Erro no acesso OPENVPN [RESOLVIDO]

bitiura123
(usa Outra)

Enviado em 18/03/2020 - 11:38h

Olá, estou criando um acesso VPN a conexão funciona normal, ele conecta no serviço de VPN. consigo do servidor ver o cliente porem o cliente não ve as maquinas na rede.

Se realizo o comando no cliente ( computador cliente )

route add 192.168.2.0 mask 255.255.255.0 192.168.160.1  

pelo terminal a VPN funciona normal e consigo ver todos na rede.

estou passando o arquivo de configuração para da uma olhada se tem algo errado, para que possa ver os outros na rede sem o comando.
--------------------------------------------------------------------------------------------------------------

# Which local IP address should OpenVPN

# listen on? (optional)







multihome





# Which TCP/UDP port should OpenVPN listen on?



port 1194





# TCP or UDP server?



proto udp







# virtual device



dev tap0





# SSL/TLS root certificate (ca), certificate



# (cert), and private key (key).



ca '/var/lib/zentyal/CA/cacert.pem'





cert '/var/lib/zentyal/CA/certs/82129B3B1842D475.pem'





key '/var/lib/zentyal/CA/private/vpn-VPN-SACMA.pem'

 # This file should be kept secret



# check peer certificate against certificate revokation list



crl-verify /var/lib/zentyal/CA/crl/latest.pem





# Diffie hellman parameters.

# Generate your own with:

#   openssl dhparam -out dh1024.pem 1024

# Substitute 2048 for 1024 if you are using

# 2048 bit keys.

#dh /etc/openvpn/dh1024.pem



dh /etc/openvpn/ebox-dh1024.pem





# Configure server mode and supply a VPN subnet

# for OpenVPN to draw client addresses from.

server 192.168.160.0 255.255.255.0



# Maintain a record of client <-> virtual IP address

# associations in this file.

ifconfig-pool-persist '/etc/openvpn/VPN-SACMA-ipp.txt'





# If enabled, this directive will configure

# all clients to redirect their default

# network gateway through the VPN

;push "redirect-gateway"





# Uncomment this directive to allow different

# clients to be able to "see" each other.







# The keepalive directive causes ping-like

# messages to be sent back and forth over

keepalive 10 120





# client certificate common name authentication







# For extra security beyond that provided

# by SSL/TLS, create an "HMAC firewall"

# to help block DoS attacks and UDP port flooding.

;tls-auth ta.key 0 # This file is secret



# Select a cryptographic cipher.

# This config item must be copied to

# the client config file as well.

;cipher BF-CBC        # Blowfish (default)

;cipher AES-128-CBC   # AES

;cipher DES-EDE3-CBC  # Triple-DES



# Enable compression on the VPN link.

# If you enable it here, you must also

# enable it in the client config file.

comp-lzo



# The maximum number of concurrently connected

# clients we want to allow.

;max-clients 100



# group and user for the OpenVPN

# daemon's privileges after initialization.



user nobody





group nogroup





# The persist options will try to avoid

# accessing certain resources on restart

# that may no longer be accessible because

# of the privilege downgrade.

persist-key

persist-tun



# Output a short status file showing

# current connections, truncated

# and rewritten every minute.

status '/var/log/openvpn/status-VPN-SACMA.log'



# By default, log messages will go to the syslog (or

# on Windows, if running as a service, they will go to

# the "\Program Files\OpenVPN\log" directory).

# Use log or log-append to override this default.

# "log" will truncate the log file on OpenVPN startup,

# while "log-append" will append to it.  Use one

# or the other (but not both).

log-append  '/var/log/openvpn/VPN-SACMA.log'



# Set the appropriate level of log

# file verbosity.

#

# 0 is silent, except for fatal errors

# 4 is reasonable for general usage

# 5 and 6 can help to debug connection problems

# 9 is extremely verbose

verb 3



# Silence repeating messages.  At most 20

# sequential messages of the same message

# category will be output to the log.

;mute 20



   push "route 192.168.2.0 255.255.255.0"

 

bitiura123
(usa Outra)

Enviado em 30/03/2020 - 09:54h

Olá pessoal, passando a solução para meu problema primeiro para ver os outros na rede tive que liberar " Permite conexões de cliente pra cliente ", logo depois para mais usuários, tive que criar um certificado para cada usuário.