|
|
Hi,
I've found solution. Daemon running with chroot on /opt/openvpn.
I've changed server config like that :
# use relative path for client config directory
client-config-dir /ccd
Sorry,
Jean-Paul.
> hi,
>
> I'm running a OpenVpn server in 2.0.5 version and i've a problem when
> i'm using ccd-exclusive and client-config-dir.
>
> Server seem don't find client config file but this file exist with all
> right for openvpn user :
> ls -l /opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx
> -rwxrwxrwx 1 openvpn users 77 Apr 5 09:06
> /opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx
>
> Without "ccd-exclusive" option, openvpn accept client connexion but
> don't push client config.
>
> If anybody have a suggestion ?
>
> Thank in advance.
> Jean-Paul.
>
> See below :
> ===========
> Server Config :
> ---------------
> local <server_ip_address>
> proto udp
> port 1194
> dev tun
> tls-server
> ca /opt/openvpn/etc/keys/ca.crt
> cert /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.crt
> key /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.key
> dh /opt/openvpn/etc/keys/dh1024.pem
> server 192.168.213.0 255.255.255.0
> ccd-exclusive
> client-config-dir /opt/openvpn/ccd
> keepalive 10 120
> tls-auth /opt/openvpn/etc/keys/ta.key 0
> comp-lzo
> max-clients 15
> user openvpn
> group users
> status /opt/openvpn/logs/openvpn-status.log
> log /opt/openvpn/logs/openvpn.log
> log-append /opt/openvpn/logs/openvpn.log
> verb 4
>
>
> Client Config :
> ---------------
> client
> pull
> dev tun
> proto udp
> remote <public_server_name> 1194
> resolv-retry infinite
> tls-client
> ca ca.crt
> cert Jean-Paul.Chapalain@xxxxxxxxxxx
> key Jean-Paul.Chapalain@xxxxxxxxxxx
> tls-auth ta.key 1
> comp-lzo
> verb 3
>
> Server log :
> ------------
> Wed Apr 5 09:17:19 2006 us=770758 82.127.81.77:1194 TLS: Initial packet
> from 82.127.81.77:1194, sid=1a7215eb 3a442cb9
> Wed Apr 5 09:17:21 2006 us=324378 82.127.81.77:1194 VERIFY OK: depth=1,
> /C=FR/ST=BZH/L=BREST/O=Gicm/CN=CA-OpenVPN-Gicm/emailAddress=noc@xxxxxxxx
> Wed Apr 5 09:17:21 2006 us=324810 82.127.81.77:1194 VERIFY OK: depth=0,
> /C=FR/ST=BZH/O=Gicm/CN=Jean-Paul.Chapalain@xxxxxxx/emailAddress=noc@xxxxxxxx
> Wed Apr 5 09:17:21 2006 us=512265 82.127.81.77:1194 TLS Auth Error:
> --client-config-dir authentication failed for common name
> 'Jean-Paul.Chapalain@xxxxxxx'
> file='/opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx'
> Wed Apr 5 09:17:21 2006 us=665209 82.127.81.77:1194 Control Channel:
> TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Apr 5 09:17:21 2006 us=665271 82.127.81.77:1194
> [Jean-Paul.Chapalain@xxxxxxx] Peer Connection Initiated with
> 82.127.81.77:1194
> Wed Apr 5 09:17:22 2006 us=932927 82.127.81.77:1194 PUSH: Received
> control message: 'PUSH_REQUEST'
> Wed Apr 5 09:17:22 2006 us=933043 82.127.81.77:1194 SENT CONTROL
> [Jean-Paul.Chapalain@xxxxxxx]: 'AUTH_FAILED' (status=1)
> Wed Apr 5 09:17:22 2006 us=933072 82.127.81.77:1194 Delayed exit in 5
> seconds
> Wed Apr 5 09:17:27 2006 us=16277 82.127.81.77:1194
> SIGTERM[soft,delayed-exit] received, client-instance exiting
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00083.html on line 271
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00083.html on line 271
|