Using OpenVPN 2.3.6 on Slackware 14.1 and for the most part it looks like I have everything configured properly with the exception of the ccd-exclusive server directive. If I remove that from my server config, I'm able to connect to the server no problems except that I do not get the IP address I want the connecting client to have. If I leave that ccd-exclusive in the server config, I get the following error:
server:
Code:
TLS Auth Error: --client-config-dir authentication failed for common name 'enterprise' file='/etc/openvpn/jail/ccd/enterprise'
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
[enterprise] Peer Connection Initiated with [AF_INET]108.108.108.108:43281
PUSH: Received control message: 'PUSH_REQUEST'
Delayed exit in 5 seconds
SENT CONTROL [enterprise]: 'AUTH_FAILED' (status=1)
SIGTERM[soft,delayed-exit] received, client-instance exiting
client:
Code:
SENT CONTROL [alphaquadrant]: 'PUSH_REQUEST' (status=1)
AUTH: Received control message: AUTH_FAILED
SIGTERM[soft,auth-failure] received, process exiting
I have a file named 'enterprise' located in /etc/openvpn/jail/ccd with the contents:
Code:
iroute 192.168.10.0 255.255.255.0
ifconfig-push 10.10.74.74 255.255.255.0
My server.conf is as follows:
Code:
port 1184
proto udp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/alpha.crt
key /etc/openvpn/keys/alpha.key
dh /etc/openvpn/certs/dh2048.pem
server 10.10.74.0 255.255.255.0
ifconfig-pool-persist /var/log/ipp.txt
push "route 192.168.100.0 255.255.255.0"
push "route 10.10.74.0 255.255.255.0"
client-config-dir /etc/openvpn/jail/ccd
push "redirect-gateway def1 bypass-dhcp"
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/keys/alpha-ta.key 0
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
chroot /etc/openvpn/jail
topology subnet
ccd-exclusive
push "route-metric 20"
push "route 0.0.0.0 0.0.0.0"
askpass /root/vpn.ovpn
auth-nocache
Let me know if there's anything else I can post to aid this!
EDIT: looks like because I'm using the chroot option, the ccd location is no longer available at /etc/openvpn/jail/ccd, but at ccd. I'm not sure if this is the proper way, but I've created a symlink to /etc/openvpn/jail/ccd to /etc/openvpn/ccd.
with that part resolved, I can now connect to the VPN server no problems. only issue now is all things Internet go down!