a vpn esta conectada, porem nao pinga e nao acessa nada. nos logs aparece isso.
openVPN_mikrotik_BAHIA / wan mikrotik: 32852 Byte de cabeçalho de descompressão do stub de compressão incorreta: 42 <https://mailtrack.io/> Enviado com Mailtrack <https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality&;> Att, *Marcel Laino* Vivo: (11) 95287-5837 [email protected] facebook.com/marcellaino <http://Facebook.com/marcellaino> youtube.com/marcellaino br.linkedin.com/in/marcellaino google.com/+MarcelLaino On Wed, Mar 14, 2018 at 3:36 PM, Marcel Laino <[email protected]> wrote: > Alguem pode ajudar com essa configuracao. a vpn esta conectada, porem as > redes nao se falam de jeito nenhum. > > segui esse cenario, porem nao vai. tentei ipsec e tb n conecta. tinha > ipsec conectado com esse mikrotik na versao 2.1.5 porem atualizei o pfsense > e nao conectou mais. > > *pfSense:* > > 1. System -> Cert Manager -> CAs > Create new CA (*vpn-tunnel-ca*). Export "CA cert" file (my-ca.crt). > > 2. System -> Cert Manager -> Certificates > Create two certificates (use CA created above) - one for the VPN Server > (vpn-tunnel) and one for the MikroTik client (mik-vpn). Export cert and key > files for client certificate (mik-vpn.crt and mik-vpn.key). > > 3. VPN -> OpenVPN -> Server > Create new VPN server: > > Server Mode: Peer to Peer (SSL/TLS) > Protocol: TCP > Device Mode: tun > Interface: ITD > Local port: 1195 > TLS Authentication: (clear checkbox, MikroTik doesn't support shared TLS > key) > Peer Certificate Authority: vpn-tunnel-ca > Server Certificate: vpn-tunnel > Encryption algorithm: BF-CBC (128-bit) > Auth Digest Algorithm: SHA1 (160-bit) > IPv4 Tunnel Network: x <http://172.20.20.0/30>.x.x.x/30 > IPv4 Local Network/s: l <http://192.168.0.0/24>an > IPv4 Remote Network/s: lan client <http://10.10.2.0/26> > Compression: No Preference > Advanced: client-to-client > > 4. VPN -> OpenVPN -> Client Specific Overrides > Create new override: > > Common name: mik-vpn > Advanced: iroute (lan client) mask > > > *MikroTik:* > > 1. Copy two certificate files and the key file to Files. Import all of > them from System/Certificates. > > 2. PPP -> Interface - create new OVPN Client: > Name: ovpn-office > Connect To: wan pfsense > Port: 1195 > Mode: ip > User: any > Certificate: mik-vpn.crt_0 > Auth: sha 1 > Cipher: blowfish 128 > Add Default Route: (do not check this) > > It works as expected - I can ping workstations from both sides of the > tunnel. > > Att, > > *Marcel Laino* > Vivo: (11) 95287-5837 > [email protected] > facebook.com/marcellaino <http://Facebook.com/marcellaino> > youtube.com/marcellaino > br.linkedin.com/in/marcellaino > google.com/+MarcelLaino > > > > > <https://mailtrack.io/> Enviado com Mailtrack > <https://mailtrack.io?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality&;> > _______________________________________________ Pfsense-pt mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/pfsense-pt
