VPN não conecta externo

1. VPN não conecta externo

clovisvellardo
(usa Fedora)

Enviado em 19/10/2017 - 09:45h

Olá bom dia pessoal

Estou com um problema aqui faz uns dias, preciso configurar uma VPN, bom até ai tranquilo, estou usando o openvpn, consigo conecta internamente, mais externamente não consigo
ETH0 10.26.1.1 rede interna
ETH1 192.168.0.1 internet

servidor.conf
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
#ca ca.crt
#cert server.crt
#key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 10.26.1.0 255.255.255.0"
;push "route 10.26.2.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-to-client
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
;max-clients 100
;user nobody
;group nogroup
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 3
;mute 20

Tentei liberar a porta no Firewall

adicionei as seguintes regras
iptables -t filter -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t filter -A FORWARD -p udp -s 10.26.1.0/24 --dport 1194 -j ACCEPT
iptables -t filter -A FORWARD -p udp -d 10.26.1.0/24 --sport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.26.1.0/24 -d 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -d 10.26.1.0/24 -s 10.8.0.0/24 -j ACCEPT
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE

O log do openvpn do windows da os seguintes erros
Thu Oct 19 09:43:32 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Oct 19 09:43:32 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Oct 19 09:43:32 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Oct 19 09:43:32 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Oct 19 09:43:32 2017 Need hold release from management interface, waiting...
Thu Oct 19 09:43:32 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Oct 19 09:43:32 2017 MANAGEMENT: CMD 'state on'
Thu Oct 19 09:43:32 2017 MANAGEMENT: CMD 'log all on'
Thu Oct 19 09:43:32 2017 MANAGEMENT: CMD 'echo all on'
Thu Oct 19 09:43:32 2017 MANAGEMENT: CMD 'hold off'
Thu Oct 19 09:43:32 2017 MANAGEMENT: CMD 'hold release'
Thu Oct 19 09:43:34 2017 MANAGEMENT: CMD 'username "Auth" "root"'
Thu Oct 19 09:43:34 2017 MANAGEMENT: CMD 'password [...]'
Thu Oct 19 09:43:34 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Oct 19 09:43:34 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]187.74.222.118:1194
Thu Oct 19 09:43:34 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Oct 19 09:43:34 2017 UDP link local (bound): [AF_INET][undef]:1194
Thu Oct 19 09:43:34 2017 UDP link remote: [AF_INET]187.74.222.118:1194
Thu Oct 19 09:43:34 2017 MANAGEMENT: >STATE:1508413414,WAIT,,,,,,
Thu Oct 19 09:43:34 2017 TLS Error: client->client or server->server connection attempted from [AF_INET]187.74.222.118:1194
Thu Oct 19 09:43:36 2017 TLS Error: client->client or server->server connection attempted from [AF_INET]187.74.222.118:1194
Thu Oct 19 09:43:40 2017 TLS Error: client->client or server->server connection attempted from [AF_INET]187.74.222.118:1194
Thu Oct 19 09:43:48 2017 TLS Error: client->client or server->server connection attempted from [AF_INET]187.74.222.118:1194

Lembrando que esse IP é dinamico, então por enquanto estou tendo que mudar o arquivo client
Obrigado pela atenção...

0 0

Quote