[FUG-BR] [PFSense][OpenVPN] - Hard,init_instance
Paulo Henrique
paulo.rddck em bsd.com.br
Segunda Agosto 17 16:37:44 BRT 2009
Olá a todos da lista estou implementanto uma VPN usando o OpenVPN sobre o
PFSense, em que o mesmo está me retornando alguns erros.
Segue eles,
As configuraçoes dos equipamentos são:
Processador: Celeron D 440
Memória DDR2: 1 Gbs
HD: 80 Gbs Sata 2
Placa-mãe: Intel Desktop Board G31 PRBR
Fonte de alimentação 300 Watts real.
Sistema Operacional: PFSense - 1.2.3 RC1
Squid Proxy Server: 2.6.21_10
Squidguard: 1.3-2
Interface de rede WAN GW-mz: 192.168.0.117/24
Interface de rede LAN GW-mz: 192.168.0.80/24
Interface de rede WAN GW-fl 192.168.0.116/24
interface de rede LAN GWfl 192.168.1.1/24
No caso estou fazendo em laboratorio, e depois colocarei para ADSL + no-IP
o Pool de endereços está configurado para 192.168.2.0/24
Se desejarem a configuração descrita eu posto ela.
Segue os logs das vpn
Logs do lado Cliente:
{LOG CLIENTE]
Aug 17 18:02:43 openvpn[5693]: SIGTERM[hard,init_instance] received,
process exiting
Aug 17 18:02:45 openvpn[6033]: OpenVPN 2.0.6 i386-portbld-freebsd7.1
[SSL] [LZO] built on Apr 22 2009
Aug 17 18:02:45 openvpn[6033]: IMPORTANT: OpenVPN's default port number
is now 1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Aug 17 18:02:45 openvpn[6033]: WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitmfor more info.
Aug 17 18:02:45 openvpn[6033]: WARNING: file
'/var/etc/openvpn_client0.key' is group or others accessible
Aug 17 18:02:45 openvpn[6038]: Attempting to establish TCP connection
with 192.168.0.117:1194
Aug 17 18:04:02 openvpn[6038]: TCP: connect to
192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
out (errno=60)
Aug 17 18:05:23 openvpn[6038]: TCP: connect to
192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
out (errno=60)
Aug 17 18:06:30 openvpn[6038]: SIGTERM[hard,init_instance] received,
process exiting
Aug 17 18:06:32 openvpn[6548]: OpenVPN 2.0.6 i386-portbld-freebsd7.1
[SSL] [LZO] built on Apr 22 2009
Aug 17 18:06:32 openvpn[6548]: IMPORTANT: OpenVPN's default port number
is now 1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Aug 17 18:06:32 openvpn[6548]: WARNING: using --pull/--client and
--ifconfig together is probably not what you want
Aug 17 18:06:32 openvpn[6548]: WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitmfor more info.
Aug 17 18:06:32 openvpn[6548]: WARNING: file
'/var/etc/openvpn_client0.key' is group or others accessible
Aug 17 18:06:32 openvpn[6550]: Attempting to establish TCP connection
with 192.168.0.117:1194
Aug 17 18:07:49 openvpn[6550]: TCP: connect to
192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
out (errno=60)
Aug 17 18:09:10 openvpn[6550]: TCP: connect to
192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
out (errno=60)
Aug 17 18:10:32 openvpn[6550]: TCP: connect to
192.168.0.117:1194failed, will try again in 5 seconds: Operation timed
out (errno=60)
Aug 17 18:10:43 openvpn[6550]: SIGTERM[hard,init_instance] received,
process exiting
Aug 17 18:10:45 openvpn[7053]: OpenVPN 2.0.6 i386-portbld-freebsd7.1
[SSL] [LZO] built on Apr 22 2009
Aug 17 18:10:45 openvpn[7053]: IMPORTANT: OpenVPN's default port number
is now 1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Aug 17 18:10:45 openvpn[7053]: WARNING: using --pull/--client and
--ifconfig together is probably not what you want
Aug 17 18:10:45 openvpn[7053]: WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitmfor more info.
Aug 17 18:10:45 openvpn[7053]: WARNING: file
'/var/etc/openvpn_client0.key' is group or others accessible
Aug 17 18:10:45 openvpn[7053]: LZO compression initialized
Aug 17 18:10:45 openvpn[7058]: Attempting to establish TCP connection
with 192.168.0.117:1194
[LOG SERVER]
Aug 17 18:10:33 openvpn[6605]: /etc/rc.filter_configure tun0 1500 1559
192.168.2.1 192.168.2.2 init Aug 17 18:10:33 openvpn[6605]: SIGTERM[hard,]
received, process exiting Aug 17 18:10:35 openvpn[7836]: OpenVPN 2.0.6
i386-portbld-freebsd7.1 [SSL] [LZO] built on Apr 22 2009 Aug 17
18:10:35 openvpn[7836]:
WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible Aug
17 18:10:35 openvpn[7836]: gw 192.168.0.100 Aug 17 18:10:35 openvpn[7836]:
TUN/TAP device /dev/tun0 opened Aug 17 18:10:35 openvpn[7836]:
/sbin/ifconfig tun0 192.168.2.1 192.168.2.2 mtu 1500 netmask 255.255.255.255
up Aug 17 18:10:35 openvpn[7836]: /etc/rc.filter_configure tun0 1500 1560
192.168.2.1 192.168.2.2 init Aug 17 18:10:35 openvpn[7851]: Listening for
incoming TCP connection on [undef]:1194 Aug 17 18:10:35 openvpn[7851]:
TCPv4_SERVER link local (bound): [undef]:1194 Aug 17 18:10:35 openvpn[7851]:
TCPv4_SERVER link remote: [undef] Aug 17 18:10:35 openvpn[7851]:
Initialization Sequence Completed
[END LOG ]
No caso, já reanalisei toda a configuração e não encontro onde pode estar
gerando esse problema.
É a primeira vez que configura o OpenVPN sobre o PFSense antes só no
FreeBSD, onde consigo ver que está funcionando o tunnel.
Sem mais agradeço.
Paulo Henrique.
Mais detalhes sobre a lista de discussão freebsd