[Openvpn-users] tls-verify script not working

Fri, 02 Oct 2015 09:26:24 -0700 

 Hello all,
 
 
I`m running the OVPN server on a NAS from Synology with self generated 
certificates (XCA).
 
A few day`s i`m trying to get a tls-verify script running but somehow i cannot 
find what is wrong.
The following script, ovpnCNcheck.sh, i found on the net:
(removed comments)
************************
#!/bin/sh



[ $# -eq 3 ] || { echo usage: ovpnCNcheck.sh userfile certificate_depth 
X509_NAME_oneline ; exit 255 ; }



# $2 -> certificate_depth


if [ $2 -eq 0 ] ; then


        # $3 -> X509_NAME_oneline


        # $1 -> cn we are looking for


        grep -q "^`expr match "$3" ".*/CN=\([^/][^/]*\)"`$" "$1" && exit 0


        exit 1


fi



exit 0


*********************
 
I gave the file 0755 and placed a textfile also 0755, containing the commonname 
of the client, in the same directory.
In the config from server:
tls-verify "/volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh 
/volume1/@appstore/VPNCenter/scripts/userlist.txt"
 
When the client connects, username/password and then stalls, the server log 
gives:
*************************
WARNING: Failed running command (--tls-verify script): could not execute 
external program
Fri Oct  2 18:18:39 2015 us=192309 192.168.11.32:1194 VERIFY SCRIPT ERROR: 
depth=1, C=NL, ST=GLD, O=MMD, OU=OVPN, CN=CA, emailAddress=dreet...@hotmail.com
Fri Oct  2 18:18:39 2015 us=192614 192.168.11.32:1194 TLS_ERROR: BIO read 
tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
Fri Oct  2 18:18:39 2015 us=192686 192.168.11.32:1194 TLS Error: TLS object -> 
incoming plaintext read error
Fri Oct  2 18:18:39 2015 us=197583 192.168.11.32:1194 SYNO_ERR_CERT
Fri Oct  2 18:18:39 2015 us=197673 192.168.11.32:1194 TLS Error: TLS handshake 
failed
Fri Oct  2 18:18:39 2015 us=198050 192.168.11.32:1194 SIGUSR1[soft,tls-error] 
received, client-instance restarting
***************************
 
As i have no understanding from the script, i still would appriciate if someone 
can take a look at this.
 
Thanks in advance,
André
 
 
 
                                          
------------------------------------------------------------------------------

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to