[Solved] Need help with tls-crypt-v2-verify and chroot.

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Kalibri
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 06, 2023 9:08 pm

[Solved] Need help with tls-crypt-v2-verify and chroot.

Post by Kalibri » Wed Dec 06, 2023 9:41 pm

Can't seem to set up tls-crypt-v2-verify metacheck while chroot jail is on.
If i comment out chroot jail everything is ok, but with it I get:
2023-12-06 xx:xx:xx us=525116 xxx.xxx.xxx.xxx:xxxxx WARNING: Failed running command (--tls-crypt-v2-verify): could not execute external program
File metacheck is simple script just to make this work.

#!/bin/bash
echo "######### WORKS #########"
exit 0

I've placed metacheck file in /etc/openvpn/ and in /etc/openvpn/jail/ folders.
Did chmod -R 777 /etc/openvpn while testing.

Server Config Snip

chroot jail
tls-crypt-v2-verify metacheck
script-security 2
Last edited by Kalibri on Thu Dec 07, 2023 7:48 pm, edited 1 time in total.
Top
Kalibri
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 06, 2023 9:08 pm

Re: Need help with tls-crypt-v2-verify and chroot.

Post by Kalibri » Thu Dec 07, 2023 7:46 pm

Found solution.

Openvpn needs bash binary inside chroot folder to run custom scripts.
Thought openvpn copies /bin/bash by itself to chroot folder, but i was wrong. So i had to copy it myself.

1. Copy bash binary to chroot/path/bin/.
2. Find required libraries with ldd /bin/bash and add them to chroot folder.
3. Check if you can chroot into folder with chroot path/to/folder.

Afterwards if permissions and script is ok, it should work.
Top
Post Reply

Return to “Configuration”