Eu procurei em alguns tópicos e vi pessoas com o mesmo problema, inclusive no tópico Tutorial OpenVpn.
Realizei todos os passos e mesmo assim o segundo cliente não consegue comunicação com a rede do servidor, conecta mas não pinga em nada nem mesmo no 170.70.1.5.
Agradeço se puderem me ajudar, estou a dois dias quebrando cabeça nisso e não consigo resolver
Interface de rede Logica VPN (tudo conforme tutorial)
- Código: Selecionar todos
LINK_TYPE='static'
LINK_CONNECTION='local'
LINK_ALIAS='local'
LINK_IP='170.70.1.1'
LINK_NETMASK='255.255.255.0'
LINK_ADDITIONAL_IP=''
SERVIDOR
- Código: Selecionar todos
mode server
port 1194
proto tcp-server
dev tun
tun-mtu 1500
ca /var/cert/brazilfw.pem
cert /etc/brazilfw/cert/custom/7182903075d3f262ced2c3.crt
key /etc/brazilfw/cert/custom/7182903075d3f262ced2c3.key
dh /etc/brazilfw/cert/custom/dh1024.pem
server 170.70.1.0 255.255.255.0
keepalive 10 120
persist-key
persist-tun
verb 0
tls-server
script-security 2
auth-user-pass-verify /etc/ppp/ovpn-auth via-file
duplicate-cn
username-as-common-name
client-config-dir /etc/ovpn-ccd
cipher BF-CBC
auth SHA1
status /var/log/openvpn.log 10
status-version 2
writepid /var/run/openvpn_server.pid
daemon
CLIENTE 1 - Funciona perfeitamente.
- Código: Selecionar todos
cliente1 openvpn senha 170.70.1.1 #
- Código: Selecionar todos
client
dev tun
proto tcp-client
pull
remote xxxxxx
port 1194
resolv-retry infinite
nobind
persist-key
persist-tun
float
ca brazilfw_ca.crt
cert 3779276295d40490aab2eb.crt
key 3779276295d40490aab2eb.key
auth-user-pass
verb 3
keepalive 10 60
link-mtu 1543
ns-cert-type server
#remote-cert-tls server
cipher BF-CBC
auth SHA1
route 10.1.1.0 255.255.255.0 170.70.1.1
CLIENTE 2 - Conecta VPN porem não pinga nem no ip 170.70.1.5, em nada.
- Código: Selecionar todos
cliente2 openvpn senha 170.70.1.6 #
- Código: Selecionar todos
client
dev tun
proto tcp-client
pull
remote marfiso.ddns.net
port 1194
resolv-retry infinite
nobind
persist-key
persist-tun
float
ca brazilfw_ca.crt
cert 14475579775d3f262cbf3ee.crt
key 14475579775d3f262cbf3ee.key
auth-user-pass
verb 3
keepalive 10 60
link-mtu 1534
ns-cert-type server
cipher BF-CBC
auth SHA1
route 10.1.1.0 255.255.255.0 170.70.1.5
LOG do Cliente 2
- Código: Selecionar todos
Tue Jul 30 17:22:24 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Tue Jul 30 17:22:24 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jul 30 17:22:24 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Tue Jul 30 17:22:24 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Tue Jul 30 17:22:24 2019 Need hold release from management interface, waiting...
Tue Jul 30 17:22:24 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Tue Jul 30 17:22:25 2019 MANAGEMENT: CMD 'state on'
Tue Jul 30 17:22:25 2019 MANAGEMENT: CMD 'log all on'
Tue Jul 30 17:22:25 2019 MANAGEMENT: CMD 'echo all on'
Tue Jul 30 17:22:25 2019 MANAGEMENT: CMD 'bytecount 5'
Tue Jul 30 17:22:25 2019 MANAGEMENT: CMD 'hold off'
Tue Jul 30 17:22:25 2019 MANAGEMENT: CMD 'hold release'
Tue Jul 30 17:22:30 2019 MANAGEMENT: CMD 'username "Auth" "henrique"'
Tue Jul 30 17:22:30 2019 MANAGEMENT: CMD 'password [...]'
Tue Jul 30 17:22:30 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Tue Jul 30 17:22:30 2019 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1411)
Tue Jul 30 17:22:30 2019 MANAGEMENT: >STATE:1564518150,RESOLVE,,,,,,
Tue Jul 30 17:22:30 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]191.xxx.xxx.xxx:1194
Tue Jul 30 17:22:30 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 30 17:22:30 2019 Attempting to establish TCP connection with [AF_INET]191.xxx.xxx.xxx:1194 [nonblock]
Tue Jul 30 17:22:30 2019 MANAGEMENT: >STATE:1564518150,TCP_CONNECT,,,,,,
Tue Jul 30 17:22:31 2019 TCP connection established with [AF_INET]191.xxx.xxx.xxx:1194
Tue Jul 30 17:22:31 2019 TCP_CLIENT link local: (not bound)
Tue Jul 30 17:22:31 2019 TCP_CLIENT link remote: [AF_INET]191.xxx.xxx.xxx:1194
Tue Jul 30 17:22:31 2019 MANAGEMENT: >STATE:1564518151,WAIT,,,,,,
Tue Jul 30 17:22:31 2019 MANAGEMENT: >STATE:1564518151,AUTH,,,,,,
Tue Jul 30 17:22:31 2019 TLS: Initial packet from [AF_INET]191.xxx.xxx.xxx:1194, sid=6e71d73f f347c375
Tue Jul 30 17:22:31 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 30 17:22:32 2019 VERIFY OK: depth=1, C=BR, O=BrazilFW Firewall & Router, ST=Sao Paulo, OU=http://www.brazilfw.com.br, OU=BrazilFW Firewall & Router, CN=BrazilFW Class 3 Secure Server CA
Tue Jul 30 17:22:32 2019 VERIFY OK: nsCertType=SERVER
Tue Jul 30 17:22:32 2019 VERIFY OK: depth=0, C=BR, ST=Sao Paulo, O=BrazilFW Firewall & Router, OU=BrazilFW Firewall & Router, CN=OpenVPN - BrazilFW
Tue Jul 30 17:22:32 2019 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1534', remote='link-mtu 1543'
Tue Jul 30 17:22:32 2019 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1411', remote='tun-mtu 1500'
Tue Jul 30 17:22:32 2019 Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jul 30 17:22:32 2019 [OpenVPN - BrazilFW] Peer Connection Initiated with [AF_INET]191.xxx.xxx.xxx:1194
Tue Jul 30 17:22:33 2019 MANAGEMENT: >STATE:1564518153,GET_CONFIG,,,,,,
Tue Jul 30 17:22:33 2019 SENT CONTROL [OpenVPN - BrazilFW]: 'PUSH_REQUEST' (status=1)
Tue Jul 30 17:22:33 2019 PUSH: Received control message: 'PUSH_REPLY,route 170.70.1.1,topology net30,ping 10,ping-restart 120,ifconfig 170.70.1.6 170.70.1.5'
Tue Jul 30 17:22:33 2019 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 30 17:22:33 2019 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 30 17:22:33 2019 OPTIONS IMPORT: route options modified
Tue Jul 30 17:22:33 2019 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 30 17:22:33 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jul 30 17:22:33 2019 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 30 17:22:33 2019 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 30 17:22:33 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jul 30 17:22:33 2019 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 30 17:22:33 2019 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Tue Jul 30 17:22:33 2019 interactive service msg_channel=0
Tue Jul 30 17:22:33 2019 ROUTE_GATEWAY 10.0.11.254/255.255.255.0 I=2 HWADDR=7c:e9:d3:f6:27:d7
Tue Jul 30 17:22:33 2019 open_tun
Tue Jul 30 17:22:33 2019 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{282748F9-0738-4E19-A1DD-0B66A26CE6D1}.tap
Tue Jul 30 17:22:33 2019 TAP-Windows Driver Version 9.23
Tue Jul 30 17:22:33 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 170.70.1.6/255.255.255.252 on interface {282748F9-0738-4E19-A1DD-0B66A26CE6D1} [DHCP-serv: 170.70.1.5, lease-time: 31536000]
Tue Jul 30 17:22:33 2019 Successful ARP Flush on interface [63] {282748F9-0738-4E19-A1DD-0B66A26CE6D1}
Tue Jul 30 17:22:33 2019 MANAGEMENT: >STATE:1564518153,ASSIGN_IP,,170.70.1.6,,,,
Tue Jul 30 17:22:38 2019 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Tue Jul 30 17:22:38 2019 MANAGEMENT: >STATE:1564518158,ADD_ROUTES,,,,,,
Tue Jul 30 17:22:38 2019 C:\WINDOWS\system32\route.exe ADD 10.1.1.0 MASK 255.255.255.0 170.70.1.5
Tue Jul 30 17:22:38 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Tue Jul 30 17:22:38 2019 Route addition via IPAPI succeeded [adaptive]
Tue Jul 30 17:22:38 2019 C:\WINDOWS\system32\route.exe ADD 170.70.1.1 MASK 255.255.255.255 170.70.1.5
Tue Jul 30 17:22:38 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Tue Jul 30 17:22:38 2019 Route addition via IPAPI succeeded [adaptive]
Tue Jul 30 17:22:38 2019 Initialization Sequence Completed
Tue Jul 30 17:22:38 2019 MANAGEMENT: >STATE:1564518158,CONNECTED,SUCCESS,170.70.1.6,191.xxx.xxx.xxx,1194,10.0.11.173,59866