I add 'auth-user-pass-verify' to server.conf but now I can't connect.

[chineseman]

As the title said .
server.conf:
proto tcp-server
port 1194
dev tun1
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir ccd
push "route 192.168.1.0 255.255.255.0"
auth SHA1
cipher none
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
ca /etc/storage/openvpn/server/ca.crt
dh /etc/storage/openvpn/server/dh1024.pem
cert /etc/storage/openvpn/server/server.crt
key /etc/storage/openvpn/server/server.key
persist-key
persist-tun
user nobody
group nogroup
script-security 2
tmp-dir /tmp/openvpn
writepid /var/run/openvpn_svr.pid
client-connect ovpns.script
client-disconnect ovpns.script
username-as-common-name
auth-user-pass-verify /home/root/liukong/checkpsw.sh via-env

checkpsw.sh:
PASSFILE="/home/root/liukong/pw"
LOG_FILE="/home/root/liukong/log.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`


if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi

CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`

if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi

if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi

echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1

I get a error in openvpn client 'Transport pause'

client.ovpn

client
dev tun
proto tcp-client
remote 110.86.72.83 1194
resolv-retry infinite
;float
nobind
persist-key
persist-tun
auth SHA1
cipher none
nice 0
verb 3
mute 10
auth-user-pass


Please help me !!

[TinCanTech]

Please see:
HOWTO: Request Help !

[chineseman]

Please see:
HOWTO: Request Help !

Hmm,I 'm new in there,cloud you tell me what i should do?

[TinCanTech]

Hmm,I 'm new in there

You are not that new ..

If you expect us to debug your script then you must fully document your openvpn installation as per the link above .. at the very least your logs would help.

[chineseman]

Hmm,I 'm new in there

You are not that new ..

If you expect us to debug your script then you must fully document your openvpn installation as per the link above .. at the very least your logs would help.

thx.I seem to know the reason for this problem.But I don't know how to solve it .Look at the following log.

Code: Select all

Tue Nov 15 19:26:20 2016 GID set to nogroup
Tue Nov 15 19:26:20 2016 UID set to nobody
Tue Nov 15 19:26:20 2016 Listening for incoming TCP connection on [undef]
Tue Nov 15 19:26:20 2016 TCPv4_SERVER link local (bound): [undef]
Tue Nov 15 19:26:20 2016 TCPv4_SERVER link remote: [undef]
Tue Nov 15 19:26:20 2016 Initialization Sequence Completed
Tue Nov 15 19:29:14 2016 TCP connection established with [AF_INET]192.168.1.98:49509
Tue Nov 15 19:29:14 2016 192.168.1.98:49509 WARNING: Failed running command (--auth-user-pass-verify): could not execute external program
Tue Nov 15 19:29:14 2016 192.168.1.98:49509 TLS Auth Error: Auth Username/Password verification failed for peer

By the way,I set up openvpn in openwrt.

[TinCanTech]

Your Server.conf

Try removing this:

Code: Select all

user nobody
group nogroup

And I think you need this:

Code: Select all

script-security 3 # Not 2

[Pippin]

script-security 2 is working here.

Is your script chmod 0755?
I do not see shebang?

[TinCanTech]

script-security 2 is working here

It should not because that would exclude $password from being passed ..

[Pippin]

Yes, you are correct.
I not use password in auth-user-pass-verify

[TinCanTech]

That is clearly not the same as the OP ..

eg:

echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1

However,

I get a error in openvpn client 'Transport pause'

Maybe the auth-user-pass-verify /home/root/liukong/checkpsw.sh via-env takes too long ..

Please see:
HOWTO: Request Help !

As above .. logs please.