Running OpenVPN 2.3.10 on Ubuntu 16.04 using a working configuration with only the "script-security" and "client-connect" lines added. Starting the OpenVPN server with systemctl starts it successfully and a client can connect but the client-connect script doesn't run and no error is reported in the log. Stopping the daemon with systemctl and starting it manually with the below parameters doesn't allow a client to connect, the log shows: CRL: cannot read: rw-crl.pem TLS_ERROR: BIO read tls_read_plaintext error: ... ssl3_get_client_certificate:certificate verify failed TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Starting it manually with the *** only *** change being the removal of the --daemon parameter produces a totally working system. Any idea what is wrong or suggestions? (The following obtained using 'egrep -v "^$|^#|^;" server.conf', it was put into a file and the following two vi commands used to put it into the proper format before adding /usr/sbin/openvpn and --daemon at the front :%s/^/-- and :%s/\n/ / ) local nnn.nnn.nnn.nnn (using Internet-registered IP on the Internet-facing device)port 1197 (non-standard due to other OpenVPN instances passing through the device)proto udpdev tun1topology subnetca rw-ca.crtcert vpnhost.crtkey vpnhost.keydh rw-dh1024.pemserver mmm.mmm.mmm.mmm 255.255.255.128 (private IP address ranges here and below)ifconfig-pool-persist rw-ipp.txtpush "route mmm.mmm.aaa.0 255.255.255.0"push "route mmm.mmm.bbb.0 255.255.255.0"push "route vvv.vvv.0.0 255.255.0.0"push "route vvv.uuu.0.0 255.255.0.0"push "route vvv.ttt.0.0 255.255.0.0"client-config-dir rw-ccdpush "dhcp-option DNS mmm.mmm.aaa.1"push "dhcp-option DOMAIN datavoiceint.com"keepalive 10 120comp-lzopersist-keypersist-tunstatus /var/log/openvpn-rw-status.loglog-append /var/log/openvpn-rw.logverb 4crl-verify rw-crl.pemmanagement 127.0.0.1 9711 /etc/openvpn/pwdscript-security 2client-connect /etc/openvpn/rw-scripts/client-connect The client-connect script is owned by root:root with 755 permissions on the rw-scripts directory and client-connect script itself, contents are (output sent to both /tmp and /var/log - same result, the "Arrived" was added to insure that something would be produced when the script ran): #!/bin/bash/bin/echo "Arrived" > /var/log/vpn-script-test/bin/echo -e "Time ascii = $time_ascii\ncommon_name = $common_name\nifconfig_pool_remote_ip = $ifconfig_pool_remote_ip\ntrusted_ip = $trusted_ip\nuntrusted_ip = $untrusted_ip" >> /var/log/vpn-script-test/bin/echo "Command line parameters: first - $1, second - $2" >> /var/log/vpn-script-test
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
