[FUG-BR] dificuldades com vpn entre linux e freebsd
Cristina Fernandes Silva
cristinafs.listas em gmail.com
Sexta Setembro 26 17:46:06 BRT 2008
Tenta essa configuração
float
port 5511
dev tun
dev-node TAP
proto tcp-client
remote 201.X.X.X
ping 10
persist-tun
persist-key
tls-client
ca ca.crt
cert filal.crt
key filal.key
ns-cert-type server
pull
verb 3
Lembrando que os nomes dos certificados e key tem que ser igual ao seus..
2008/9/26 marvelrat <marvelrat em bol.com.br>:
>
>
> ola pessoal
>
> estou com um cliente vpn (openvpn) e o tronco eh linux.
>
> porem estou tendo varios problemas.
>
> Na hora de subir com a configuração normal que usamos em outros
> clientes linux ele na consegue carregar o arquivo que insere a rota.Â
>
>
> openvpn.conf inicial:
>
>
>
> Â dev tun
> remote 200.x.x.x
> ifconfig 15.15.0.211 15.15.0.101
> cd /usr/local/etc/openvpn/
> up ./filial.up
> secret filial.key
> port 5511
> ping 15
> ping-restart 40
> ping-timer-rem
> persist-tun
> persist-key
> verb 3
>
>
> erros:Â Starting openvpn.
> ./filial.up: not found
>
>
> ok, tirei o up da frente e:
>
> Â Sep 26 16:30:56 filial openvpn[2812]: Options error: Unrecognized
> option or missing parameter(s) in
> /usr/local/etc/openvpn/openvpn.conf:7: ./filial.up (2.0.6)
>
> Sep 26 16:30:56 filial openvpn[2812]: Use --help for more infor mation.
>
> ifconfig:
>
>
> tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
>
>
> Se retiro o tal do ./filial.up
>
>
> e inicio o openvpn:
>
>
> Sep 26 16:34:25 filial openvpn[2857]: OpenVPN 2.0.6
> i386-portbld-freebsd7.0 [SSL] [LZO] built on Sep 26 2008
> Sep 26 16:34:25 filial openvpn[2857]: WARNING: file 'filial.key' is
> group or others accessible
> Sep 26 16:34:25 filial openvpn[2857]: Static Encrypt: Cipher 'BF-CBC'
> initialized with 128 bit key
> Sep 26 16:34:25 filial openvpn[2857]: Static Encrypt: Using 160 bit
> message hash 'SHA1' for HMAC authentication
> Sep 26 16:34:25 filial openvpn[2857]: Static Decrypt: Cipher 'BF-CBC'
> initialized with 128 bit key
> Sep 26 16:34:25 filial openvpn[2857]: Static Decrypt: Using 160 bit
> message hash 'SHA1' for HMAC authentication
> Sep 26 16:34:25 filial openvpn[2857]: TUN/TAP device /dev/tun0 opened
> Se p 26 16:34:25 filial openvpn[2857]: /sbin/ifconfig tun0 15.15.0.211
> 15.15.0.101 mtu 1500 netmask 255.255.255.255 up
> Sep 26 16:34:25 filial openvpn[2857]: Data Channel MTU parms [ L:1544
> D:1450 EF:44 EB:4 ET:0 EL:0 ]
> Sep 26 16:34:25 filial openvpn[2857]: Local Options hash (VER=V4):
> '5aafc21d'
> Sep 26 16:34:25 filial openvpn[2857]: Expected Remote Options hash
> (VER=V4): '2c56cbcf'
> Sep 26 16:34:25 filial openvpn[2860]: UDPv4 link local (bound):
> [undef]:5511
> Sep 26 16:34:25 filial openvpn[2860]: UDPv4 link remote: 200.x.x.x:5511
>
>
> ifconfig:
>
> Â tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
> Â Â Â Â Â Â Â inet 15.15.0.211 --> 15.15.0.101 netmask 0xffffffff
> Â Â Â Â Â Â Â Opened by PID 2857
>
>
> tento um ping para a interface tun0 e nao tenho nenhuma resposta ( nao
> tenho rota).
>
>
> se tento colocar a rota...
>
> da network unreachable
>
> < /p>
>
> Â route add -net 10.x.x.0 netmask 255.255.255.0 gw $5 (conteudo do
> arquivo filial.up, uma rota)
>
> route: writing to routing socket: Network is unreachable
> add net 10.x.x.0: gateway netmask: Network is unreachable
>
>
>
> se coloco a rota direto no openvpn.conf:
>
>
> Sep 26 16:44:14 filial openvpn[2952]: gw 10.1.1.1
> Sep 26 16:44:14 filial openvpn[2952]: RESOLVE: Cannot parse IP address:
> -net
> Sep 26 16:44:14 filial openvpn[2952]: OpenVPN ROUTE: failed to
> parse/resolve route for host/network: add
> Sep 26 16:44:14 filial openvpn[2952]: TUN/TAP device /dev/tun0 opened
> Sep 26 16:44:14 filial openvpn[2952]: /sbin/ifconfig tun0 15.15.0.211
> 15.15.0.101 mtu 1500 netmask 255.255.255.255 up
> Sep 26 16:44:14 filial openvpn[2952]: Data Channel MTU parms [ L:1544
> D:1450 EF:44 EB:4 ET:0 EL:0 ]
> Sep 26 16:44:14 filial openvpn[2952]: Local Options hash (VER=V4):
> '5aafc21d'
> Sep 26 16:44:14 filial openvpn[2952]: Expected Remote Options hash
> (VER=V4): '2c56cbcf'
> Sep 26 16:44:14 filial openvpn[2955]: UDPv4 link local (bound):
> [undef]:5511
> Sep 26 16:44:14 filial openvpn[2955]: UDPv4 link remote: 200.x.x.x:5511
>
>
>
> se coloco entao:
>
>
> push "route 10.x.x.0 255.255.255.0"
>
>
> inicia ok, sem erros...
>
> mas ainda nao pinga
>
>
>
> detalhe:
>
> no linux funciona com esta configuração..exatamente.
>
>
> por favor me dêem uma ajuda..
>
>
> abraço
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
>
Mais detalhes sobre a lista de discussão freebsd