|
|
|
Dear list, I have been running an otherwise-working install of openvpn with Ralf's RADIUS plugin for quite some time now. Recently, it's taken upon itself to crash with a scary error (see below). Nothing has changed, I swear :) Can anyone give me some hints on what's going on, who the culprit is, and maybe how to solve it? All assistance is welcome. Thanks, Jan openvpn config file: #### vpntunnel server config file, v0.0.4 - 22.35pm, 13/11/06 ########### # Please ensue you update modified date/version if you change things!! # ######################################################################## log-append /var/log/openvpn/server.log # log everything in correct place ########## Certificates ############################# ca /etc/openvpn/certs/ca.crt # certificate authority cert /etc/openvpn/certs/steadfast2.crt # self-certificate key /etc/openvpn/certs/steadfast2.key # keep this key secret (server private key) dh /etc/openvpn/certs/dh1024.pem # dh parameters ########## Server Stuff ############################# topology subnet # be cool local aa.bb.cc.69 # listen on your public ip. port 443 # listen on port 1111 proto tcp-server # listen on tcp dev tun # use tun0 as your interface mode server # serve multiple clients tls-server # be a server ifconfig aa.bb.cc.1 255.255.255.0 # use .1 for yourself #ifconfig-pool aa.bb.cc.6 aa.bb.cc.250 # hand out IPs ########## Plugins etc ############################## plugin /etc/openvpn/radiusplugin.so /etc/openvpn/server.cnf # use Ralf's radius plugin status /etc/openvpn/status.log 1 # give ralf byte totals etc client-config-dir /etc/openvpn/ccd # look here for per-user info ########## Routing ################################## push "route-gateway "aa.bb.cc.1" # give us all your traffic ########## Additional Services ###################### push "redirect-gateway def1" # all traffic over tunnel push "dhcp-option DNS aa.bb.cc.1" # use our DNS servers push "dhcp-option DOMAIN ournetwork.net" # look pretty push "topology subnet" # use proper IPs ########## Additional Server Options ################ keepalive 10 40 # die after 40 secs, ping every 10 reneg-sec 1000 # 1,000 seconds between reauths comp-lzo # use compression user nobody # be secure group nobody # be really secure persist-key # don't break persist-tun # don't fall over verb 4 # don't spam console nice -10 # be obnoxious ############################################### # config written by Jan # ############################################### radiusplugin config file: NAS-Identifier=steadfast2 Service-Type=5 Framed-Protocol=1 NAS-Port-Type=5 NAS-IP-Address=aa.bb.cc.69 ccdPath=/etc/openvpn/ccd/ statusFile=/etc/openvpn/status.log vsascript=/etc/openvpn/vsascript.pl subnet=255.255.255.0 server { acctport=1813 authport=1812 name=aa.bb.cc.68 retry=1 wait=1 sharedsecret=xxxxxxxxxxxx } openvpn log: Sun Dec 10 08:49:45 2006 us=923192 Initialization Sequence Completed Sun Dec 10 08:54:55 2006 us=459958 MULTI: multi_create_instance called Sun Dec 10 08:54:55 2006 us=460021 Re-using SSL/TLS context Sun Dec 10 08:54:55 2006 us=460066 LZO compression initialized Sun Dec 10 08:54:55 2006 us=460405 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ] Sun Dec 10 08:54:55 2006 us=460447 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ] Sun Dec 10 08:54:55 2006 us=460561 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysi ze 128,key-method 2,tls-server' Sun Dec 10 08:54:55 2006 us=460577 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Sun Dec 10 08:54:55 2006 us=460624 Local Options hash (VER=V4): 'c0103fa8' Sun Dec 10 08:54:55 2006 us=460650 Expected Remote Options hash (VER=V4): '69109d17' Sun Dec 10 08:54:55 2006 us=460692 TCP connection established with xx.yy.zz.40:39998 Sun Dec 10 08:54:55 2006 us=460713 Socket Buffers: R=[131072->131072] S=[131072->131072] Sun Dec 10 08:54:55 2006 us=460734 TCPv4_SERVER link local: [undef] Sun Dec 10 08:54:55 2006 us=460752 TCPv4_SERVER link remote: xx.yy.zz.40:39998 Sun Dec 10 08:54:57 2006 us=462683 xx.yy.zz.40:39998 TLS: Initial packet from xx.yy.zz.40:39998, sid=90c6d64d f88a6474 Sun Dec 10 08:54:59 2006 us=707912 xx.yy.zz.40:39998 VERIFY OK: depth=1, /C=../ST=../L=./O=../CN=.._CA/emailAddress=.. Sun Dec 10 08:54:59 2006 us=708132 xx.yy.zz.40:39998 VERIFY OK: depth=0, /C=../ST=../L=./O=../CN=i30t/emailAddress=.. RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length. RADIUS-PLUGIN: BACKGROUND AUTH: Vendor Specific Attribute String: attrib_id_1=529 attrib_type_1=197 attrib_value_1=1048576 attrib_id_2=529 attrib_type_2=255 attrib_value_2=1048576 RADIUS-PLUGIN: FOREGROUND: Add user to map. Sun Dec 10 08:55:00 2006 us=184551 xx.yy.zz.40:39998 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0 Sun Dec 10 08:55:00 2006 us=184577 xx.yy.zz.40:39998 TLS: Username/Password authentication succeeded for username 'i30t' Sun Dec 10 08:55:00 2006 us=184902 xx.yy.zz.40:39998 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Dec 10 08:55:00 2006 us=184922 xx.yy.zz.40:39998 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Dec 10 08:55:00 2006 us=184988 xx.yy.zz.40:39998 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sun Dec 10 08:55:00 2006 us=185006 xx.yy.zz.40:39998 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sun Dec 10 08:55:00 2006 us=434022 xx.yy.zz.40:39998 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sun Dec 10 08:55:00 2006 us=434054 xx.yy.zz.40:39998 [i30t] Peer Connection Initiated with xx.yy.zz.40:39998 Sun Dec 10 08:55:00 2006 us=434116 i30t/xx.yy.zz.40:39998 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/i30t terminate called after throwing an instance of 'std::logic_error' what(): basic_string::_S_construct NULL not valid file /etc/openvpn/ccd/i30t is empty. [root@chi01-050-05 ~]# radtest i30t userpassword vpntunnel.net 532 xxxxxxxxxxxxxx Sending Access-Request of id 14 to aa.bb.cc.68:1812 User-Name = "i30t" User-Password = "userpassword" NAS-IP-Address = nasname.oursite.net NAS-Port = 532 rad_recv: Access-Accept packet from host aa.bb.cc.68:1812, id=14, length=123 Reply-Message = "User i30t speed set to 1Mbps/1Mbps, due to usage totalling 70311750307 bytes." Ascend-Data-Rate = 1048576 Ascend-Xmit-Rate = 1048576 [root@chi01-050-05 ~]# less status.log OpenVPN CLIENT LIST Updated,Sun Dec 10 08:55:00 2006 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since i30t,xx.yy.zz.40:39998,2684,3077,Sun Dec 10 08:54:55 2006 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END /var/log/vsa.log ... at end of file.... -------------------------------------- Action: Username: Commonname: Untrusted_Ip: Untrusted_Port: Assigned_IP: Attributes: -------------------------------------- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00080.html on line 211 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00080.html on line 211 |