Ajuda conexão VPN

juliansoares
(usa Debian)

Enviado em 17/02/2014 - 10:21h

Bom dia,

tenho um servidor com openvpn aqui na empresa, acontece que gerei todos os script tudo certo e não to conseguindo acessar.

já tenho 3 VPN configurado, essa seria a 4° e so ela que não sobe, gerei os certificados ca.crt server.crt dh e o key do client

ao me conectar na VPN me deparo com isso no meu log :

Feb 17 10:18:37 localhost nm-openvpn[10112]: OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Feb 17 10:18:37 localhost nm-openvpn[10112]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Feb 17 10:18:37 localhost nm-openvpn[10112]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 17 10:18:37 localhost nm-openvpn[10112]: LZO compression initialized
Feb 17 10:18:37 localhost nm-openvpn[10112]: Attempting to establish TCP connection with [AF_INET]XXXXXXXXXXXX:1199 [nonblock]
Feb 17 10:18:38 localhost nm-openvpn[10112]: TCP connection established with [AF_INET]XXXXXXXX:1199
Feb 17 10:18:38 localhost nm-openvpn[10112]: TCPv4_CLIENT link local: [undef]
Feb 17 10:18:38 localhost nm-openvpn[10112]: TCPv4_CLIENT link remote: [AF_INET]IPXXXXXXXX:1199
Feb 17 10:18:45 localhost nm-openvpn[10112]: Connection reset, restarting [0]
Feb 17 10:18:45 localhost nm-openvpn[10112]: SIGUSR1[soft,connection-reset] received, process restarting
Feb 17 10:18:50 localhost nm-openvpn[10112]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Feb 17 10:18:50 localhost nm-openvpn[10112]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 17 10:18:50 localhost nm-openvpn[10112]: Re-using SSL/TLS context
Feb 17 10:18:50 localhost nm-openvpn[10112]: LZO compression initialized
Feb 17 10:18:50 localhost nm-openvpn[10112]: Attempting to establish TCP connection with [AF_INET]XXXXXXXXXXXX:1199 [nonblock]
Feb 17 10:18:51 localhost nm-openvpn[10112]: TCP: connect to [AF_INET]XXXXXXXXXXX:1199 failed, will try again in 5 seconds: Connection refused
Feb 17 10:18:57 localhost nm-openvpn[10112]: TCP: connect to [AF_INET]XXXXXXXXXX:1199 failed, will trytry again in 5 seconds: Connection refused
Feb 17 10:19:17 localhost NetworkManager[26359]: <warn> VPN connection 'teste' (IP Config Get) timeout exceeded.



Alguem já pegou este erro.

wba_amaral
(usa Kurumin)

Enviado em 17/02/2014 - 12:57h

Ola,

Não vi seu conf, entretanto, tive problemas assim quando fui subir vpn com script de roteamento, veja um pedaço da configuração, o ponto que tive que incluir foi o script-security:

port 5152

proto udp



script-security 3



comp-lzo

cipher AES-256-CBC



ping 2

verb 3



persist-tun

persist-key



up /etc/openvpn/rota_filial.up



status /var/log/vpn-service_status.log

log /var/log/vpn-service.log

log-append /var/log/vpn-service.log



tun-mtu 1500

fragment 1300

mssfix



 

Documentação original:
https://openvpn.net/index.php/access-server/docs/admin-guides-sp-859543150/howto-administration/401-...
https://forums.openvpn.net/topic10809.html


Valeu, caso poste o conf podemos analisa-lo em conjunto e ver se chegamos ao ponto causador dos problemas.

juliansoares
(usa Debian)

Enviado em 17/02/2014 - 13:35h

Resolvido,

permissão na pasta 'keys' ele não estava lendo o arquivo ca.crt nem server.crt