cant authenticate any user after putting client-connect.sh

[eric66300]

hi

May i ask why i can't connect any user name when i put client-connect.sh and clietn-disconnect.sh on server side?

please help


thank you

[janjust]

depends on your client-connect script - if your script returns exit code != 0 then all connections are stopped.

[eric66300]

client connect

#!/bin/sh
logfile="/var/log/openvpn-connections.log"
datetime=`date`
#content=`set`
content=" "
logline="$datetime: user $common_name connected (local
$ifconfig_pool_remote_ip remote $untrusted_ip)"
subject="log vpn: $logline"
echo $logline >> $logfile
echo $content | mail -s "$subject" heriatge@yahoo.com

client disconnect

#!/bin/sh
logfile="/var/log/openvpn-connections.log"
datetime=`date`
#content=`set`
content=" "
logline="$datetime: user $common_name disconnected (local
$ifconfig_pool_remote_ip remote $untrusted_ip)"
subject="log vpn: $logline"
echo $logline >> $logfile
echo $content | mail -s "$subject" heritage@yahoo.com

i copied those script and put it on our vpn...

can't find

Code: Select all

exit code != 0

anything wrong with server or with script?

server side config

mode server
local xx.xx.xx.xx.xx
port 9200

proto udp
dev tun
tls-server
tun-mtu 1500
tun-mtu-extra 32
mssfix max
fragment 1300
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-connect /etc/openvpn/client-connect.sh
client-disconnect /etc/openvpn/client-disconnect.sh
client-cert-not-required
username-as-common-name
server 10.10.0.0 255.255.255.0


push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.8.8"
keepalive 5 30
cipher none
comp-lzo
persist-key
persist-tun
status udp10.log
resolv-retry 5
verb 1
mute 5
script-security 2

thank you

[janjust]

if the sending of the mail fails, the client connect fails; add a line

Code: Select all

exit 0

to both the client-connect and client-disconnect scripts and try again

[eric66300]

[root@tic openvpn]# iptables -t nat -A -POSTROUTING -s 10.10.1.0/24 -j SNAT --to xx.xx.xx.xx
iptables: No chain/target/match by that name
[root@tic openvpn]#

i edit and execute the command and that logs keep coming out

i update iptables but no luck.

[janjust]

the name of the chain is POSTROUTING, not -POSTROUTING

[eric66300]

Fri May 20 23:38:49 2011 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 12 2009
Fri May 20 23:38:49 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri May 20 23:38:49 2011 ******* WARNING *******: null cipher specified, no encryption will be used
Fri May 20 23:38:49 2011 LZO compression initialized
Fri May 20 23:38:49 2011 Attempting to establish TCP connection with xxx.xxx.xxx.xxx:80
Fri May 20 23:38:50 2011 TCP connection established with xxx.xxx.xxx.xxx:80
Fri May 20 23:38:50 2011 TCPv4_CLIENT link local: [undef]
Fri May 20 23:38:50 2011 TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:80
Fri May 20 23:38:57 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 20 23:39:06 2011 [server] Peer Connection Initiated with xxx.xxx.xxx.xxx:80
Fri May 20 23:39:09 2011 AUTH: Received AUTH_FAILED control message

still sir no luck

[eric66300]

maybe theres something wrong on the script it self.

can anyone tells me what wrong?

thank you

[janjust]

post the client-connect script again - the first version you posted did not contain any iptables rules at all.

[eric66300]

#!/bin/sh
logfile="/var/log/openvpn-connections.log"
datetime=`date`
#content=`set`
content=" "
logline="$datetime: user $common_name connected (local
$ifconfig_pool_remote_ip remote $untrusted_ip)"
subject="log vpn: $logline"
echo $logline >> $logfile
echo $content | mail -s "$subject" heriatge@yahoo.com
exit 0

i just add exit 0 nothing more

i just copied the script don't know how to implement it properly

[janjust]

what's in the server log? and what's in the file '/var/log/openvpn-connections.log' on the server?

[eric66300]

Last login: Sat May 21 02:56:20 2011 from 10.10.0.6
[root@tigervpn ~]# /var/log/openvpn-connections.log
-bash: /var/log/openvpn-connections.log: No such file or directory

when i try to use nano commandbe its empty

can that be the main problem?

[janjust]

it most likely means your script never executed - what is in the server log ? did you add 'script-security 2' to your server config and restart it? please read my postings carefully and answer requests for log files, as I won't otherwise be able to help you.