OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

[OK] user-pass-verify and chroot?

https://forums.openvpn.net/viewtopic.php?t=10613

Page 1 of 1

[OK] user-pass-verify and chroot?

Posted: Wed May 23, 2012 4:59 pm
by zeycron
Hello,

since I put the "chroot attribute", i get in my server (when a client trie to connect) :

Code: Select all

Wed May 23 16:41:44 2012 us=69473 xx.xx.xx.xx:36345 TLS Auth Error: user-pass-verify script failed to execute: test.sh
Wed May 23 16:41:44 2012 us=69584 xx.xx.xx.xx:36345 TLS Auth Error: Auth Username/Password verification failed for peer

server.conf :

Code: Select all

..
chroot jail
user nobody
group nogroup

username-as-common-name
plugin /usr/lib/openvpn/openvpn-auth-pam.so openvpn
script-security 2
auth-user-pass-verify /etc/openvpn/test.sh via-env
before i put "chroot jail" it was ok.. if i comment the last line it's ok... but i want to check that cn=username with my test.sh :-)

any ideas?

thanks!! (sorry for bad english)



PS : openvpn 2.0 - linux squeeze

Re: user-pass-verify and chroot?

Posted: Fri May 25, 2012 7:51 am
by janjust
after doing

Code: Select all

chroot jail
all scripts need to be present *inside* the jail - is there a directory jail/etc/openvpn etc?

Re: user-pass-verify and chroot?

Posted: Fri May 25, 2012 9:20 am
by zeycron
ok thanks,

i put the script (test.sh) inside the jail : /etc/openvpn/jail/etc/openvpn

and --> chmod -R 777 /etc/openvpn/jail/ :-)

my script is ok (because without "chroot" it's ok) :
#!/bin/sh
if [ $username != $common_name ]
then
echo "ERREUR : username != common_name"
exit 1
fi
echo "IMPEC : username = common_name"
exit 0

same error...

Re: user-pass-verify and chroot?

Posted: Fri May 25, 2012 11:16 am
by janjust
this is more about setting up a chroot jail than openvpn ...
can bash run inside the chroot jail? can you try setting an absolute path for the chroot jail, i.e.

Code: Select all

chroot /etc/openvpn/jail
inside the jail you will need to copy the bash executable and all libs that bash needs.

Re: user-pass-verify and chroot?

Posted: Sun Jun 03, 2012 11:08 am
by zeycron
thanks,

i use : http://wiki.debian.org/Debootstrap to create a environment chrooted

the location of my script is (with crl.pem and the ccd directory) :
/etc/openvpn/jail/etc/openvpn
it's ok! thanks
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/