Hola, llevo varios días intentado configurar openvpn en mi equipo no encuentro la forma de que funcione. Os pido ayuda para intentar hacerlo funcionar y saber lo que estoy haciendo mal.
Esta es la configuración del servidor:
port 1194
proto udp
dev tun
ca "ca.crt"
cert "gestion.crt"
key "gestion.key" # Este archivo debe mantenerse en secreto
dh "dh1024.pem"
server 192.168.20.0 255.255.255.0 #Segmento de red que tomarán los clientes remotos
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option WINS 192.168.20.1"
push "route-gateway 192.168.20.1"
client-to-client
push "route 192.168.1.0 255.255.255.0" #Segmento de la red local interna
duplicate-cn #Con esta opción no es necesario crear una llave por cada cliente
comp-lzo #Comprime los datos envíados y recibidos
max-clients 60
persist-key
persist-tun
verb 3
status openvpn-status.log
keepalive 10 120
suppress-timestamps
route-delay 10 10
Configuración del cliente:
client
proto udp
dev tun
remote 79.109.146.54 1194 #Dirección IP Pública del servidor OpenVPN
resolv-retry infinite
nobind
persist-key
persist-tun
ca "ca.crt"
cert "portatil.crt"
key "portatil.key"
comp-lzo
verb 3
Al conectar los dos conectan pero no se hacen ping entre ellos, aunque en el lado del cliente me aparece como red no identificada.
Este es el status del servidor al conectar el cliente:
79.109.146.54:65436 Re-using SSL/TLS context
79.109.146.54:65436 LZO compression initialized
79.109.146.54:65436 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
79.109.146.54:65436 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
79.109.146.54:65436 Local Options hash (VER=V4): '530fdded'
79.109.146.54:65436 Expected Remote Options hash (VER=V4): '41690919'
79.109.146.54:65436 TLS: Initial packet from 79.109.146.54:65436, sid=091fa4e1 e2638a4e
79.109.146.54:65436 VERIFY OK: depth=1, /C=ES/ST=MU/L=Murcia/O=nueva/CN=gestion/[email protected]
79.109.146.54:65436 VERIFY OK: depth=0, /C=ES/ST=MU/O=nueva/CN=portatil/[email protected]
79.109.146.54:65436 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
79.109.146.54:65436 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
79.109.146.54:65436 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
79.109.146.54:65436 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
79.109.146.54:65436 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
79.109.146.54:65436 [portatil] Peer Connection Initiated with 79.109.146.54:65436
portatil/79.109.146.54:65436 MULTI: Learn: 192.168.20.6 -> portatil/79.109.146.54:65436
portatil/79.109.146.54:65436 MULTI: primary virtual IP for portatil/79.109.146.54:65436: 192.168.20.6
portatil/79.109.146.54:65436 PUSH: Received control message: 'PUSH_REQUEST'
portatil/79.109.146.54:65436 SENT CONTROL [portatil]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option WINS 192.168.20.1,route-gateway 192.168.20.1,route 192.168.1.0 255.255.255.0,route 192.168.20.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.20.6 192.168.20.5' (status=1)
portatil/79.109.146.54:65436 TLS: soft reset sec=0 bytes=37432/0 pkts=713/0
portatil/79.109.146.54:65436 VERIFY OK: depth=1, /C=ES/ST=MU/L=Murcia/O=nueva/CN=gestion/[email protected]
portatil/79.109.146.54:65436 VERIFY OK: depth=0, /C=ES/ST=MU/O=nueva/CN=portatil/[email protected]
portatil/79.109.146.54:65436 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
portatil/79.109.146.54:65436 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
portatil/79.109.146.54:65436 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
portatil/79.109.146.54:65436 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
portatil/79.109.146.54:65436 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
portatil/79.109.146.54:65436 [portatil] Inactivity timeout (--ping-restart), restarting
portatil/79.109.146.54:65436 SIGUSR1[soft,ping-restart] received, client-instance restarting
MULTI: multi_create_instance called
79.109.146.54:37015 Re-using SSL/TLS context
79.109.146.54:37015 LZO compression initialized
79.109.146.54:37015 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
79.109.146.54:37015 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
79.109.146.54:37015 Local Options hash (VER=V4): '530fdded'
79.109.146.54:37015 Expected Remote Options hash (VER=V4): '41690919'
79.109.146.54:37015 TLS: Initial packet from 79.109.146.54:37015, sid=c6ff5ccf c45a7877
79.109.146.54:37015 VERIFY OK: depth=1, /C=ES/ST=MU/L=Murcia/O=nueva/CN=gestion/[email protected]
79.109.146.54:37015 VERIFY OK: depth=0, /C=ES/ST=MU/O=nueva/CN=portatil/[email protected]
79.109.146.54:37015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
79.109.146.54:37015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
79.109.146.54:37015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
79.109.146.54:37015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
79.109.146.54:37015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
79.109.146.54:37015 [portatil] Peer Connection Initiated with 79.109.146.54:37015
portatil/79.109.146.54:37015 MULTI: Learn: 192.168.20.6 -> portatil/79.109.146.54:37015
portatil/79.109.146.54:37015 MULTI: primary virtual IP for portatil/79.109.146.54:37015: 192.168.20.6
portatil/79.109.146.54:37015 PUSH: Received control message: 'PUSH_REQUEST'
portatil/79.109.146.54:37015 SENT CONTROL [portatil]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option WINS 192.168.20.1,route-gateway 192.168.20.1,route 192.168.1.0 255.255.255.0,route 192.168.20.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 192.168.20.6 192.168.20.5' (status=1)
Perdonen la gran cantidad de información que he publicado, pero así vamos vas directos al problema teniendo casi toda la información para aquella persona que decida echarme un mano, gracias y un saludo.