Hi,
On 02/10/15 23:00, Dreetjeh D wrote:
Hallo :)
Yes, looks like it`s not executed, right?
Running it on CLI:
NAS> /volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh
usage: ovpnCNcheck.sh userfile certificate_depth X509_NAME_oneline
NAS> /volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh
/volume1/@appstore/VPNCenter/scripts/userlist.txt
usage: ovpnCNcheck.sh userfile certificate_depth X509_NAME_oneline
did you enable
script-security 2
in the server config ? It's commented out in the config you posted, just
like the 'tls-verify' line
P.S.
Last Tuesday i saw your new book is available on Bol, it`s on my list.
Is there also a paperback available, now or future?
Don`t like E-book too much, give me headage`s :)
it's in paperback format
cheers,
JJK
------------------------------------------------------------------------
Subject: Re: [Openvpn-users] tls-verify script not working
To: dreet...@hotmail.com; openvpn-users@lists.sourceforge.net
From: janj...@nikhef.nl
Date: Fri, 2 Oct 2015 22:36:43 +0200
Hi,
On 02/10/15 18:22, Dreetjeh D wrote:
Hello all,
I`m running the OVPN server on a NAS from Synology with self
generated certificates (XCA).
A few day`s i`m trying to get a tls-verify script running but
somehow i cannot find what is wrong.
The following script, ovpnCNcheck.sh, i found on the net:
(removed comments)
************************
#!/bin/sh
[ $# -eq 3 ] || { echo usage: ovpnCNcheck.sh userfile
certificate_depth X509_NAME_oneline ; exit 255 ; }
# $2 -> certificate_depth
if [ $2 -eq 0 ] ; then
# $3 -> X509_NAME_oneline
# $1 -> cn we are looking for
grep -q "^`expr match "$3" ".*/CN=\([^/][^/]*\)"`$" "$1" && exit 0
exit 1
fi
exit 0
*********************
I gave the file 0755 and placed a textfile also 0755, containing
the commonname of the client, in the same directory.
In the config from server:
tls-verify "/volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh
/volume1/@appstore/VPNCenter/scripts/userlist.txt"
<mailto:/volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh/volume1/@appstore/VPNCenter/scripts/userlist.txt>
When the client connects, username/password and then stalls, the
server log gives:
*************************
WARNING: Failed running command (--tls-verify script): could not
execute external program
^^^^^^
this line gives a pretty good hint to what's failing.
On the synology box the shell script does not seem to execute. Can you
get a login shell on the synology box and run the script manually?
once you've got that running, then attempt to use OpenVPN again.
groetjes/cheers,
JJK
Fri Oct 2 18:18:39 2015 us=192309 192.168.11.32:1194 VERIFY SCRIPT
ERROR: depth=1, C=NL, ST=GLD, O=MMD, OU=OVPN, CN=CA,
emailAddress=dreet...@hotmail.com
<mailto:emailAddress=dreet...@hotmail.com>
Fri Oct 2 18:18:39 2015 us=192614 192.168.11.32:1194 TLS_ERROR:
BIO read tls_read_plaintext error:
error:140890B2:lib(20):func(137):reason(178)
Fri Oct 2 18:18:39 2015 us=192686 192.168.11.32:1194 TLS Error:
TLS object -> incoming plaintext read error
Fri Oct 2 18:18:39 2015 us=197583 192.168.11.32:1194 SYNO_ERR_CERT
Fri Oct 2 18:18:39 2015 us=197673 192.168.11.32:1194 TLS Error:
TLS handshake failed
Fri Oct 2 18:18:39 2015 us=198050 192.168.11.32:1194
SIGUSR1[soft,tls-error] received, client-instance restarting
***************************
As i have no understanding from the script, i still would
appriciate if someone can take a look at this.
Thanks in advance,
André
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
<mailto:Openvpn-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
