« previous next »
Pages: [1]

Author Topic: [ RESOLVIDO ] Problema com OpenVPN  (Read 1899 times)

Gilberto Ferreira

  • Zen Hero
  • *****
  • Posts: 516
  • Karma: +12/-1
    • View Profile
[ RESOLVIDO ] Problema com OpenVPN
« on: July 02, 2013, 01:52:27 am »
Amigos...

Estou tentando configurar uma VPN site-to-site com OpenVPN e não estou conseguindo.

Configurei 2 servidores Zentyal.
Um na matriz e outro na minha casa, que será nesse cenário a filial...

SIDE A (MATRIZ:

eth0 - 192.168.1.3 - ADSL
eth1 - 192.168.0.254 - Gateway interno para a rede e com DHCP para os clientes windows

tun0 - 192.168.161.6

SIDE B:

eth0 - 192.168.1.114 - ADSL
eth1 - 192.168.10.254 - Gateway para um cliente windows

tun0 - 192.168.161.5

Depois de conectado a VPN, eu não consigo pingar da Matriz para o gateway da FIlial, mas o contrário sim.

Também não consigo pingar nenhuma cliente atras da VPN.

Segue os logs abaixo.


Mon Jul  1 20:28:18 2013 MULTI: multi_create_instance called
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 Re-using SSL/TLS context
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 LZO compression initialized
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 Local Options hash (VER=V4): '530fdded'
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 Expected Remote Options hash (VER=V4): '41690919'
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 TLS: Initial packet from [AF_INET]177.16.56.230:43116 (via [AF_INET]192.168.1.3%eth0), sid=6743b87f 2392c734
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 CRL CHECK OK: /O=GTP-VPN/CN=Certification_Authority_Certificate
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 VERIFY OK: depth=1, /O=GTP-VPN/CN=Certification_Authority_Certificate
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 VERIFY X509NAME OK: /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 CRL CHECK OK: /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul  1 20:28:18 2013 177.16.56.230:43116 VERIFY OK: depth=0, /O=GTP-VPN/CN=GTP-FILIAL
Mon Jul  1 20:28:23 2013 177.16.56.230:43116 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul  1 20:28:23 2013 177.16.56.230:43116 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul  1 20:28:23 2013 177.16.56.230:43116 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jul  1 20:28:23 2013 177.16.56.230:43116 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul  1 20:28:23 2013 177.16.56.230:43116 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul  1 20:28:23 2013 177.16.56.230:43116 [GTP-FILIAL] Peer Connection Initiated with [AF_INET]177.16.56.230:43116 (via [AF_INET]192.168.1.3%eth0)
Mon Jul  1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI_sva: pool returned IPv4=192.168.161.6, IPv6=3f00::3000:0:143a:78b7
Mon Jul  1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI: Learn: 192.168.161.6 -> GTP-FILIAL/177.16.56.230:43116
Mon Jul  1 20:28:23 2013 GTP-FILIAL/177.16.56.230:43116 MULTI: primary virtual IP for GTP-FILIAL/177.16.56.230:43116: 192.168.161.6
Mon Jul  1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 PUSH: Received control message: 'PUSH_REQUEST'
Mon Jul  1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 send_push_reply(): safe_cap=960
Mon Jul  1 20:28:25 2013 GTP-FILIAL/177.16.56.230:43116 SENT CONTROL [GTP-FILIAL]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.161.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.161.6 192.168.161.5' (status=1)

SIDE B:

Mon Jul  1 20:28:25 2013 ROUTE: default_gateway=UNDEF
Mon Jul  1 20:28:25 2013 TUN/TAP device tun0 opened
Mon Jul  1 20:28:25 2013 TUN/TAP TX queue length set to 100
Mon Jul  1 20:28:25 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul  1 20:28:25 2013 /sbin/ifconfig tun0 192.168.161.6 pointopoint 192.168.161.5 mtu 1500
Mon Jul  1 20:28:26 2013 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.161.5
Mon Jul  1 20:28:26 2013 /sbin/route add -net 192.168.161.1 netmask 255.255.255.255 gw 192.168.161.5
Mon Jul  1 20:28:26 2013 GID set to nogroup
Mon Jul  1 20:28:26 2013 UID set to nobody
Mon Jul  1 20:28:26 2013 Initialization Sequence Completed


Se alguém puder ajudar agradeço...

Valeu
« Last Edit: July 02, 2013, 11:24:35 pm by Gilberto Ferreira »
Logged

Gilberto Ferreira

  • Zen Hero
  • *****
  • Posts: 516
  • Karma: +12/-1
    • View Profile
[ RESOLVIDO ] Re: Problema com OpenVPN
« Reply #1 on: July 02, 2013, 04:35:04 am »
Tô vendo aqui agora, que em ambas as pontas, os modens ADSL em o IP 192.168.1.xxx, pra se comunicar com o Zentyal.

Tipo, no LADO A, o IP do Zentyal que comunica com o Modem ADSL é 192.168.1.3 e no LADO B, o IP do Zentyal é 192.168.1.114.

Isso deve de alguma forma afetar a VPN não??

O que acham???

Valeu
« Last Edit: July 02, 2013, 11:23:58 pm by Gilberto Ferreira »
Logged

Gilberto Ferreira

  • Zen Hero
  • *****
  • Posts: 516
  • Karma: +12/-1
    • View Profile
[ RESOLVIDO ] Re: Problema com OpenVPN
« Reply #2 on: July 02, 2013, 04:37:29 am »
Entretando, só pra lembra que estou tendo problema só com site-to-site.
Client-to-site funciona 100%....

Preciso de ajuda.. rsrs

Obrigado
« Last Edit: July 02, 2013, 11:24:09 pm by Gilberto Ferreira »
Logged

Gilberto Ferreira

  • Zen Hero
  • *****
  • Posts: 516
  • Karma: +12/-1
    • View Profile
[ RESOLVIDO ] Re: Problema com OpenVPN
« Reply #3 on: July 02, 2013, 10:20:50 pm »
Boa tarde amigos...

Resolvi o problema. Ocorre que a ADSL da Matriz e a da Filial estavam com o mesmo IP entre o modem e o Zentyal... Na mesma faixa de IP> 192.168.1.0/255.255.255.0

Isso interfere na VPN.

Depois que mudei, funcionou...

Valeu.
« Last Edit: July 02, 2013, 11:24:20 pm by Gilberto Ferreira »
Logged
Pages: [1]
« previous next »