Hi,
On 02/10/15 18:22, Dreetjeh D wrote:
Hello all,
I`m running the OVPN server on a NAS from Synology with self
generated certificates (XCA).
A few day`s i`m trying to get a tls-verify script running but somehow
i cannot find what is wrong.
The following script, ovpnCNcheck.sh, i found on the net:
(removed comments)
************************
#!/bin/sh
[ $# -eq 3 ] || { echo usage: ovpnCNcheck.sh userfile
certificate_depth X509_NAME_oneline ; exit 255 ; }
# $2 -> certificate_depth
if [ $2 -eq 0 ] ; then
# $3 -> X509_NAME_oneline
# $1 -> cn we are looking for
grep -q "^`expr match "$3" ".*/CN=\([^/][^/]*\)"`$" "$1" && exit 0
exit 1
fi
exit 0
*********************
I gave the file 0755 and placed a textfile also 0755, containing the
commonname of the client, in the same directory.
In the config from server:
tls-verify "/volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh
/volume1/@appstore/VPNCenter/scripts/userlist.txt"
When the client connects, username/password and then stalls, the
server log gives:
*************************
WARNING: Failed running command (--tls-verify script): could not
execute external program
^^^^^^
this line gives a pretty good hint to what's failing.
On the synology box the shell script does not seem to execute. Can you
get a login shell on the synology box and run the script manually? once
you've got that running, then attempt to use OpenVPN again.
groetjes/cheers,
JJK
Fri Oct 2 18:18:39 2015 us=192309 192.168.11.32:1194 VERIFY SCRIPT
ERROR: depth=1, C=NL, ST=GLD, O=MMD, OU=OVPN, CN=CA,
emailAddress=dreet...@hotmail.com
<mailto:emailAddress=dreet...@hotmail.com>
Fri Oct 2 18:18:39 2015 us=192614 192.168.11.32:1194 TLS_ERROR: BIO
read tls_read_plaintext error:
error:140890B2:lib(20):func(137):reason(178)
Fri Oct 2 18:18:39 2015 us=192686 192.168.11.32:1194 TLS Error: TLS
object -> incoming plaintext read error
Fri Oct 2 18:18:39 2015 us=197583 192.168.11.32:1194 SYNO_ERR_CERT
Fri Oct 2 18:18:39 2015 us=197673 192.168.11.32:1194 TLS Error: TLS
handshake failed
Fri Oct 2 18:18:39 2015 us=198050 192.168.11.32:1194
SIGUSR1[soft,tls-error] received, client-instance restarting
***************************
As i have no understanding from the script, i still would appriciate
if someone can take a look at this.
Thanks in advance,
André
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
