[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Problem with tls-auth by common name



Hi,

I've found solution. Daemon running with chroot on /opt/openvpn.
I've changed server config like that :
 # use relative path for client config directory
 client-config-dir /ccd

Sorry,
Jean-Paul.


> hi,
> 
> I'm running a OpenVpn server in 2.0.5 version and i've a problem when
> i'm using ccd-exclusive and client-config-dir.
> 
> Server seem don't find client config file but this file exist with all
> right for openvpn user :
> ls -l /opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx
> -rwxrwxrwx  1 openvpn users 77 Apr  5 09:06
> /opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx
> 
> Without "ccd-exclusive" option, openvpn accept client connexion but
> don't push client config.
> 
> If anybody have a suggestion ?
> 
> Thank in advance.
> Jean-Paul.
> 
> See below :
> ===========
> Server Config :
> ---------------
> local <server_ip_address>
> proto udp
> port 1194
> dev tun
> tls-server
> ca /opt/openvpn/etc/keys/ca.crt
> cert /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.crt
> key /opt/openvpn/etc/keys/vpntux-1-a.gicm.net.key
> dh /opt/openvpn/etc/keys/dh1024.pem
> server 192.168.213.0 255.255.255.0
> ccd-exclusive
> client-config-dir /opt/openvpn/ccd
> keepalive 10 120
> tls-auth /opt/openvpn/etc/keys/ta.key 0
> comp-lzo
> max-clients 15
> user openvpn
> group users
> status /opt/openvpn/logs/openvpn-status.log
> log         /opt/openvpn/logs/openvpn.log
> log-append  /opt/openvpn/logs/openvpn.log
> verb 4
> 
> 
> Client Config :
> ---------------
> client
> pull
> dev tun
> proto udp
> remote <public_server_name> 1194
> resolv-retry infinite
> tls-client
> ca ca.crt
> cert Jean-Paul.Chapalain@xxxxxxxxxxx
> key Jean-Paul.Chapalain@xxxxxxxxxxx
> tls-auth ta.key 1
> comp-lzo
> verb 3
> 
> Server log :
> ------------
> Wed Apr  5 09:17:19 2006 us=770758 82.127.81.77:1194 TLS: Initial packet
> from 82.127.81.77:1194, sid=1a7215eb 3a442cb9
> Wed Apr  5 09:17:21 2006 us=324378 82.127.81.77:1194 VERIFY OK: depth=1,
> /C=FR/ST=BZH/L=BREST/O=Gicm/CN=CA-OpenVPN-Gicm/emailAddress=noc@xxxxxxxx
> Wed Apr  5 09:17:21 2006 us=324810 82.127.81.77:1194 VERIFY OK: depth=0,
> /C=FR/ST=BZH/O=Gicm/CN=Jean-Paul.Chapalain@xxxxxxx/emailAddress=noc@xxxxxxxx
> Wed Apr  5 09:17:21 2006 us=512265 82.127.81.77:1194 TLS Auth Error:
> --client-config-dir authentication failed for common name
> 'Jean-Paul.Chapalain@xxxxxxx'
> file='/opt/openvpn/ccd/Jean-Paul.Chapalain@xxxxxxx'
> Wed Apr  5 09:17:21 2006 us=665209 82.127.81.77:1194 Control Channel:
> TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Apr  5 09:17:21 2006 us=665271 82.127.81.77:1194
> [Jean-Paul.Chapalain@xxxxxxx] Peer Connection Initiated with
> 82.127.81.77:1194
> Wed Apr  5 09:17:22 2006 us=932927 82.127.81.77:1194 PUSH: Received
> control message: 'PUSH_REQUEST'
> Wed Apr  5 09:17:22 2006 us=933043 82.127.81.77:1194 SENT CONTROL
> [Jean-Paul.Chapalain@xxxxxxx]: 'AUTH_FAILED' (status=1)
> Wed Apr  5 09:17:22 2006 us=933072 82.127.81.77:1194 Delayed exit in 5
> seconds
> Wed Apr  5 09:17:27 2006 us=16277 82.127.81.77:1194
> SIGTERM[soft,delayed-exit] received, client-instance exiting

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature