Xaint
Dabbler
- Joined
- Jan 17, 2018
- Messages
- 10
Hi,
Recently I use this guide to install OpenVPN insiede a jail --> https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/
I don't see why I can't connect from my PC to my VPN. Could you help me please?
My setup:
Modem: 192.168.1.254
FreeNAS: 192.168.1.70
OpenVPN Jail: 192.168.1.69
My PC: 192.168.1.65
My openvpn.conf file
My ipfw.rules file
My client config for OpenVPN
---------------------------------------------------------------------------
If I check
and
------------------------------------------------------------------------------
My Router fw
And my OpenVPN log error:
---------------------------------------------------------------------------------
If you have some ideas... please help me :)
Recently I use this guide to install OpenVPN insiede a jail --> https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/
I don't see why I can't connect from my PC to my VPN. Could you help me please?
My setup:
Modem: 192.168.1.254
FreeNAS: 192.168.1.70
OpenVPN Jail: 192.168.1.69
My PC: 192.168.1.65
My openvpn.conf file
Code:
port 10011 proto udp dev tun ca ca.crt cert openvpn-server.crt #Server public key key openvpn-server.key #Server private key dh dh.pem #Diffie-Hellman parameters server 172.16.8.0 255.255.255.0 #Purple network ifconfig-pool-persist ipp.txt push "route 192.168.1.0 255.255.255.0" #Yellow network tls-auth ta.key 0 #crl-verify crl.pem keepalive 10 120 cipher AES-256-CBC auth SHA256 group nobody user nobody comp-lzo persist-key persist-tun verb 3
My ipfw.rules file
Code:
!/bin/sh EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair) ipfw -q -f flush ipfw -q nat 1 config if ${EPAIR} ipfw -q add nat 1 all from 172.16.8.0/24 to any out via ${EPAIR} ipfw -q add nat 1 all from any to any in via ${EPAIR} TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun) ifconfig ${TUN} name tun0
My client config for OpenVPN
Code:
client dev tun proto udp remote 2.xxx.xx.xxx 443 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert myname.crt key myname.key remote-cert-tls server cipher AES-256-CBC tls-auth ta.key 1 dhcp-option DNS 192.168.1.254 redirect-gateway def1 comp-lzo verb 3
---------------------------------------------------------------------------
If I check
ipfw list
Code:
00100 nat 1 ip from 172.16.8.0/24 to any out via epair0b 00200 nat 1 ip from any to any in via epair0b 65535 allow ip from any to any
and
sockstat -4 -l
Code:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS nobody openvpn 54714 6 udp46 *:10011 *:* root syslogd 54675 7 udp4 *:514 *:*
ps aux
Code:
root 53571 0.0 0.0 10592 1832 - IsJ 16:22 0:00.00 dhclient: epair0b [priv] (dhclient) _dhcp 53636 0.0 0.0 10592 1872 - IsJ 16:22 0:00.00 dhclient: epair0b (dhclient) root 54675 0.0 0.0 10472 1880 - IsJ 16:22 0:00.01 /usr/sbin/syslogd -s nobody 54714 0.0 0.0 20412 4052 - SsJ 16:22 0:00.01 /usr/local/sbin/openvpn --cd /mnt/keys --daemon openvpn --config /mnt/keys/openvpn.conf --writepid /var/run/openvpn.pid root 54746 0.0 0.0 12564 1792 - IsJ 16:22 0:00.00 /usr/sbin/cron -s root 56138 0.0 0.0 13972 2892 0 SJ 16:54 0:00.01 bash root 57792 0.0 0.0 21244 1964 0 R+J 17:26 0:00.00 ps aux
------------------------------------------------------------------------------
My Router fw
And my OpenVPN log error:
Code:
Thu Feb 01 17:03:48 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 01 17:03:48 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Feb 01 17:03:48 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]2.xxx.xx.xxx:443 Thu Feb 01 17:03:48 2018 Socket Buffers: R=[65536->65536] S=[65536->65536] Thu Feb 01 17:03:48 2018 UDP link local: (not bound) Thu Feb 01 17:03:48 2018 UDP link remote: [AF_INET]2.xxx.xx.xxx:443 Thu Feb 01 17:03:48 2018 MANAGEMENT: >STATE:1517501028,WAIT,,,,,, Thu Feb 01 17:04:48 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Feb 01 17:04:48 2018 TLS Error: TLS handshake failed Thu Feb 01 17:04:48 2018 SIGUSR1[soft,tls-error] received, process restarting
---------------------------------------------------------------------------------
If you have some ideas... please help me :)
Last edited by a moderator: