OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

[Solved] Need help with tls-crypt-v2-verify and chroot.

https://forums.openvpn.net/viewtopic.php?t=41747

Page 1 of 1

[Solved] Need help with tls-crypt-v2-verify and chroot.

Posted: Wed Dec 06, 2023 9:41 pm
by Kalibri
Can't seem to set up tls-crypt-v2-verify metacheck while chroot jail is on.
If i comment out chroot jail everything is ok, but with it I get:
2023-12-06 xx:xx:xx us=525116 xxx.xxx.xxx.xxx:xxxxx WARNING: Failed running command (--tls-crypt-v2-verify): could not execute external program
File metacheck is simple script just to make this work.

#!/bin/bash
echo "######### WORKS #########"
exit 0

I've placed metacheck file in /etc/openvpn/ and in /etc/openvpn/jail/ folders.
Did chmod -R 777 /etc/openvpn while testing.

Server Config Snip

chroot jail
tls-crypt-v2-verify metacheck
script-security 2

Re: Need help with tls-crypt-v2-verify and chroot.

Posted: Thu Dec 07, 2023 7:46 pm
by Kalibri
Found solution.

Openvpn needs bash binary inside chroot folder to run custom scripts.
Thought openvpn copies /bin/bash by itself to chroot folder, but i was wrong. So i had to copy it myself.

1. Copy bash binary to chroot/path/bin/.
2. Find required libraries with ldd /bin/bash and add them to chroot folder.
3. Check if you can chroot into folder with chroot path/to/folder.

Afterwards if permissions and script is ok, it should work.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/