Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 38 subscribers
  • Views 4266 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN mit SSL

LennySimpsons
Hallo,

ich bekomme eine OpenVPN-Verbindung auf der UTM nicht lauffähig eingerichtet.
Auf dem Client erhalte ich immer folgende Meldung: 


2014-12-30 19:16:43 TCP connection established with [AF_INET]83.162.221.167:1194

2014-12-30 19:16:43 TCPv4_CLIENT link local: [undef]

2014-12-30 19:16:43 TCPv4_CLIENT link remote: [AF_INET]83.162.221.167:1194

2014-12-30 19:16:43 MANAGEMENT: >STATE:1419963403,WAIT,,,

2014-12-30 19:16:43 Connection reset, restarting [0]

2014-12-30 19:16:43 SIGUSR1[soft,connection-reset] received, process restarting

2014-12-30 19:16:43 MANAGEMENT: >STATE:1419963403,RECONNECTING,connection-reset,,

2014-12-30 19:16:43 MANAGEMENT: CMD 'hold release'

2014-12-30 19:16:43 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2014-12-30 19:16:43 Socket Buffers: R=[131072->65536] S=[131072->65536]

2014-12-30 19:16:43 MANAGEMENT: >STATE:1419963403,RESOLVE,,,

2014-12-30 19:16:43 Attempting to establish TCP connection with [AF_INET]83.162.221.167:1194 [nonblock]

2014-12-30 19:16:43 MANAGEMENT: >STATE:1419963403,TCP_CONNECT,,,


Ich habe auch den Haken bei Automatic Firewall rules gesetzt, allerdings sehe ich keine entsprechende Regel.

Deshalb habe ich eine zusätzliche FW-Regel erstellt:
Source: Any
Service: OpenVPN
Destinations: lan, VPNPool (SSL), wan

Die Konfiguration von Remote Access -> SSL sieht wie folgt in der openvpn.conf aus: 

astaro:/root # cat /var/chroot-openvpn/etc/openvpn/openvpn.conf

dev tun



proto tcp

local 0.0.0.0

port 1149

mark 4458



daemon

multihome

server 10.242.2.0 255.255.255.0



ccd-exclusive

duplicate-cn



cipher AES-256-CBC

auth SHA1

comp-lzo 



persist-key

persist-tun

reneg-sec 28800

keepalive 10 120

verb 6

down-pre

username-as-common-name



capath /etc/openvpn/ca.d

cert /etc/openvpn/server.crt

key /etc/openvpn/server.key

dh /etc/openvpn/dh2048.pem



client-config-dir /etc/openvpn/conf.d

status /var/run/openvpn-status.log

ifconfig-pool-persist /var/run/ipp.txt



management /var/run/openvpn_mgmt unix

management-client-user root

management-client-group root



plugin /usr/lib/openvpn/plugins/openvpn-plugin-utm.so


Jemand eine Idee?
Ich habe aktuell keine Ahnung, wo ich noch schauen kann...


This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML