Erro no acesso OPENVPN [RESOLVIDO]

1. Erro no acesso OPENVPN [RESOLVIDO]

Luciano Luiz Romero
bitiura123

(usa Outra)

Enviado em 18/03/2020 - 11:38h

Olá, estou criando um acesso VPN a conexão funciona normal, ele conecta no serviço de VPN. consigo do servidor ver o cliente porem o cliente não ve as maquinas na rede.

Se realizo o comando no cliente ( computador cliente )
route add 192.168.2.0 mask 255.255.255.0 192.168.160.1  
pelo terminal a VPN funciona normal e consigo ver todos na rede.

estou passando o arquivo de configuração para da uma olhada se tem algo errado, para que possa ver os outros na rede sem o comando.
--------------------------------------------------------------------------------------------------------------






# Which local IP address should OpenVPN
# listen on? (optional)



multihome


# Which TCP/UDP port should OpenVPN listen on?

port 1194


# TCP or UDP server?

proto udp



# virtual device

dev tap0


# SSL/TLS root certificate (ca), certificate

# (cert), and private key (key).

ca '/var/lib/zentyal/CA/cacert.pem'


cert '/var/lib/zentyal/CA/certs/82129B3B1842D475.pem'


key '/var/lib/zentyal/CA/private/vpn-VPN-SACMA.pem'
# This file should be kept secret

# check peer certificate against certificate revokation list

crl-verify /var/lib/zentyal/CA/crl/latest.pem


# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
#dh /etc/openvpn/dh1024.pem

dh /etc/openvpn/ebox-dh1024.pem


# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
server 192.168.160.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.
ifconfig-pool-persist '/etc/openvpn/VPN-SACMA-ipp.txt'


# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN
;push "redirect-gateway"


# Uncomment this directive to allow different
# clients to be able to "see" each other.



# The keepalive directive causes ping-like
# messages to be sent back and forth over
keepalive 10 120


# client certificate common name authentication



# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
;tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# group and user for the OpenVPN
# daemon's privileges after initialization.

user nobody


group nogroup


# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status '/var/log/openvpn/status-VPN-SACMA.log'

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log-append '/var/log/openvpn/VPN-SACMA.log'

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

push "route 192.168.2.0 255.255.255.0"



  


2. Solução

Luciano Luiz Romero
bitiura123

(usa Outra)

Enviado em 30/03/2020 - 09:54h

Olá pessoal, passando a solução para meu problema primeiro para ver os outros na rede tive que liberar " Permite conexões de cliente pra cliente ", logo depois para mais usuários, tive que criar um certificado para cada usuário.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts