[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Problem with tls-auth by common name


I'm running a OpenVpn server in 2.0.5 version and i've a problem when
i'm using ccd-exclusive and client-config-dir.

Server seem don't find client config file but this file exist with all
right for openvpn user :
ls -l /opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx
-rwxrwxrwx  1 openvpn users 77 Apr  5 09:06

Without "ccd-exclusive" option, openvpn accept client connexion but
don't push client config.

If anybody have a suggestion ?

Thank in advance.

See below :
Server Config :
local <server_ip_address>
proto udp
port 1194
dev tun
ca /opt/openvpn/etc/keys/ca.crt
cert /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.crt
key /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.key
dh /opt/openvpn/etc/keys/dh1024.pem
client-config-dir /opt/openvpn/ccd
keepalive 10 120
tls-auth /opt/openvpn/etc/keys/ta.key 0
max-clients 15
user openvpn
group users
status /opt/openvpn/logs/openvpn-status.log
log         /opt/openvpn/logs/openvpn.log
log-append  /opt/openvpn/logs/openvpn.log
verb 4

Client Config :
dev tun
proto udp
remote <public_server_name> 1194
resolv-retry infinite
ca ca.crt
cert Jean-Paul.Chapalain@xxxxxxxxxxx
key Jean-Paul.Chapalain@xxxxxxxxxxx
tls-auth ta.key 1
verb 3

Server log :
Wed Apr  5 09:17:19 2006 us=770758 TLS: Initial packet
from, sid=1a7215eb 3a442cb9
Wed Apr  5 09:17:21 2006 us=324378 VERIFY OK: depth=1,
Wed Apr  5 09:17:21 2006 us=324810 VERIFY OK: depth=0,
Wed Apr  5 09:17:21 2006 us=512265 TLS Auth Error:
--client-config-dir authentication failed for common name
Wed Apr  5 09:17:21 2006 us=665209 Control Channel:
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Apr  5 09:17:21 2006 us=665271
[Jean-Paul.Chapalain@xxxxxxx] Peer Connection Initiated with
Wed Apr  5 09:17:22 2006 us=932927 PUSH: Received
control message: 'PUSH_REQUEST'
Wed Apr  5 09:17:22 2006 us=933043 SENT CONTROL
[Jean-Paul.Chapalain@xxxxxxx]: 'AUTH_FAILED' (status=1)
Wed Apr  5 09:17:22 2006 us=933072 Delayed exit in 5
Wed Apr  5 09:17:27 2006 us=16277
SIGTERM[soft,delayed-exit] received, client-instance exiting

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature