juliansoares
(usa Debian)
Enviado em 19/01/2012 - 20:20h
phrich escreveu:
Bom cara, como vc está usando tudo no mesmo host, basta vc criar as regras de INPUT e OUTPUT:
Primeiro adiciona essas linhas aqui:
# Cria a ida e a volta dos pacotes leia mais sobre o módulo state ok?
iptables -A INPUT -m state --state RELATED,ESTABLISHED, -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED, -j ACCEPT
# Aceita a porta
iptables -A INPUT -p tcp --dport PORTA -j ACCEPT
# libera todo o tráfego de saída do seu firewall.
iptables -A OUTPUT -j ACCEPT
Testa ai e avisa agent ok?
coloquei as suas e as minhas regras e nada, aparece isso no log do servidor :
Thu Jan 19 20:09:35 2012 Re-using SSL/TLS context
Thu Jan 19 20:09:35 2012 LZO compression initialized
Thu Jan 19 20:09:35 2012 TCP connection established with [AF_INET]10.0.0.60:43583
Thu Jan 19 20:09:35 2012 TCPv4_SERVER link local: [undef]
Thu Jan 19 20:09:35 2012 TCPv4_SERVER link remote: [AF_INET]10.0.0.60:43583
Thu Jan 19 20:09:36 2012 10.0.0.60:43583 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]10.0.0.60:43583
Thu Jan 19 20:09:36 2012 10.0.0.60:43583 Fatal TLS error (check_tls_errors_co), restarting
Thu Jan 19 20:09:41 2012 Re-using SSL/TLS context
Thu Jan 19 20:09:41 2012 LZO compression initialized
Thu Jan 19 20:09:41 2012 TCP connection established with [AF_INET]10.0.0.60:43585
Thu Jan 19 20:09:41 2012 TCPv4_SERVER link local: [undef]
Thu Jan 19 20:09:41 2012 TCPv4_SERVER link remote: [AF_INET]10.0.0.60:43585
Thu Jan 19 20:09:42 2012 10.0.0.60:43585 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]10.0.0.2:43585
Thu Jan 19 20:09:42 2012 10.0.0.60:43585 Fatal TLS error (check_tls_errors_co), restarting
Thu Jan 19 20:09:47 2012 Re-using SSL/TLS context
Thu Jan 19 20:09:47 2012 LZO compression initialized
Thu Jan 19 20:09:47 2012 TCP connection established with [AF_INET]10.0.0.60:43586
Thu Jan 19 20:09:47 2012 TCPv4_SERVER link local: [undef]
Thu Jan 19 20:09:47 2012 TCPv4_SERVER link remote: [AF_INET]10.0.0.60:43586
Thu Jan 19 20:09:48 2012 10.0.0.2:43586 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]10.0.0.60:43586
Thu Jan 19 20:09:48 2012 10.0.0.60:43586 Fatal TLS error (check_tls_errors_co), restarting
syslog do meu notebook , tentando conectar na VPN , fora da redelocal .
Jan 20 08:32:07 zeus nm-openvpn[12688]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 20 08:32:12 zeus nm-openvpn[12688]: WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Jan 20 08:32:12 zeus nm-openvpn[12688]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 20 08:32:12 zeus nm-openvpn[12688]: Re-using SSL/TLS context
Jan 20 08:32:12 zeus nm-openvpn[12688]: LZO compression initialized
Jan 20 08:32:12 zeus nm-openvpn[12688]: Attempting to establish TCP connection with [AF_INET]201.53.XXXXXX:1194 [nonblock]
Jan 20 08:32:13 zeus nm-openvpn[12688]: TCP connection established with [AF_INET]201.53.XXXXX:1194
Jan 20 08:32:13 zeus nm-openvpn[12688]: TCPv4_CLIENT link local: [undef]
Jan 20 08:32:13 zeus nm-openvpn[12688]: TCPv4_CLIENT link remote: [AF_INET]201.53.XXXX:1194
Jan 20 08:32:13 zeus nm-openvpn[12688]: Connection reset, restarting [0]
Jan 20 08:32:13 zeus nm-openvpn[12688]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 20 08:32:18 zeus nm-openvpn[12688]: WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Jan 20 08:32:18 zeus nm-openvpn[12688]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 20 08:32:18 zeus nm-openvpn[12688]: Re-using SSL/TLS context
Jan 20 08:32:18 zeus nm-openvpn[12688]: LZO compression initialized
Jan 20 08:32:18 zeus nm-openvpn[12688]: Attempting to establish TCP connection with [AF_INET]201.53.XXXX:1194 [nonblock]
Jan 20 08:32:19 zeus nm-openvpn[12688]: TCP connection established with [AF_INET]201.53.XXXX:1194
Jan 20 08:32:19 zeus nm-openvpn[12688]: TCPv4_CLIENT link local: [undef]
Jan 20 08:32:19 zeus nm-openvpn[12688]: TCPv4_CLIENT link remote: [AF_INET]201.53.XXXX:1194
Jan 20 08:32:19 zeus nm-openvpn[12688]: Connection reset, restarting [0]
Jan 20 08:32:19 zeus nm-openvpn[12688]: SIGUSR1[soft,connection-reset] received, process restarting
Jan 20 08:32:22 zeus NetworkManager[4833]: <warn> VPN connection 'Server Home' (IP Config Get) timeout exceeded.
Jan 20 08:32:22 zeus nm-openvpn[12688]: SIGTERM[hard,init_instance] received, process exiting