Amigos...
Estou tentando configurar uma VPN site-to-site com OpenVPN e não estou conseguindo.
Configurei 2 servidores Zentyal.
Um na matriz e outro na minha casa, que será nesse cenário a filial...
SIDE A (MATRIZ:
eth0 - 192.168.1.3 - ADSL
eth1 - 192.168.0.254 - Gateway interno para a rede e com DHCP para os clientes windows
tun0 - 192.168.161.6
SIDE B:
eth0 - 192.168.1.114 - ADSL
eth1 - 192.168.10.254 - Gateway para um cliente windows
tun0 - 192.168.161.5
Depois de conectado a VPN, eu não consigo pingar da Matriz para o gateway da FIlial, mas o contrário sim.
Também não consigo pingar nenhuma cliente atras da VPN.
Segue os logs abaixo.
Mon Jul 1 20:28:18 2013 MULTI: multi_create_instance called
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Re-using SSL/TLS context
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 LZO compression initialized
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Local Options hash (VER=V4): '530fdded'
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 Expected Remote Options hash (VER=V4): '41690919'
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 TLS: Initial packet from [AF_INET]177.16.56.230:43116 (via [AF_INET]192.168.1.3%eth0), sid=6743b87f 2392c734
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 CRL CHECK OK: /O=GTP-VPN/CN=Certification_Authority_Certificate
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 VERIFY OK: depth=1, /O=GTP-VPN/CN=Certification_Authority_Certificate
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 VERIFY X509NAME OK: /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 CRL CHECK OK: /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul 1 20:28:18 2013 177.16.56.230:43116 VERIFY OK: depth=0, /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 1 20:28:23 2013 177.16.56.230:43116 [GTP-FILIAL] Peer Connection Initiated with [AF_INET]177.16.56.230:43116 (via [AF_INET]192.168.1.3%eth0)
Mon Jul 1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI_sva: pool returned IPv4=192.168.161.6, IPv6=3f00::3000:0:143a:78b7
Mon Jul 1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI: Learn: 192.168.161.6 -> GTP-FILIAL/177.16.56.230:43116
Mon Jul 1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI: primary virtual IP for GTP-FILIAL/177.16.56.230:43116: 192.168.161.6
Mon Jul 1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul 1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 send_push_reply(): safe_cap=960
Mon Jul 1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 SENT CONTROL [GTP-FILIAL]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.161.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.161.6 192.168.161.5' (status=1)
SIDE B:
Mon Jul 1 20:28:25 2013 ROUTE: default_gateway=UNDEF
Mon Jul 1 20:28:25 2013 TUN/TAP device tun0 opened
Mon Jul 1 20:28:25 2013 TUN/TAP TX queue length set to 100
Mon Jul 1 20:28:25 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul 1 20:28:25 2013 /sbin/ifconfig tun0 192.168.161.6 pointopoint 192.168.161.5 mtu 1500
Mon Jul 1 20:28:26 2013 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.161.5
Mon Jul 1 20:28:26 2013 /sbin/route add -net 192.168.161.1 netmask 255.255.255.255 gw 192.168.161.5
Mon Jul 1 20:28:26 2013 GID set to nogroup
Mon Jul 1 20:28:26 2013 UID set to nobody
Mon Jul 1 20:28:26 2013 Initialization Sequence Completed
Se alguém puder ajudar agradeço...
Valeu