danny2001k
Cadet
- Joined
- Aug 23, 2017
- Messages
- 3
Hello guys, I tried to install OpenVPN using the tutorial here: https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/
I did it 2 times already but can't get it to work.
My setup is:
Router: 192.168.0.1
OpenVPN jail IP: 192.168.0.4
NAT 172.16.8.0/24
Port 443 FW from public address to 192.168.0.4 443
Error from cat /var/log/messages
files:
openvpn.conf
client opvn:
ps aux:
sockstat -4 -l
ipfw list
I did it 2 times already but can't get it to work.
My setup is:
Router: 192.168.0.1
OpenVPN jail IP: 192.168.0.4
NAT 172.16.8.0/24
Port 443 FW from public address to 192.168.0.4 443
Error from cat /var/log/messages
Aug 23 12:24:10 vpn openvpn[7893]: WARNING: file 'ta.key' is group or others accessible
Aug 23 12:24:10 vpn openvpn[7893]: OpenVPN 2.4.3 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Aug 22 2017
Aug 23 12:24:10 vpn openvpn[7893]: library versions: OpenSSL 1.0.2j-freebsd 26 Sep 2016, LZO 2.10
Aug 23 12:24:10 vpn openvpn[8018]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Aug 23 12:24:10 vpn openvpn[8018]: Diffie-Hellman initialized with 2048 bit key
Aug 23 12:24:10 vpn openvpn[8018]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 23 12:24:10 vpn openvpn[8018]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Aug 23 12:24:10 vpn openvpn[8018]: ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=epair2b HWADDR=5a:75:3a:0b:ce:11
Aug 23 12:24:10 vpn openvpn[8018]: TUN/TAP device /dev/tun0 opened
Aug 23 12:24:10 vpn openvpn[8018]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 23 12:24:10 vpn openvpn[8018]: /sbin/ifconfig tun0 172.16.8.1 172.16.8.2 mtu 1500 netmask 255.255.255.255 up
Aug 23 12:24:10 vpn openvpn[8018]: /sbin/route add -net 172.16.8.0 172.16.8.2 255.255.255.0
Aug 23 12:24:10 vpn openvpn[8018]: Could not determine IPv4/IPv6 protocol. Using AF_INET6
Aug 23 12:24:10 vpn openvpn[8018]: Socket Buffers: R=[42080->42080] S=[9216->9216]
Aug 23 12:24:10 vpn openvpn[8018]: setsockopt(IPV6_V6ONLY=0)
Aug 23 12:24:10 vpn openvpn[8018]: UDPv6 link local (bound): [AF_INET6][undef]:443
Aug 23 12:24:10 vpn openvpn[8018]: UDPv6 link remote: [AF_UNSPEC]
Aug 23 12:24:10 vpn openvpn[8018]: GID set to nobody
Aug 23 12:24:10 vpn openvpn[8018]: UID set to nobody
Aug 23 12:24:10 vpn openvpn[8018]: MULTI: multi_init called, r=256 v=256
Aug 23 12:24:10 vpn openvpn[8018]: IFCONFIG POOL: base=172.16.8.4 size=62, ipv6=0
Aug 23 12:24:10 vpn openvpn[8018]: IFCONFIG POOL LIST
Aug 23 12:24:10 vpn openvpn[8018]: Initialization Sequence Completed
Aug 23 12:27:04 vpn openvpn[8018]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:192.168.0.1:61799
Aug 23 12:27:35 vpn last message repeated 4 times
files:
openvpn.conf
Code:
port 443 proto udp dev tun ca ca.crt cert openvpn-server.crt #Server public key key openvpn-server.key #Server private key dh dh.pem #Diffie-Hellman parameters server 172.16.8.0 255.255.255.0 #Purple network ifconfig-pool-persist ipp.txt push "route 192.168.0.0 255.255.255.0" #Yellow network tls-auth ta.key 0 #crl-verify crl.pem keepalive 10 120 cipher AES-256-CBC auth SHA256 group nobody user nobody comp-lzo persist-key persist-tun verb 3
client opvn:
Code:
client dev tun proto udp remote myddns.com 443 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert danny.vpn.crt key danny.vpn.key remote-cert-tls server cipher AES-256-CBC tls-auth ta.key 1 #dhcp-option DNS 0.0.0.0 #redirect-gateway def1 comp-lzo verb 3
ps aux:
SER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 11593 0.0 0.0 10472 1888 - SsJ 12:37 0:00.01 /usr/sbin/syslogd -s
nobody 11632 0.0 0.1 20392 4176 - SsJ 12:37 0:00.02 /usr/local/sbin/openvpn --cd /mnt/keys --daemon openvpn --config /mnt/keys/openvpn.conf
root 11664 0.0 0.0 12564 1804 - SsJ 12:37 0:00.00 /usr/sbin/cron -s
root 11706 0.0 0.0 19676 3024 0 SJ 12:37 0:00.02 tcsh
root 13110 0.0 0.0 21244 1948 0 R+J 13:03 0:00.00 ps aux
sockstat -4 -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
nobody openvpn 11632 6 udp46 *:443 *:*
root syslogd 11593 7 udp4 *:514 *:*
ipfw list
00100 nat 1 ip from 172.16.8.0/24 to any out via epair2b
00200 nat 1 ip from any to any in via epair2b
65535 allow ip from any to any