OpenVPN авторизация по логину и паролю

[Dark Smoke]

Добрый день
Ну не как не могу побороть авторизацию, помогите пожалуйста, где то косячу Все время не не прохожу авторизацию.
openvpn.conf

Код: [Выделить]

port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/vpn-server.crt
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 192.168.254.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log         /var/log/openvpn.log
verb 3
explicit-exit-notify 1
client-cert-not-required
auth-user-pass-verify "/usr/local/etc/openvpn/verify.sh /usr/local/etc/openvpn/user.pass" via-fileclient.conf

Код: [Выделить]

dev tun
proto udp
remote mail.delta.in.ua 1194
resolv-retry infinite
nobind
keepalive 10 120
comp-lzo
;user nobody
;group nobody
persist-key
persist-tun
;ca ca.crt
;cert client.crt
;key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
tls-client
;push "dhcp-option DNS 192.168.1.250"
;auth MD5
auth-user-passverify.sh

Код: [Выделить]

#!/bin/sh

# Config parameters

conf="/usr/local/etc/openvpn/user.pass"
logfile="/var/log/ovpnauth.log"

# End of config parameters

if [ "$1" = "" ] || [ "$1" = "help" ]
then
    echo "ovpnauth.sh v0.1 - OpenVPN sh authentication script with simple user db"
    echo "                   for use withauth-user-pass-verify via-file option"
    echo ""
    echo "help - prints help"
    echo "md5 password - to compute password md5 checksum"
    exit 1
fi

md5(){
        echo "$1.`uname -n`" > /tmp/$$.md5calc
        sum="`md5sum /tmp/$$.md5calc | awk '{print $1}'`"
        rm /tmp/$$.md5calc
        echo "$sum"
}

if [ "$1" = "md5" ]
then
        echo `md5 $2`
    exit 1
fi

log(){
    echo "`date +'%m/%d/%y %H:%M'` - $1" >> $logfile
}

logenv(){
    enviroment="`env | awk '{printf "%s ", $0}'`"
    echo "`date +'%m/%d/%y %H:%M'` - $enviroment" >> $logfile
}

envr="`echo `env``"
userpass=`cat $1`
username=`echo $userpass | awk '{print $1}'`
password=`echo $userpass | awk '{print $2}'`

# computing password md5
password=`md5 $password`
userpass=`cat $conf | grep $username= | awk -F= '{print $2}'`

if [ "$password" = "$userpass" ]
then
    log "OpenVPN authentication successfull: $username"
    logenv
    exit 0
fi

log "OpenVPN authentication failed"
log `cat $1`
logenv
exit 1Файл с паролями

Код: [Выделить]

username=MD5 passЛоги сервер

==> /var/log/openvpn.log <==
Mon Sep 18 00:04:13 2017 46.98.240.199 TLS: Initial packet from [AF_INET6]::ffff:46.98.240.199:37958, sid=fd962e72 3ebaa2cd
Mon Sep 18 00:04:13 2017 46.98.240.199 peer info: IV_VER=2.3.17
Mon Sep 18 00:04:13 2017 46.98.240.199 peer info: IV_PLAT=linux
Mon Sep 18 00:04:13 2017 46.98.240.199 peer info: IV_PROTO=2
Mon Sep 18 00:04:13 2017 46.98.240.199 WARNING: External program may not be called unless '--script-security 2' or higher is enabled. See --help text or man page for detailed info.
Mon Sep 18 00:04:13 2017 46.98.240.199 WARNING: Failed running command (--auth-user-pass-verify): external program fork failed
Mon Sep 18 00:04:13 2017 46.98.240.199 TLS Auth Error: Auth Username/Password verification failed for peer
Mon Sep 18 00:04:13 2017 46.98.240.199 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384
Mon Sep 18 00:04:13 2017 46.98.240.199 Peer Connection Initiated with [AF_INET6]::ffff:46.98.240.199:37958
Mon Sep 18 00:04:16 2017 46.98.240.199 PUSH: Received control message: 'PUSH_REQUEST'
Mon Sep 18 00:04:16 2017 46.98.240.199 Delayed exit in 5 seconds
Mon Sep 18 00:04:16 2017 46.98.240.199 SENT CONTROL [UNDEF]: 'AUTH_FAILED' (status=1)
Mon Sep 18 00:04:21 2017 46.98.240.199 SIGTERM[soft,delayed-exit] received, client-instance exiting

Логи клиента

Mon Sep 18 00:04:22 2017 OpenVPN 2.3.17 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 20 2017
Mon Sep 18 00:04:22 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Enter Auth Username: ****
Enter Auth Password: ****
Mon Sep 18 00:04:25 2017 Control Channel Authentication: tls-auth using INLINE static key file
Mon Sep 18 00:04:25 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 18 00:04:25 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 18 00:04:25 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Sep 18 00:04:25 2017 UDPv4 link local: [undef]
Mon Sep 18 00:04:25 2017 UDPv4 link remote: [AF_INET]195.248.184.7:1194
Mon Sep 18 00:04:25 2017 TLS: Initial packet from [AF_INET]195.248.184.7:1194, sid=f32c6ae4 a55eb273
Mon Sep 18 00:04:25 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 18 00:04:25 2017 VERIFY OK: depth=1, CN=Easy-RSA CA
Mon Sep 18 00:04:25 2017 Validating certificate key usage
Mon Sep 18 00:04:25 2017 ++ Certificate has key usage 00a0, expects 00a0
Mon Sep 18 00:04:25 2017 VERIFY KU OK
Mon Sep 18 00:04:25 2017 Validating certificate extended key usage
Mon Sep 18 00:04:25 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Sep 18 00:04:25 2017 VERIFY EKU OK
Mon Sep 18 00:04:25 2017 VERIFY OK: depth=0, CN=vpn-server
Mon Sep 18 00:04:25 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Sep 18 00:04:25 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 18 00:04:25 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Sep 18 00:04:25 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 18 00:04:25 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Sep 18 00:04:25 2017 [vpn-server] Peer Connection Initiated with [AF_INET]195.248.184.7:1194
Mon Sep 18 00:04:28 2017 SENT CONTROL [vpn-server]: 'PUSH_REQUEST' (status=1)
Mon Sep 18 00:04:28 2017 AUTH: Received control message: AUTH_FAILED
Mon Sep 18 00:04:28 2017 SIGTERM[soft,auth-failure] received, process exiting

Пользователь добавил сообщение 18 Сентября 2017, 23:55:30:Крутил крутил и докрутился до такой ошибки на сервере

Mon Sep 18 23:54:03 2017 178.215.168.56 TLS: Initial packet from [AF_INET6]::ffff:178.215.168.56:47298, sid=5ea9a366 0877fc79
Mon Sep 18 23:54:03 2017 178.215.168.56 OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Mon Sep 18 23:54:03 2017 178.215.168.56 TLS_ERROR: BIO read tls_read_plaintext error
Mon Sep 18 23:54:03 2017 178.215.168.56 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 18 23:54:03 2017 178.215.168.56 TLS Error: TLS handshake failed
Mon Sep 18 23:54:03 2017 178.215.168.56 SIGUSR1[soft,tls-error] received, client-instance restarting

на клиенте

Enter Auth Username: ****
Enter Auth Password: ****
Mon Sep 18 23:54:15 2017 Control Channel Authentication: tls-auth using INLINE static key file
Mon Sep 18 23:54:15 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 18 23:54:15 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 18 23:54:15 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Sep 18 23:54:15 2017 UDPv4 link local: [undef]
Mon Sep 18 23:54:15 2017 UDPv4 link remote: [AF_INET]195.248.184.7:1194
Mon Sep 18 23:54:15 2017 TLS: Initial packet from [AF_INET]195.248.184.7:1194, sid=8269d796 14d82ee4
Mon Sep 18 23:54:15 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 18 23:54:15 2017 VERIFY OK: depth=1, CN=Easy-RSA CA
Mon Sep 18 23:54:15 2017 Validating certificate key usage
Mon Sep 18 23:54:15 2017 ++ Certificate has key usage  00a0, expects 00a0
Mon Sep 18 23:54:15 2017 VERIFY KU OK
Mon Sep 18 23:54:15 2017 Validating certificate extended key usage
Mon Sep 18 23:54:15 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Sep 18 23:54:15 2017 VERIFY EKU OK
Mon Sep 18 23:54:15 2017 VERIFY OK: depth=0, CN=vpn-server
^CMon Sep 18 23:54:36 2017 event_wait : Interrupted system call (code=4)
Mon Sep 18 23:54:36 2017 SIGINT[hard,] received, process exiting

(Нажмите, чтобы показать/скрыть)

Спустя прошедшее с момента создания темы на форуме время (месяцев: 29) приходится признать, что она не вызвала отклика у форумчан. Ввиду отсутствия ответов, по состоянию на 25/02/2020 модератором раздела принято решение тему закрыть.

Закрыто
   --zg_nico