[Pfsense-pt] openvpn server pfsense 2.4.2 x client mikrotik

Thu, 08 Mar 2018 04:20:46 -0800 

Pessoal,

montei esse cenario conforme encontrei no forum do pfsense, a vpn esta
conectada porem as redes nao se pingam. o que pode ser ?
ja fiz regra no tunel vpn liberando tudo. regra na wan permitindo o ip do
outro lado.
eu administro apenas o pfsense.

My task: site-to-site between pfSense and MikroTik:

i <http://192.168.0.0/24>p lan -> (pfSense ) -> Internet <- (MikroTik) <- i
<http://10.10.2.0/26>p lan

*pfSense:*

1. System -> Cert Manager -> CAs
Create new CA (*vpn-tunnel-ca*). Export "CA cert" file (my-ca.crt).

2. System -> Cert Manager -> Certificates
Create two certificates (use CA created above) - one for the VPN Server
(vpn-tunnel) and one for the MikroTik client (mik-vpn). Export cert and key
files for client certificate (mik-vpn.crt and mik-vpn.key).

3. VPN -> OpenVPN -> Server
Create new VPN server:

Server Mode: Peer to Peer (SSL/TLS)
Protocol: TCP
Device Mode: tun
Interface: ITD
Local port: 24100
TLS Authentication: (clear checkbox, MikroTik doesn't support shared TLS
key)
Peer Certificate Authority: vpn-tunnel-ca
Server Certificate: vpn-tunnel
Encryption algorithm: BF-CBC (128-bit)
Auth Digest Algorithm: SHA1 (160-bit)
IPv4 Tunnel Network: /2 <http://172.20.20.0/30>9
IPv4 Local Network/s: l <http://192.168.0.0/24>an pfsense
IPv4 Remote Network/s: l <http://10.10.2.0/26>an mikrotik
Compression: No Preference
Advanced: client-to-client (nao entendi essa parte e nem encontrei no
pfsense)

4. VPN -> OpenVPN -> Client Specific Overrides
Create new override:

Common name: mik-vpn
Advanced: iroute (ip lan mikrotik) 255.255.255.192


*MikroTik:*

1. Copy two certificate files and the key file to Files. Import all of them
from System/Certificates.

2. PPP -> Interface - create new OVPN Client:
Name: ovpn-office
Connect To: ip wan pfsense
Port: 24100
Mode: ip
User: any
Certificate: mik-vpn.crt_0
Auth: sha 1
Cipher: blowfish 128
Add Default Route: (do not check this)

It works as expected - I can ping workstations from both sides of the
tunnel.



Att,

*Marcel Laino*
Vivo: (11) 95287-5837
[email protected]
facebook.com/marcellaino <http://Facebook.com/marcellaino>
youtube.com/marcellaino
br.linkedin.com/in/marcellaino
google.com/+MarcelLaino



‌
<https://mailtrack.io/> Enviado com Mailtrack
<https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality&;>

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Livre
de vírus. www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>.
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
_______________________________________________
Pfsense-pt mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/pfsense-pt

Responder a