How to use PowerShell or VBS script on Windows for tls-verify

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
DeadPool
OpenVpn Newbie
Posts: 4
Joined: Wed May 24, 2023 5:26 am

How to use PowerShell or VBS script on Windows for tls-verify

Post by DeadPool » Wed May 24, 2023 5:57 am

Hi, all.
I have an OpenVPN server on windows. And it works normally.
But now i need to integrate special OID check. I know, that there is no such check in OpenVPN server, but i know that it could start a script during the client connect by using tls-verify function. So i want to use PowerShell or VBS script to make this check.
But when i try to use tls-verify

Code: Select all

tls-verify 'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -File C:\\Program\ Files\\OpenVPN\\ssl\\check_cert.ps1'
OR

Code: Select all

tls-verify 'C:\\Windows\\System32\\wscript.exe C:\\Program\ Files\\OpenVPN\\ssl\\test.vbs'
I get this error on connection:

Code: Select all

2023-05-24 08:48:40 us=656000 client_ip:65264 UDPv4 READ [327] from [AF_INET]client_ip:65264: P_CONTROL_V1 kid=0 [ 2235288690 113480254 2535309037 1873955056 2300991625 2533325841 593398453 394794240 2916 1839545856 6 3375258123 4000241856 3628720822 1275172882 2785250305 755166229 683691368 2779059848 2910518607 1313321436 3283092950 3685897126 4
2023-05-24 08:48:40 us=656000 client_ip:65264 TLS Error: Unroutable control packet received from [AF_INET]client_ip:65264 (si=3 op=P_CONTROL_V1)
At this time there is nothing in scripts. They just return 0 or 1 for test:
VBS:

Code: Select all

WScript.Quit(0)
PowerShell:

Code: Select all

Write-Host 0
Without tls-verify in config - connection works well!

So the question is: is it possible to use VBS or PowerShell script to do some custom checks on tls-verify step, and what should script return?

DeadPool
OpenVpn Newbie
Posts: 4
Joined: Wed May 24, 2023 5:26 am

Re: How to use PowerShell or VBS script on Windows for tls-verify

Post by DeadPool » Fri Jun 23, 2023 9:25 am

So... no one can help me with this?! What this forum is for?! Useless.... I just occasionally found, that everything i should do is to add "script-security 2" in server configuration....
The solution was so easy.... for OpenVPN gurus and could be resolved with just one question "Did you add script-security 2 in server config?"
:facepalm:

Post Reply