[FUG-BR] [PFSense][OpenVPN] - Hard,init_instance

Paulo Henrique paulo.rddck em bsd.com.br
Segunda Agosto 17 17:01:04 BRT 2009 

Sim ela foi criada.
todo trafego da interface WAN destinado a porta 1194 está permitido.

2009/8/17 mantunes <mantunes.listas em gmail.com>

> criou uma regra liberando a porta do OpenVPN ?
>
> 2009/8/17 Paulo Henrique <paulo.rddck em bsd.com.br>:
> > Olá a todos da lista estou implementanto uma VPN usando o OpenVPN sobre o
> > PFSense, em que o mesmo está me retornando alguns erros.
> > Segue eles,
> > As configuraçoes dos equipamentos são:
> >
> > Processador: Celeron D 440
> > Memória DDR2: 1 Gbs
> > HD: 80 Gbs Sata 2
> > Placa-mãe: Intel Desktop Board G31 PRBR
> > Fonte de alimentação 300 Watts real.
> >
> > Sistema Operacional: PFSense - 1.2.3 RC1
> > Squid Proxy Server: 2.6.21_10
> > Squidguard: 1.3-2
> >
> > Interface de rede WAN GW-mz: 192.168.0.117/24
> > Interface de rede LAN GW-mz: 192.168.0.80/24
> > Interface de rede WAN GW-fl 192.168.0.116/24
> > interface de rede LAN GWfl 192.168.1.1/24
> >
> > No caso estou fazendo em laboratorio, e depois colocarei para ADSL +
> no-IP
> >
> > o Pool de endereços está configurado para 192.168.2.0/24
> >
> > Se desejarem a configuração descrita eu posto ela.
> >
> > Segue os logs das vpn
> > Logs do lado Cliente:
> >
> > {LOG CLIENTE]
> >
> > Aug 17 18:02:43     openvpn[5693]: SIGTERM[hard,init_instance] received,
> > process exiting
> > Aug 17 18:02:45     openvpn[6033]: OpenVPN 2.0.6 i386-portbld-freebsd7.1
> > [SSL] [LZO] built on Apr 22 2009
> > Aug 17 18:02:45     openvpn[6033]: IMPORTANT: OpenVPN's default port
> number
> > is now 1194, based on an official port number assignment by IANA. OpenVPN
> > 2.0-beta16 and earlier used 5000 as the default port.
> > Aug 17 18:02:45     openvpn[6033]: WARNING: No server certificate
> > verification method has been enabled. See
> > http://openvpn.net/howto.html#mitmfor more info.
> > Aug 17 18:02:45     openvpn[6033]: WARNING: file
> > '/var/etc/openvpn_client0.key' is group or others accessible
> > Aug 17 18:02:45     openvpn[6038]: Attempting to establish TCP connection
> > with 192.168.0.117:1194
> > Aug 17 18:04:02     openvpn[6038]: TCP: connect to
> > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
> > out (errno=60)
> > Aug 17 18:05:23     openvpn[6038]: TCP: connect to
> > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
> > out (errno=60)
> > Aug 17 18:06:30     openvpn[6038]: SIGTERM[hard,init_instance] received,
> > process exiting
> > Aug 17 18:06:32     openvpn[6548]: OpenVPN 2.0.6 i386-portbld-freebsd7.1
> > [SSL] [LZO] built on Apr 22 2009
> > Aug 17 18:06:32     openvpn[6548]: IMPORTANT: OpenVPN's default port
> number
> > is now 1194, based on an official port number assignment by IANA. OpenVPN
> > 2.0-beta16 and earlier used 5000 as the default port.
> > Aug 17 18:06:32     openvpn[6548]: WARNING: using --pull/--client and
> > --ifconfig together is probably not what you want
> > Aug 17 18:06:32     openvpn[6548]: WARNING: No server certificate
> > verification method has been enabled. See
> > http://openvpn.net/howto.html#mitmfor more info.
> > Aug 17 18:06:32     openvpn[6548]: WARNING: file
> > '/var/etc/openvpn_client0.key' is group or others accessible
> > Aug 17 18:06:32     openvpn[6550]: Attempting to establish TCP connection
> > with 192.168.0.117:1194
> > Aug 17 18:07:49     openvpn[6550]: TCP: connect to
> > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
> > out (errno=60)
> > Aug 17 18:09:10     openvpn[6550]: TCP: connect to
> > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
> > out (errno=60)
> > Aug 17 18:10:32     openvpn[6550]: TCP: connect to
> > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
> > out (errno=60)
> > Aug 17 18:10:43     openvpn[6550]: SIGTERM[hard,init_instance] received,
> > process exiting
> > Aug 17 18:10:45     openvpn[7053]: OpenVPN 2.0.6 i386-portbld-freebsd7.1
> > [SSL] [LZO] built on Apr 22 2009
> > Aug 17 18:10:45     openvpn[7053]: IMPORTANT: OpenVPN's default port
> number
> > is now 1194, based on an official port number assignment by IANA. OpenVPN
> > 2.0-beta16 and earlier used 5000 as the default port.
> > Aug 17 18:10:45     openvpn[7053]: WARNING: using --pull/--client and
> > --ifconfig together is probably not what you want
> > Aug 17 18:10:45     openvpn[7053]: WARNING: No server certificate
> > verification method has been enabled. See
> > http://openvpn.net/howto.html#mitmfor more info.
> > Aug 17 18:10:45     openvpn[7053]: WARNING: file
> > '/var/etc/openvpn_client0.key' is group or others accessible
> > Aug 17 18:10:45     openvpn[7053]: LZO compression initialized
> > Aug 17 18:10:45     openvpn[7058]: Attempting to establish TCP connection
> > with 192.168.0.117:1194
> >
> >
> > [LOG SERVER]
> >
> > Aug 17 18:10:33 openvpn[6605]: /etc/rc.filter_configure tun0 1500 1559
> > 192.168.2.1 192.168.2.2 init  Aug 17 18:10:33 openvpn[6605]:
> SIGTERM[hard,]
> > received, process exiting  Aug 17 18:10:35 openvpn[7836]: OpenVPN 2.0.6
> > i386-portbld-freebsd7.1 [SSL] [LZO] built on Apr 22 2009  Aug 17
> > 18:10:35 openvpn[7836]:
> > WARNING: file '/var/etc/openvpn_server0.key' is group or others
> accessible  Aug
> > 17 18:10:35 openvpn[7836]: gw 192.168.0.100  Aug 17 18:10:35
> openvpn[7836]:
> > TUN/TAP device /dev/tun0 opened  Aug 17 18:10:35 openvpn[7836]:
> > /sbin/ifconfig tun0 192.168.2.1 192.168.2.2 mtu 1500 netmask
> 255.255.255.255
> > up  Aug 17 18:10:35 openvpn[7836]: /etc/rc.filter_configure tun0 1500
> 1560
> > 192.168.2.1 192.168.2.2 init  Aug 17 18:10:35 openvpn[7851]: Listening
> for
> > incoming TCP connection on [undef]:1194  Aug 17 18:10:35 openvpn[7851]:
> > TCPv4_SERVER link local (bound): [undef]:1194  Aug 17 18:10:35
> openvpn[7851]:
> > TCPv4_SERVER link remote: [undef]  Aug 17 18:10:35 openvpn[7851]:
> > Initialization Sequence Completed
> > [END LOG ]
> >
> > No caso, já reanalisei toda a configuração e não encontro onde pode estar
> > gerando esse problema.
> >
> > É a primeira vez que configura o OpenVPN sobre o PFSense antes só no
> > FreeBSD, onde consigo ver que está funcionando o tunnel.
> > Sem mais agradeço.
> >
> > Paulo Henrique.
> > -------------------------
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
>
>
>
> --
> Marcio Antunes
> Powered by FreeBSD
> ==================================
> * Windows: "Where do you want to go tomorrow?"
> * Linux: "Where do you want to go today?"
> * FreeBSD: "Are you, guys, comming or what?"
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>

Mais detalhes sobre a lista de discussão freebsd