Hallo :)
Yes, looks like it`s not executed, right?
Running it on CLI:
NAS> /volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh
usage: ovpnCNcheck.sh userfile certificate_depth X509_NAME_oneline
NAS> /volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh
/volume1/@appstore/VPNCenter/scripts/userlist.txt
usage: ovpnCNcheck.sh userfile certificate_depth X509_NAME_oneline
Tommorow i will edit the Apparmor config, still not tested that, maybe it`s in
the way.
Thanks
André
P.S.
Last Tuesday i saw your new book is available on Bol, it`s on my list.
Is there also a paperback available, now or future?
Don`t like E-book too much, give me headage`s :)
Subject: Re: [Openvpn-users] tls-verify script not working
To: dreet...@hotmail.com; openvpn-users@lists.sourceforge.net
From: janj...@nikhef.nl
Date: Fri, 2 Oct 2015 22:36:43 +0200
Hi,
On 02/10/15 18:22, Dreetjeh D wrote:
Hello all,
I`m running the OVPN server on a NAS from Synology with self
generated certificates (XCA).
A few day`s i`m trying to get a tls-verify script running but
somehow i cannot find what is wrong.
The following script, ovpnCNcheck.sh, i found on the net:
(removed comments)
************************
#!/bin/sh
[ $# -eq 3 ] || { echo usage: ovpnCNcheck.sh userfile
certificate_depth X509_NAME_oneline ; exit 255 ; }
# $2 -> certificate_depth
if [ $2 -eq 0 ] ; then
# $3 -> X509_NAME_oneline
# $1 -> cn we are looking for
grep -q "^`expr match "$3" ".*/CN=\([^/][^/]*\)"`$" "$1"
&& exit 0
exit 1
fi
exit 0
*********************
I gave the file 0755 and placed a textfile also 0755, containing
the commonname of the client, in the same directory.
In the config from server:
tls-verify
"/volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh
/volume1/@appstore/VPNCenter/scripts/userlist.txt"
When the client connects, username/password and then stalls, the
server log gives:
*************************
WARNING: Failed running command (--tls-verify
script): could not execute external program
^^^^^^
this line gives a pretty good hint to what's failing.
On the synology box the shell script does not seem to execute. Can
you get a login shell on the synology box and run the script
manually? once you've got that running, then attempt to use OpenVPN
again.
groetjes/cheers,
JJK
Fri Oct 2 18:18:39 2015 us=192309
192.168.11.32:1194 VERIFY SCRIPT ERROR: depth=1, C=NL, ST=GLD,
O=MMD, OU=OVPN, CN=CA, emailAddress=dreet...@hotmail.com
Fri Oct 2 18:18:39 2015 us=192614 192.168.11.32:1194
TLS_ERROR: BIO read tls_read_plaintext error:
error:140890B2:lib(20):func(137):reason(178)
Fri Oct 2 18:18:39 2015 us=192686 192.168.11.32:1194 TLS
Error: TLS object -> incoming plaintext read error
Fri Oct 2 18:18:39 2015 us=197583 192.168.11.32:1194
SYNO_ERR_CERT
Fri Oct 2 18:18:39 2015 us=197673 192.168.11.32:1194 TLS
Error: TLS handshake failed
Fri Oct 2 18:18:39 2015 us=198050 192.168.11.32:1194
SIGUSR1[soft,tls-error] received, client-instance restarting
***************************
As i have no understanding from the script, i still would
appriciate if someone can take a look at this.
Thanks in advance,
André
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
