[FUG-BR] dificuldades com vpn entre linux e freebsd

marvelrat marvelrat em bol.com.br
Sexta Setembro 26 17:02:33 BRT 2008 


   ola pessoal

   estou com um cliente vpn (openvpn) e o tronco eh linux.

   porem estou tendo varios problemas.

   Na hora de subir com a configuração normal que usamos em outros
   clientes linux ele na consegue carregar o arquivo que insere a rota.Â


   openvpn.conf inicial:



   Â dev tun
   remote 200.x.x.x
   ifconfig 15.15.0.211 15.15.0.101
   cd /usr/local/etc/openvpn/
   up ./filial.up
   secret filial.key
   port 5511
   ping 15
   ping-restart 40
   ping-timer-rem
   persist-tun
   persist-key
   verb 3


   erros:Â  Starting openvpn.
   ./filial.up: not found


   ok, tirei o up da frente e:

   Â Sep 26 16:30:56 filial openvpn[2812]: Options error: Unrecognized
   option or missing parameter(s) in
   /usr/local/etc/openvpn/openvpn.conf:7: ./filial.up (2.0.6)

   Sep 26 16:30:56 filial openvpn[2812]: Use --help for more infor mation.

   ifconfig:


   tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500


   Se retiro o tal do ./filial.up


   e inicio o openvpn:


   Sep 26 16:34:25 filial openvpn[2857]: OpenVPN 2.0.6
   i386-portbld-freebsd7.0 [SSL] [LZO] built on Sep 26 2008
   Sep 26 16:34:25 filial openvpn[2857]: WARNING: file 'filial.key' is
   group or others accessible
   Sep 26 16:34:25 filial openvpn[2857]: Static Encrypt: Cipher 'BF-CBC'
   initialized with 128 bit key
   Sep 26 16:34:25 filial openvpn[2857]: Static Encrypt: Using 160 bit
   message hash 'SHA1' for HMAC authentication
   Sep 26 16:34:25 filial openvpn[2857]: Static Decrypt: Cipher 'BF-CBC'
   initialized with 128 bit key
   Sep 26 16:34:25 filial openvpn[2857]: Static Decrypt: Using 160 bit
   message hash 'SHA1' for HMAC authentication
   Sep 26 16:34:25 filial openvpn[2857]: TUN/TAP device /dev/tun0 opened
   Se p 26 16:34:25 filial openvpn[2857]: /sbin/ifconfig tun0 15.15.0.211
   15.15.0.101 mtu 1500 netmask 255.255.255.255 up
   Sep 26 16:34:25 filial openvpn[2857]: Data Channel MTU parms [ L:1544
   D:1450 EF:44 EB:4 ET:0 EL:0 ]
   Sep 26 16:34:25 filial openvpn[2857]: Local Options hash (VER=V4):
   '5aafc21d'
   Sep 26 16:34:25 filial openvpn[2857]: Expected Remote Options hash
   (VER=V4): '2c56cbcf'
   Sep 26 16:34:25 filial openvpn[2860]: UDPv4 link local (bound):
   [undef]:5511
   Sep 26 16:34:25 filial openvpn[2860]: UDPv4 link remote: 200.x.x.x:5511


   ifconfig:

   Â tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
   Â Â Â Â Â Â Â  inet 15.15.0.211 --> 15.15.0.101 netmask 0xffffffff
   Â Â Â Â Â Â Â  Opened by PID 2857


   tento um ping para a interface tun0 e nao tenho nenhuma resposta ( nao
   tenho rota).


   se tento colocar a rota...

   da network unreachable

    < /p>

   Â route add -net 10.x.x.0 netmask 255.255.255.0 gw $5 (conteudo do
   arquivo filial.up, uma rota)

   route: writing to routing socket: Network is unreachable
   add net 10.x.x.0: gateway netmask: Network is unreachable



   se coloco a rota direto no openvpn.conf:


   Sep 26 16:44:14 filial openvpn[2952]: gw 10.1.1.1
   Sep 26 16:44:14 filial openvpn[2952]: RESOLVE: Cannot parse IP address:
   -net
   Sep 26 16:44:14 filial openvpn[2952]: OpenVPN ROUTE: failed to
   parse/resolve route for host/network: add
   Sep 26 16:44:14 filial openvpn[2952]: TUN/TAP device /dev/tun0 opened
   Sep 26 16:44:14 filial openvpn[2952]: /sbin/ifconfig tun0 15.15.0.211
   15.15.0.101 mtu 1500 netmask 255.255.255.255 up
   Sep 26 16:44:14 filial openvpn[2952]: Data Channel MTU parms [ L:1544
   D:1450 EF:44 EB:4 ET:0 EL:0 ]
   Sep 26 16:44:14 filial openvpn[2952]: Local Options hash (VER=V4):
   '5aafc21d'
   Sep 26 16:44:14 filial openvpn[2952]: Expected Remote Options hash
   (VER=V4): '2c56cbcf'
   Sep 26 16:44:14 filial openvpn[2955]: UDPv4 link local (bound):
   [undef]:5511
   Sep 26 16:44:14 filial openvpn[2955]: UDPv4 link remote: 200.x.x.x:5511



   se coloco entao:


   push "route 10.x.x.0 255.255.255.0"


   inicia ok, sem erros...

   mas ainda nao pinga



   detalhe:

   no linux funciona com esta configuração..exatamente.


   por favor me dêem uma ajuda..


   abraço

Mais detalhes sobre a lista de discussão freebsd