[FUG-BR] dificuldades com vpn entre linux e freebsd
marvelrat
marvelrat em bol.com.br
Domingo Setembro 28 15:19:25 BRT 2008
pois entao pessoal
obrigado pelas dicas...tentei todas ...porém o problema em inserir a
rota persiste.
sempre tentocolocar a rota da estes erros...
se vou colocar a bendita rota na mao,,...da inalcancável.....
a rota eh a mesma usada em outros clientes....
Sep 28 15:12:39 filial openvpn[17176]: Options error: Unrecognized
option or missing parameter(s) in
/usr/local/etc/openvpn/openvpn.conf:8: ./filial.up (2.0.6)
Sep 28 15:12:39 filial openvpn[17176]: Use --help for more information.
Â
Em 26/09/2008 18:35, Wanderson Tinti  escreveu:
Boa noite lista.
Marvelrat, uso vpn em varias maquinas linux e windows. Quando
presciso chamar um script pra inserir uma rota eu uso as seguintes
configuracao na conf da vpn:
route-up /etc/openvpn/rota.sh
Um exemplo:
-------------------------------------------
remote 200.200.200.2
rport 5106
dev tap
ifconfig 10.0.6.2 255.255.255.252
secret static.key
route-up rout.bat
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
verb 3
mute 10
comp-lzo
log vpn.log
----------------------------------
att,
2008/9/26 Cristina Fernandes Silva :
> Tenta essa configuração
>
> float
> port 5511
> dev tun
> dev-node TAP
> proto tcp-client
> remote 201.X.X.X
> ping 10
> persist-tun
> persist-key
> tls-client
> ca ca.crt
> cert filal.crt
> key filal.key
> ns-cert-type server
> pull
> verb 3
>
>
> Lembrando que os nomes dos certificados e key tem que ser igual ao
seus..
>
> 2008/9/26 marvelrat :
>>
>>
>> ola pessoal
>>
>> estou com um cliente vpn (openvpn) e o tronco eh linux.
>>
>> porem estou tendo varios problemas.
>>
>> Na hora de subir com a configuração normal que usamos em outros
>> clientes linux ele na consegue carregar o arquivo que insere a
rota.Ã
>>
>>
>> openvpn.conf inicial:
>>
>>
>>
>> Ã dev tun
>> remote 200.x.x.x
>> ifconfig 15.15.0.211 15.15.0.101
>> cd /usr/local/etc/openvpn/
>> up ./filial.up
>> secret filial.key
>> port 5511
>> ping 15
>> ping-restart 40
>> ping-timer-rem
>> persist-tun
>> persist-key
>> verb 3
>>
>>
>> erros:Ã Starting openvpn.
>> ./filial.up: not found
>>
>>
>> ok, tirei o up da frente e:
>>
>> Ã Sep 26 16:30:56 filial openvpn[2812]: Options error:
Unrecognized
>> option or missing parameter(s) in
>> /usr/local/etc/openvpn/openvpn.conf:7: ./filial.up (2.0.6)
>>
>> Sep 26 16:30:56 filial openvpn[2812]: Use --help for more infor
mation.
>>
>> ifconfig:
>>
>>
>> tun0: flags=8010 metric 0 mtu 1500
>>
>>
>> Se retiro o tal do ./filial.up
>>
>>
>> e inicio o openvpn:
>>
>>
>> Sep 26 16:34:25 filial openvpn[2857]: OpenVPN 2.0.6
>> i386-portbld-freebsd7.0 [SSL] [LZO] built on Sep 26 2008
>> Sep 26 16:34:25 filial openvpn[2857]: WARNING: file 'filial.key'
is
>> group or others accessible
>> Sep 26 16:34:25 filial openvpn[2857]: Static Encrypt: Cipher
'BF-CBC'
>> initialized with 128 bit key
>> Sep 26 16:34:25 filial openvpn[2857]: Static Encrypt: Using 160
bit
>> message hash 'SHA1' for HMAC authentication
>> Sep 26 16:34:25 filial openvpn[2857]: Static Decrypt: Cipher
'BF-CBC'
>> initialized with 128 bit key
>> Sep 26 16:34:25 filial openvpn[2857]: Static Decrypt: Using 160
bit
>> message hash 'SHA1' for HMAC authentication
>> Sep 26 16:34:25 filial openvpn[2857]: TUN/TAP device /dev/tun0
opened
>> Se p 26 16:34:25 filial openvpn[2857]: /sbin/ifconfig tun0
15.15.0.211
>> 15.15.0.101 mtu 1500 netmask 255.255.255.255 up
>> Sep 26 16:34:25 filial openvpn[2857]: Data Channel MTU parms [
L:1544
>> D:1450 EF:44 EB:4 ET:0 EL:0 ]
>> Sep 26 16:34:25 filial openvpn[2857]: Local Options hash
(VER=V4):
>> '5aafc21d'
>> Sep 26 16:34:25 filial openvpn[2857]: Expected Remote Options
hash
>> (VER=V4): '2c56cbcf'
>> Sep 26 16:34:25 filial openvpn[2860]: UDPv4 link local (bound):
>> [undef]:5511
>> Sep 26 16:34:25 filial openvpn[2860]: UDPv4 link remote:
200.x.x.x:5511
>>
>>
>> ifconfig:
>>
>> Ã tun0: flags=8051 metric 0 mtu 1500
>> Ã Ã Ã Ã Ã Ã Ã inet 15.15.0.211 --> 15.15.0.101 netmask 0xffffffff
>> Ã Ã Ã Ã Ã Ã Ã Opened by PID 2857
>>
>>
>> tento um ping para a interface tun0 e nao tenho nenhuma resposta
( nao
>> tenho rota).
>>
>>
>> se tento colocar a rota...
>>
>> da network unreachable
>>
>> < /p>
>>
>> Ã route add -net 10.x.x.0 netmask 255.255.255.0 gw $5 (conteudo
do
>> arquivo filial.up, uma rota)
>>
>> route: writing to routing socket: Network is unreachable
>> add net 10.x.x.0: gateway netmask: Network is unreachable
>>
>>
>>
>> se coloco a rota direto no openvpn.conf:
>>
>>
>> Sep 26 16:44:14 filial openvpn[2952]: gw 10.1.1.1
>> Sep 26 16:44:14 filial openvpn[2952]: RESOLVE: Cannot parse IP
address:
>> -net
>> Sep 26 16:44:14 filial openvpn[2952]: OpenVPN ROUTE: failed to
>> parse/resolve route for host/network: add
>> Sep 26 16:44:14 filial openvpn[2952]: TUN/TAP device /dev/tun0
opened
>> Sep 26 16:44:14 filial openvpn[2952]: /sbin/ifconfig tun0
15.15.0.211
>> 15.15.0.101 mtu 1500 netmask 255.255.255.255 up
>> Sep 26 16:44:14 filial openvpn[2952]: Data Channel MTU parms [
L:1544
>> D:1450 EF:44 EB:4 ET:0 EL:0 ]
>> Sep 26 16:44:14 filial openvpn[2952]: Local Options hash
(VER=V4):
>> '5aafc21d'
>> Sep 26 16:44:14 filial openvpn[2952]: Expected Remote Options
hash
>> (VER=V4): '2c56cbcf'
>> Sep 26 16:44:14 filial openvpn[2955]: UDPv4 link local (bound):
>> [undef]:5511
>> Sep 26 16:44:14 filial openvpn[2955]: UDPv4 link remote:
200.x.x.x:5511
>>
>>
>>
>> se coloco entao:
>>
>>
>> push "route 10.x.x.0 255.255.255.0"
>>
>>
>> inicia ok, sem erros...
>>
>> mas ainda nao pinga
>>
>>
>>
>> detalhe:
>>
>> no linux funciona com esta configuração..exatamente.
>>
>>
>> por favor me dêem uma ajuda..
>>
>>
>> abraço
>>
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
>>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Mais detalhes sobre a lista de discussão freebsd