(RESOLVIDO) Ultima Tentativa VPN



  • Galera bom eu deletei tudo e configurei novamente a OPEN VPN, consegui fazer o tunel porem a disgraça do negocio não funciona segue abaixo:

    Nao consigo acertar na rota minha estrutura ta assim:

    Matriz - LAN 192.168.2.0/24

    Filial - LAN 192.168.1.0/24

    Tunel 172.16.0.0/24

    Quando eu pingo o servidor que esta na matriz (192.168.2.100) da este relatorio:

    PING 192.168.2.100 (192.168.2.100) from 192.168.1.1: 56 data bytes
    92 bytes from 192.168.2.100: Dest Unreachable, Bad Code: 6
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 5400 26c9   0 0000  40  01 cf2a 192.168.1.1  192.168.2.100 
    
    92 bytes from 192.168.2.100: Dest Unreachable, Bad Code: 6
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 5400 3a49   0 0000  40  01 bbaa 192.168.1.1  192.168.2.100 
    
    92 bytes from 192.168.2.100: Dest Unreachable, Bad Code: 6
    Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
     4  5  00 5400 9ffc   0 0000  40  01 55f7 192.168.1.1  192.168.2.100 
    
    –- 192.168.2.100 ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss
    

    Vou postar as SS das config da OPENVPN logs da OPEN VPN ABAIXO

    Servidor -

    Client -

    Logs Do OPENVPN Client

    Dec 9 12:44:23	openvpn[28019]: [UNDEF] Inactivity timeout (--ping-restart), restarting
    Dec 9 12:44:23	openvpn[28019]: SIGUSR1[soft,ping-restart] received, process restarting
    Dec 9 12:44:25	openvpn[28019]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Dec 9 12:44:25	openvpn[28019]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 9 12:44:25	openvpn[28019]: UDPv4 link local (bound): [AF_INET]192.168.0.11
    Dec 9 12:44:25	openvpn[28019]: UDPv4 link remote: [AF_INET]179.223.136.239:1194
    Dec 9 12:44:33	openvpn[28019]: event_wait : Interrupted system call (code=4)
    Dec 9 12:44:33	openvpn[28019]: SIGTERM[hard,] received, process exiting
    Dec 9 12:44:34	openvpn[74440]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Dec 9 12:44:34	openvpn[74440]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 9 12:44:34	openvpn[74440]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Dec 9 12:44:34	openvpn[74440]: TUN/TAP device /dev/tun1 opened
    Dec 9 12:44:34	openvpn[74440]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Dec 9 12:44:34	openvpn[74440]: /sbin/ifconfig ovpnc1 172.16.0.2 172.16.0.1 mtu 1500 netmask 255.255.255.255 up
    Dec 9 12:44:34	openvpn[74440]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 172.16.0.2 172.16.0.1 init
    Dec 9 12:44:34	openvpn[74440]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Dec 9 12:44:34	openvpn[75254]: UDPv4 link local (bound): [AF_INET]192.168.0.11
    Dec 9 12:44:34	openvpn[75254]: UDPv4 link remote: [AF_INET]179.223.136.239:1194
    Dec 9 12:44:42	openvpn[75254]: Peer Connection Initiated with [AF_INET]179.223.136.239:1194
    Dec 9 12:44:44	openvpn[75254]: Initialization Sequence Completed
    Dec 9 13:19:34	openvpn[75254]: event_wait : Interrupted system call (code=4)
    Dec 9 13:19:34	openvpn[75254]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1560 172.16.0.2 172.16.0.1 init
    Dec 9 13:19:34	openvpn[75254]: SIGTERM[hard,] received, process exiting
    Dec 9 13:19:35	openvpn[68899]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Dec 9 13:19:35	openvpn[68899]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 9 13:19:35	openvpn[68899]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Dec 9 13:19:35	openvpn[68899]: TUN/TAP device /dev/tun1 opened
    Dec 9 13:19:35	openvpn[68899]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Dec 9 13:19:35	openvpn[68899]: /sbin/ifconfig ovpnc1 172.16.0.2 172.16.0.1 mtu 1500 netmask 255.255.255.255 up
    Dec 9 13:19:35	openvpn[68899]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 172.16.0.2 172.16.0.1 init
    Dec 9 13:19:35	openvpn[68899]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Dec 9 13:19:35	openvpn[69927]: UDPv4 link local (bound): [AF_INET]192.168.0.11
    Dec 9 13:19:35	openvpn[69927]: UDPv4 link remote: [AF_INET]179.223.136.239:1194
    Dec 9 13:19:39	openvpn[69927]: Peer Connection Initiated with [AF_INET]179.223.136.239:1194
    Dec 9 13:19:39	openvpn[69927]: Initialization Sequence Completed
    Dec 9 18:59:07	openvpn[69927]: event_wait : Interrupted system call (code=4)
    Dec 9 18:59:07	openvpn[69927]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1560 172.16.0.2 172.16.0.1 init
    Dec 9 18:59:08	openvpn[69927]: SIGTERM[hard,] received, process exiting
    Dec 9 18:59:08	openvpn[87360]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Dec 9 18:59:08	openvpn[87360]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 9 18:59:08	openvpn[87360]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Dec 9 18:59:08	openvpn[87360]: TUN/TAP device /dev/tun1 opened
    Dec 9 18:59:08	openvpn[87360]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Dec 9 18:59:08	openvpn[87360]: /sbin/ifconfig ovpnc1 172.16.0.2 172.16.0.1 mtu 1500 netmask 255.255.255.255 up
    Dec 9 18:59:08	openvpn[87360]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 172.16.0.2 172.16.0.1 init
    Dec 9 18:59:08	openvpn[87360]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Dec 9 18:59:08	openvpn[88401]: UDPv4 link local (bound): [AF_INET]192.168.0.11
    Dec 9 18:59:08	openvpn[88401]: UDPv4 link remote: [AF_INET]179.223.136.239:1194
    Dec 9 18:59:10	openvpn[88401]: Peer Connection Initiated with [AF_INET]179.223.136.239:1194
    Dec 9 18:59:10	openvpn[88401]: Initialization Sequence Completed
    

    Logs OPENVPN Server

    Dec 9 12:43:30	openvpn[97235]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Dec 9 12:43:32	openvpn[97235]: event_wait : Interrupted system call (code=4)
    Dec 9 12:43:32	openvpn[97235]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.0.1 172.16.0.2 init
    Dec 9 12:43:32	openvpn[97235]: SIGTERM[hard,] received, process exiting
    Dec 9 12:43:32	openvpn[45397]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Dec 9 12:43:32	openvpn[45397]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 9 12:43:32	openvpn[45397]: TUN/TAP device ovpns1 exists previously, keep at program end
    Dec 9 12:43:32	openvpn[45397]: TUN/TAP device /dev/tun1 opened
    Dec 9 12:43:32	openvpn[45397]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Dec 9 12:43:32	openvpn[45397]: /sbin/ifconfig ovpns1 172.16.0.1 172.16.0.2 mtu 1500 netmask 255.255.255.255 up
    Dec 9 12:43:32	openvpn[45397]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.0.1 172.16.0.2 init
    Dec 9 12:43:32	openvpn[46888]: UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
    Dec 9 12:43:32	openvpn[46888]: UDPv4 link remote: [undef]
    Dec 9 12:43:38	openvpn[46888]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Dec 9 12:43:54	openvpn[46888]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Dec 9 12:44:25	openvpn[46888]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Dec 9 12:44:27	openvpn[46888]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Dec 9 12:44:31	openvpn[46888]: Authenticate/Decrypt packet error: packet HMAC authentication failed
    Dec 9 12:44:34	openvpn[46888]: Peer Connection Initiated with [AF_INET]179.223.160.169:37415
    Dec 9 12:44:34	openvpn[46888]: Initialization Sequence Completed
    Dec 9 13:19:06	openvpn[46888]: event_wait : Interrupted system call (code=4)
    Dec 9 13:19:06	openvpn[46888]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.0.1 172.16.0.2 init
    Dec 9 13:19:06	openvpn[46888]: SIGTERM[hard,] received, process exiting
    Dec 9 13:19:07	openvpn[76184]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Dec 9 13:19:07	openvpn[76184]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 9 13:19:07	openvpn[76184]: TUN/TAP device ovpns1 exists previously, keep at program end
    Dec 9 13:19:07	openvpn[76184]: TUN/TAP device /dev/tun1 opened
    Dec 9 13:19:07	openvpn[76184]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Dec 9 13:19:07	openvpn[76184]: /sbin/ifconfig ovpns1 172.16.0.1 172.16.0.2 mtu 1500 netmask 255.255.255.255 up
    Dec 9 13:19:07	openvpn[76184]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.0.1 172.16.0.2 init
    Dec 9 13:19:07	openvpn[77740]: UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
    Dec 9 13:19:07	openvpn[77740]: UDPv4 link remote: [undef]
    Dec 9 13:19:16	openvpn[77740]: Peer Connection Initiated with [AF_INET]179.223.160.169:37415
    Dec 9 13:19:18	openvpn[77740]: Initialization Sequence Completed
    Dec 9 13:19:35	openvpn[77740]: Peer Connection Initiated with [AF_INET]179.223.160.169:30021
    Dec 9 18:58:55	openvpn[77740]: event_wait : Interrupted system call (code=4)
    Dec 9 18:58:55	openvpn[77740]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.0.1 172.16.0.2 init
    Dec 9 18:58:55	openvpn[77740]: SIGTERM[hard,] received, process exiting
    Dec 9 18:58:55	openvpn[57328]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Dec 9 18:58:55	openvpn[57328]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Dec 9 18:58:55	openvpn[57328]: TUN/TAP device ovpns1 exists previously, keep at program end
    Dec 9 18:58:55	openvpn[57328]: TUN/TAP device /dev/tun1 opened
    Dec 9 18:58:55	openvpn[57328]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Dec 9 18:58:55	openvpn[57328]: /sbin/ifconfig ovpns1 172.16.0.1 172.16.0.2 mtu 1500 netmask 255.255.255.255 up
    Dec 9 18:58:55	openvpn[57328]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.0.1 172.16.0.2 init
    Dec 9 18:58:55	openvpn[58331]: UDPv4 link local (bound): [AF_INET]192.168.0.2:1194
    Dec 9 18:58:55	openvpn[58331]: UDPv4 link remote: [undef]
    Dec 9 18:59:04	openvpn[58331]: Peer Connection Initiated with [AF_INET]179.223.160.169:30021
    Dec 9 18:59:04	openvpn[58331]: Initialization Sequence Completed
    Dec 9 18:59:08	openvpn[58331]: Peer Connection Initiated with [AF_INET]179.223.160.169:46741
    

    Acho que é isso, alguem me diz onde to errando que vou fazer aniversario de 3 semanas tentando configurar.

    Eu disponibilizei acesso remoto em ambos caso alguém queira configurar para mim me manda PM com o preço, que eu pago porque se eu nao conseguir rodar até amanha vou jogar esses dois PC do 6 andar!

    Att.



  • Sua configuração de rede remota no cliente está errada, coloque 192.168.2.0/24, marque Compress tunnel packets using the LZO algorithm dos dois lados e em Concurrent connections coloque 1(lado servidor).

    aaaa e fui ver isso agora, apague o endereço do teu servidor no print do lado cliente pois da acesso ao teu pfSense…



  • @FabianVitali:

    Sua configuração de rede remota no cliente está errada, coloque 192.168.2.0/24, marque Compress tunnel packets using the LZO algorithm dos dois lados e em Concurrent connections coloque 1(lado servidor).

    aaaa e fui ver isso agora, apague o endereço do teu servidor no print do lado cliente pois da acesso ao teu pfSense…

    \o vou  fazer isso agora, jaja coloco aqui se deu certo.

    Att.

    === EDITADO ===

    FabianVitai me passa ou teu endereço ou tua conta bancaria pra eu te mandar um presente que tu merece pqp, essa porra funcionou perfeitamente!

    Fico aguardando sua PM com os dados.

    Att Obrigadao!