[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Sending log messages to client from auth-user-pass-verify script


  • Subject: Re: [Openvpn-users] Sending log messages to client from auth-user-pass-verify script
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Thu, 06 Dec 2007 16:56:04 +0100

that's the problem : AFAIK there's no plugin to send stuff back to the 
client at login time... you could write a client plugin which listens to 
a server plugin etc etc but that gets ugly really fast.
alternatively you could write a client plugin which does a similar 
username-common-name check: that way the client would know about the 
mismatch even before a connection was made.

HTH,

JJK

Sverre Johan Tøvik wrote:
> Hi Jan,
>
> I see an "AUTH: Received AUTH_FAILED control message", which is the 
> same message as when an invalid username/password is used. I wouldn't 
> mind writing a patch, but I'd rather not have to distribute a custom 
> version of OpenVPN. Do you know if client side logging is possible 
> with the plugin API? If so, I might just make a plugin which does the 
> username/cn check. I just checked out the example "simple" plugin, 
> looks easy enough.
>
>
>       Sverre
>
> On Dec 6, 2007 4:22 PM, Jan Just Keijser < janjust@xxxxxxxxx 
> <mailto:janjust@xxxxxxxxx>> wrote:
>
>     Hi Sverre,
>
>     I don't think so... it would require a (not too difficult) patch
>     to the
>     openvpn software.
>     what do you see now when there's a username-common-name mismatch?
>
>     HTH,
>
>     JJK
>
>     Sverre Johan Tøvik wrote:
>     > Hi,
>     >
>     > The subject says it all really. Is it possible to send output
>     from an
>     > auth-user-pass-verify script to the client side log? I've added an
>     > auth-user-pass-verify script to verify that the username matches
>     > the common name from the client cert, and added some output so that
>     > these errors show up in the server log. However, I'd like this
>     to show
>     > up in the client side log also.
>     >
>     >
>
>

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users