LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-16-2015, 09:26 PM   #1
dimm0k
Member
 
Registered: May 2008
Location: Brooklyn ZOO
Distribution: Slackware64 14.2
Posts: 569

Rep: Reputation: 56
OpenVPN & ccd-exclusive not working


Using OpenVPN 2.3.6 on Slackware 14.1 and for the most part it looks like I have everything configured properly with the exception of the ccd-exclusive server directive. If I remove that from my server config, I'm able to connect to the server no problems except that I do not get the IP address I want the connecting client to have. If I leave that ccd-exclusive in the server config, I get the following error:

server:
Code:
TLS Auth Error: --client-config-dir authentication failed for common name 'enterprise' file='/etc/openvpn/jail/ccd/enterprise'
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
[enterprise] Peer Connection Initiated with [AF_INET]108.108.108.108:43281
PUSH: Received control message: 'PUSH_REQUEST'
Delayed exit in 5 seconds
SENT CONTROL [enterprise]: 'AUTH_FAILED' (status=1)
SIGTERM[soft,delayed-exit] received, client-instance exiting
client:
Code:
SENT CONTROL [alphaquadrant]: 'PUSH_REQUEST' (status=1)
AUTH: Received control message: AUTH_FAILED
SIGTERM[soft,auth-failure] received, process exiting
I have a file named 'enterprise' located in /etc/openvpn/jail/ccd with the contents:
Code:
iroute 192.168.10.0 255.255.255.0
ifconfig-push 10.10.74.74 255.255.255.0
My server.conf is as follows:
Code:
port 1184
proto udp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/alpha.crt
key /etc/openvpn/keys/alpha.key
dh /etc/openvpn/certs/dh2048.pem
server 10.10.74.0 255.255.255.0
ifconfig-pool-persist /var/log/ipp.txt
push "route 192.168.100.0 255.255.255.0"
push "route 10.10.74.0 255.255.255.0"
client-config-dir /etc/openvpn/jail/ccd
push "redirect-gateway def1 bypass-dhcp"
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/keys/alpha-ta.key 0
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
chroot /etc/openvpn/jail
topology subnet

ccd-exclusive
push "route-metric 20"
push "route 0.0.0.0 0.0.0.0"

askpass /root/vpn.ovpn
auth-nocache
Let me know if there's anything else I can post to aid this!



EDIT: looks like because I'm using the chroot option, the ccd location is no longer available at /etc/openvpn/jail/ccd, but at ccd. I'm not sure if this is the proper way, but I've created a symlink to /etc/openvpn/jail/ccd to /etc/openvpn/ccd.

with that part resolved, I can now connect to the VPN server no problems. only issue now is all things Internet go down!

Last edited by dimm0k; 08-16-2015 at 10:20 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Question regarding openvpn and ccd munkz Linux - Networking 2 11-03-2013 01:29 PM
OpenVPN assigning public & static IPs to pcs/devices behind an OpenVPN client dgonzalezh Linux - Networking 6 07-18-2010 09:50 AM
LXer: Exclusive Q&A: Linus Torvalds LXer Syndicated Linux News 0 08-20-2006 03:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration