Sim ela foi criada. todo trafego da interface WAN destinado a porta 1194 está permitido.
2009/8/17 mantunes <[email protected]> > criou uma regra liberando a porta do OpenVPN ? > > 2009/8/17 Paulo Henrique <[email protected]>: > > Olá a todos da lista estou implementanto uma VPN usando o OpenVPN sobre o > > PFSense, em que o mesmo está me retornando alguns erros. > > Segue eles, > > As configuraçoes dos equipamentos são: > > > > Processador: Celeron D 440 > > Memória DDR2: 1 Gbs > > HD: 80 Gbs Sata 2 > > Placa-mãe: Intel Desktop Board G31 PRBR > > Fonte de alimentação 300 Watts real. > > > > Sistema Operacional: PFSense - 1.2.3 RC1 > > Squid Proxy Server: 2.6.21_10 > > Squidguard: 1.3-2 > > > > Interface de rede WAN GW-mz: 192.168.0.117/24 > > Interface de rede LAN GW-mz: 192.168.0.80/24 > > Interface de rede WAN GW-fl 192.168.0.116/24 > > interface de rede LAN GWfl 192.168.1.1/24 > > > > No caso estou fazendo em laboratorio, e depois colocarei para ADSL + > no-IP > > > > o Pool de endereços está configurado para 192.168.2.0/24 > > > > Se desejarem a configuração descrita eu posto ela. > > > > Segue os logs das vpn > > Logs do lado Cliente: > > > > {LOG CLIENTE] > > > > Aug 17 18:02:43 openvpn[5693]: SIGTERM[hard,init_instance] received, > > process exiting > > Aug 17 18:02:45 openvpn[6033]: OpenVPN 2.0.6 i386-portbld-freebsd7.1 > > [SSL] [LZO] built on Apr 22 2009 > > Aug 17 18:02:45 openvpn[6033]: IMPORTANT: OpenVPN's default port > number > > is now 1194, based on an official port number assignment by IANA. OpenVPN > > 2.0-beta16 and earlier used 5000 as the default port. > > Aug 17 18:02:45 openvpn[6033]: WARNING: No server certificate > > verification method has been enabled. See > > http://openvpn.net/howto.html#mitmfor more info. > > Aug 17 18:02:45 openvpn[6033]: WARNING: file > > '/var/etc/openvpn_client0.key' is group or others accessible > > Aug 17 18:02:45 openvpn[6038]: Attempting to establish TCP connection > > with 192.168.0.117:1194 > > Aug 17 18:04:02 openvpn[6038]: TCP: connect to > > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed > > out (errno=60) > > Aug 17 18:05:23 openvpn[6038]: TCP: connect to > > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed > > out (errno=60) > > Aug 17 18:06:30 openvpn[6038]: SIGTERM[hard,init_instance] received, > > process exiting > > Aug 17 18:06:32 openvpn[6548]: OpenVPN 2.0.6 i386-portbld-freebsd7.1 > > [SSL] [LZO] built on Apr 22 2009 > > Aug 17 18:06:32 openvpn[6548]: IMPORTANT: OpenVPN's default port > number > > is now 1194, based on an official port number assignment by IANA. OpenVPN > > 2.0-beta16 and earlier used 5000 as the default port. > > Aug 17 18:06:32 openvpn[6548]: WARNING: using --pull/--client and > > --ifconfig together is probably not what you want > > Aug 17 18:06:32 openvpn[6548]: WARNING: No server certificate > > verification method has been enabled. See > > http://openvpn.net/howto.html#mitmfor more info. > > Aug 17 18:06:32 openvpn[6548]: WARNING: file > > '/var/etc/openvpn_client0.key' is group or others accessible > > Aug 17 18:06:32 openvpn[6550]: Attempting to establish TCP connection > > with 192.168.0.117:1194 > > Aug 17 18:07:49 openvpn[6550]: TCP: connect to > > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed > > out (errno=60) > > Aug 17 18:09:10 openvpn[6550]: TCP: connect to > > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed > > out (errno=60) > > Aug 17 18:10:32 openvpn[6550]: TCP: connect to > > 192.168.0.117:1194failed, will try again in 5 seconds: Operation timed > > out (errno=60) > > Aug 17 18:10:43 openvpn[6550]: SIGTERM[hard,init_instance] received, > > process exiting > > Aug 17 18:10:45 openvpn[7053]: OpenVPN 2.0.6 i386-portbld-freebsd7.1 > > [SSL] [LZO] built on Apr 22 2009 > > Aug 17 18:10:45 openvpn[7053]: IMPORTANT: OpenVPN's default port > number > > is now 1194, based on an official port number assignment by IANA. OpenVPN > > 2.0-beta16 and earlier used 5000 as the default port. > > Aug 17 18:10:45 openvpn[7053]: WARNING: using --pull/--client and > > --ifconfig together is probably not what you want > > Aug 17 18:10:45 openvpn[7053]: WARNING: No server certificate > > verification method has been enabled. See > > http://openvpn.net/howto.html#mitmfor more info. > > Aug 17 18:10:45 openvpn[7053]: WARNING: file > > '/var/etc/openvpn_client0.key' is group or others accessible > > Aug 17 18:10:45 openvpn[7053]: LZO compression initialized > > Aug 17 18:10:45 openvpn[7058]: Attempting to establish TCP connection > > with 192.168.0.117:1194 > > > > > > [LOG SERVER] > > > > Aug 17 18:10:33 openvpn[6605]: /etc/rc.filter_configure tun0 1500 1559 > > 192.168.2.1 192.168.2.2 init Aug 17 18:10:33 openvpn[6605]: > SIGTERM[hard,] > > received, process exiting Aug 17 18:10:35 openvpn[7836]: OpenVPN 2.0.6 > > i386-portbld-freebsd7.1 [SSL] [LZO] built on Apr 22 2009 Aug 17 > > 18:10:35 openvpn[7836]: > > WARNING: file '/var/etc/openvpn_server0.key' is group or others > accessible Aug > > 17 18:10:35 openvpn[7836]: gw 192.168.0.100 Aug 17 18:10:35 > openvpn[7836]: > > TUN/TAP device /dev/tun0 opened Aug 17 18:10:35 openvpn[7836]: > > /sbin/ifconfig tun0 192.168.2.1 192.168.2.2 mtu 1500 netmask > 255.255.255.255 > > up Aug 17 18:10:35 openvpn[7836]: /etc/rc.filter_configure tun0 1500 > 1560 > > 192.168.2.1 192.168.2.2 init Aug 17 18:10:35 openvpn[7851]: Listening > for > > incoming TCP connection on [undef]:1194 Aug 17 18:10:35 openvpn[7851]: > > TCPv4_SERVER link local (bound): [undef]:1194 Aug 17 18:10:35 > openvpn[7851]: > > TCPv4_SERVER link remote: [undef] Aug 17 18:10:35 openvpn[7851]: > > Initialization Sequence Completed > > [END LOG ] > > > > No caso, já reanalisei toda a configuração e não encontro onde pode estar > > gerando esse problema. > > > > É a primeira vez que configura o OpenVPN sobre o PFSense antes só no > > FreeBSD, onde consigo ver que está funcionando o tunnel. > > Sem mais agradeço. > > > > Paulo Henrique. > > ------------------------- > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > > > > > -- > Marcio Antunes > Powered by FreeBSD > ================================== > * Windows: "Where do you want to go tomorrow?" > * Linux: "Where do you want to go today?" > * FreeBSD: "Are you, guys, comming or what?" > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
