpn[1559]: event_wait : Interrupted system call (code=4) Nov 30 18:31:36 openvpn[1559]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1542 10.0.8.1 10.0.8.2 init Nov 30 18:31:36 openvpn[1559]: SIGTERM[hard,] received, process exiting Nov 30 18:31:36 openvpn[83413]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013 Nov 30 18:31:36 openvpn[83413]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want Nov 30 18:31:36 openvpn[83413]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Nov 30 18:31:36 openvpn[83413]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file Nov 30 18:31:36 openvpn[83413]: TUN/TAP device ovpns1 exists previously, keep at program end Nov 30 18:31:36 openvpn[83413]: TUN/TAP device /dev/tun1 opened Nov 30 18:31:36 openvpn[83413]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 Nov 30 18:31:36 openvpn[83413]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up Nov 30 18:31:36 openvpn[83413]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1542 10.0.8.1 10.0.8.2 init Nov 30 18:31:36 openvpn[83413]: ERROR: FreeBSD route add command failed: external program exited with error status: 1 Nov 30 18:31:36 openvpn[85334]: UDPv4 link local (bound): [AF_INET]192.168.0.2:1194 Nov 30 18:31:36 openvpn[85334]: UDPv4 link remote: [undef]
O Status da filial ta sempre DOWN, eu deixei um ping - t no ip da rede da matriz e em algum momento ele pinga, porem cai logo sem seguida.
-
Ta dizendo que deu problema na configuração de rota, posta sua configuração do openVPN.
-
E como eu posto isso ? onde fica?
-
Ué, não estou te entendendo, você não configurou o openVPN em VPN -> openVPN ? só precisa tirar um print e postar aqui.
-
Resolvido, era a porcaria do modem da net.
-
Olá throel, edite a primeira postagem do seu tópico e coloque [RESOLVIDO] no
final do título pois ajuda os demais membros em uma futura pesquisa.