cant authenticate any user after putting client-connect.sh
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN Power User
- Posts: 57
- Joined: Fri Apr 15, 2011 12:05 pm
cant authenticate any user after putting client-connect.sh
hi
May i ask why i can't connect any user name when i put client-connect.sh and clietn-disconnect.sh on server side?
please help
thank you
May i ask why i can't connect any user name when i put client-connect.sh and clietn-disconnect.sh on server side?
please help
thank you
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: cant authenticate any user after putting client-connect.
depends on your client-connect script - if your script returns exit code != 0 then all connections are stopped.
-
- OpenVPN Power User
- Posts: 57
- Joined: Fri Apr 15, 2011 12:05 pm
Re: cant authenticate any user after putting client-connect.
client connect
i copied those script and put it on our vpn...
can't find
anything wrong with server or with script?
server side config
client disconnect#!/bin/sh
logfile="/var/log/openvpn-connections.log"
datetime=`date`
#content=`set`
content=" "
logline="$datetime: user $common_name connected (local
$ifconfig_pool_remote_ip remote $untrusted_ip)"
subject="log vpn: $logline"
echo $logline >> $logfile
echo $content | mail -s "$subject" heriatge@yahoo.com
#!/bin/sh
logfile="/var/log/openvpn-connections.log"
datetime=`date`
#content=`set`
content=" "
logline="$datetime: user $common_name disconnected (local
$ifconfig_pool_remote_ip remote $untrusted_ip)"
subject="log vpn: $logline"
echo $logline >> $logfile
echo $content | mail -s "$subject" heritage@yahoo.com
i copied those script and put it on our vpn...
can't find
Code: Select all
exit code != 0
server side config
thank you
mode server
local xx.xx.xx.xx.xx
port 9200
proto udp
dev tun
tls-server
tun-mtu 1500
tun-mtu-extra 32
mssfix max
fragment 1300
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-connect /etc/openvpn/client-connect.sh
client-disconnect /etc/openvpn/client-disconnect.sh
client-cert-not-required
username-as-common-name
server 10.10.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 8.8.8.8"
keepalive 5 30
cipher none
comp-lzo
persist-key
persist-tun
status udp10.log
resolv-retry 5
verb 1
mute 5
script-security 2
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: cant authenticate any user after putting client-connect.
if the sending of the mail fails, the client connect fails; add a line
to both the client-connect and client-disconnect scripts and try again
Code: Select all
exit 0
-
- OpenVPN Power User
- Posts: 57
- Joined: Fri Apr 15, 2011 12:05 pm
Re: cant authenticate any user after putting client-connect.
i edit and execute the command and that logs keep coming out[root@tic openvpn]# iptables -t nat -A -POSTROUTING -s 10.10.1.0/24 -j SNAT --to xx.xx.xx.xx
iptables: No chain/target/match by that name
[root@tic openvpn]#
i update iptables but no luck.
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: cant authenticate any user after putting client-connect.
the name of the chain is POSTROUTING, not -POSTROUTING
-
- OpenVPN Power User
- Posts: 57
- Joined: Fri Apr 15, 2011 12:05 pm
Re: cant authenticate any user after putting client-connect.
Fri May 20 23:38:49 2011 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 12 2009
Fri May 20 23:38:49 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri May 20 23:38:49 2011 ******* WARNING *******: null cipher specified, no encryption will be used
Fri May 20 23:38:49 2011 LZO compression initialized
Fri May 20 23:38:49 2011 Attempting to establish TCP connection with xxx.xxx.xxx.xxx:80
Fri May 20 23:38:50 2011 TCP connection established with xxx.xxx.xxx.xxx:80
Fri May 20 23:38:50 2011 TCPv4_CLIENT link local: [undef]
Fri May 20 23:38:50 2011 TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:80
Fri May 20 23:38:57 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 20 23:39:06 2011 [server] Peer Connection Initiated with xxx.xxx.xxx.xxx:80
Fri May 20 23:39:09 2011 AUTH: Received AUTH_FAILED control message
still sir no luck
-
- OpenVPN Power User
- Posts: 57
- Joined: Fri Apr 15, 2011 12:05 pm
Re: cant authenticate any user after putting client-connect.
maybe theres something wrong on the script it self.
can anyone tells me what wrong?
thank you
can anyone tells me what wrong?
thank you
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: cant authenticate any user after putting client-connect.
post the client-connect script again - the first version you posted did not contain any iptables rules at all.
-
- OpenVPN Power User
- Posts: 57
- Joined: Fri Apr 15, 2011 12:05 pm
Re: cant authenticate any user after putting client-connect.
i just add exit 0 nothing more#!/bin/sh
logfile="/var/log/openvpn-connections.log"
datetime=`date`
#content=`set`
content=" "
logline="$datetime: user $common_name connected (local
$ifconfig_pool_remote_ip remote $untrusted_ip)"
subject="log vpn: $logline"
echo $logline >> $logfile
echo $content | mail -s "$subject" heriatge@yahoo.com
exit 0
i just copied the script don't know how to implement it properly
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: cant authenticate any user after putting client-connect.
what's in the server log? and what's in the file '/var/log/openvpn-connections.log' on the server?
-
- OpenVPN Power User
- Posts: 57
- Joined: Fri Apr 15, 2011 12:05 pm
Re: cant authenticate any user after putting client-connect.
when i try to use nano commandbe its emptyLast login: Sat May 21 02:56:20 2011 from 10.10.0.6
[root@tigervpn ~]# /var/log/openvpn-connections.log
-bash: /var/log/openvpn-connections.log: No such file or directory
can that be the main problem?
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: cant authenticate any user after putting client-connect.
it most likely means your script never executed - what is in the server log ? did you add 'script-security 2' to your server config and restart it? please read my postings carefully and answer requests for log files, as I won't otherwise be able to help you.