[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Problem with tls-auth by common name



hi,

I'm running a OpenVpn server in 2.0.5 version and i've a problem when
i'm using ccd-exclusive and client-config-dir.

Server seem don't find client config file but this file exist with all
right for openvpn user :
ls -l /opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx
-rwxrwxrwx  1 openvpn users 77 Apr  5 09:06
/opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx

Without "ccd-exclusive" option, openvpn accept client connexion but
don't push client config.

If anybody have a suggestion ?

Thank in advance.
Jean-Paul.

See below :
===========
Server Config :
---------------
local <server_ip_address>
proto udp
port 1194
dev tun
tls-server
ca /opt/openvpn/etc/keys/ca.crt
cert /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.crt
key /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.key
dh /opt/openvpn/etc/keys/dh1024.pem
server 192.168.213.0 255.255.255.0
ccd-exclusive
client-config-dir /opt/openvpn/ccd
keepalive 10 120
tls-auth /opt/openvpn/etc/keys/ta.key 0
comp-lzo
max-clients 15
user openvpn
group users
status /opt/openvpn/logs/openvpn-status.log
log         /opt/openvpn/logs/openvpn.log
log-append  /opt/openvpn/logs/openvpn.log
verb 4


Client Config :
---------------
client
pull
dev tun
proto udp
remote <public_server_name> 1194
resolv-retry infinite
tls-client
ca ca.crt
cert Jean-Paul.Chapalain@xxxxxxxxxxx
key Jean-Paul.Chapalain@xxxxxxxxxxx
tls-auth ta.key 1
comp-lzo
verb 3

Server log :
------------
Wed Apr  5 09:17:19 2006 us=770758 82.127.81.77:1194 TLS: Initial packet
from 82.127.81.77:1194, sid=1a7215eb 3a442cb9
Wed Apr  5 09:17:21 2006 us=324378 82.127.81.77:1194 VERIFY OK: depth=1,
/C=FR/ST=BZH/L=BREST/O=Gicm/CN=CA-OpenVPN-Gicm/emailAddress=noc@xxxxxxxx
Wed Apr  5 09:17:21 2006 us=324810 82.127.81.77:1194 VERIFY OK: depth=0,
/C=FR/ST=BZH/O=Gicm/CN=Jean-Paul.Chapalain@xxxxxxx/emailAddress=noc@xxxxxxxx
Wed Apr  5 09:17:21 2006 us=512265 82.127.81.77:1194 TLS Auth Error:
--client-config-dir authentication failed for common name
'Jean-Paul.Chapalain@xxxxxxx'
file='/opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx'
Wed Apr  5 09:17:21 2006 us=665209 82.127.81.77:1194 Control Channel:
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Apr  5 09:17:21 2006 us=665271 82.127.81.77:1194
[Jean-Paul.Chapalain@xxxxxxx] Peer Connection Initiated with
82.127.81.77:1194
Wed Apr  5 09:17:22 2006 us=932927 82.127.81.77:1194 PUSH: Received
control message: 'PUSH_REQUEST'
Wed Apr  5 09:17:22 2006 us=933043 82.127.81.77:1194 SENT CONTROL
[Jean-Paul.Chapalain@xxxxxxx]: 'AUTH_FAILED' (status=1)
Wed Apr  5 09:17:22 2006 us=933072 82.127.81.77:1194 Delayed exit in 5
seconds
Wed Apr  5 09:17:27 2006 us=16277 82.127.81.77:1194
SIGTERM[soft,delayed-exit] received, client-instance exiting

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature