Re: [Openvpn-users] tls-verify script not working

Fri, 02 Oct 2015 11:02:35 -0700 

Can you post your complete server config please.

----- Original Message ----- 
From: "Dreetjeh D" <[email protected]>
To: <[email protected]>
Sent: Friday, October 02, 2015 5:22 PM
Subject: [Openvpn-users] tls-verify script not working


Hello all,


I`m running the OVPN server on a NAS from Synology with self generated 
certificates (XCA).

A few day`s i`m trying to get a tls-verify script running but somehow i 
cannot find what is wrong.
The following script, ovpnCNcheck.sh, i found on the net:
(removed comments)
************************
#!/bin/sh



[ $# -eq 3 ] || { echo usage: ovpnCNcheck.sh userfile certificate_depth 
X509_NAME_oneline ; exit 255 ; }



# $2 -> certificate_depth


if [ $2 -eq 0 ] ; then


# $3 -> X509_NAME_oneline


# $1 -> cn we are looking for


grep -q "^`expr match "$3" ".*/CN=\([^/][^/]*\)"`$" "$1" && exit 0


exit 1


fi



exit 0


*********************

I gave the file 0755 and placed a textfile also 0755, containing the 
commonname of the client, in the same directory.
In the config from server:
tls-verify "/volume1/@appstore/VPNCenter/scripts/ovpnCNcheck.sh 
/volume1/@appstore/VPNCenter/scripts/userlist.txt"

When the client connects, username/password and then stalls, the server log 
gives:
*************************
WARNING: Failed running command (--tls-verify script): could not execute 
external program
Fri Oct  2 18:18:39 2015 us=192309 192.168.11.32:1194 VERIFY SCRIPT ERROR: 
depth=1, C=NL, ST=GLD, O=MMD, OU=OVPN, CN=CA, 
[email protected]
Fri Oct  2 18:18:39 2015 us=192614 192.168.11.32:1194 TLS_ERROR: BIO read 
tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
Fri Oct  2 18:18:39 2015 us=192686 192.168.11.32:1194 TLS Error: TLS 
object -> incoming plaintext read error
Fri Oct  2 18:18:39 2015 us=197583 192.168.11.32:1194 SYNO_ERR_CERT
Fri Oct  2 18:18:39 2015 us=197673 192.168.11.32:1194 TLS Error: TLS 
handshake failed
Fri Oct  2 18:18:39 2015 us=198050 192.168.11.32:1194 
SIGUSR1[soft,tls-error] received, client-instance restarting
***************************

As i have no understanding from the script, i still would appriciate if 
someone can take a look at this.

Thanks in advance,
André






--------------------------------------------------------------------------------


> ------------------------------------------------------------------------------
>


--------------------------------------------------------------------------------


> _______________________________________________
> Openvpn-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 


------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to