Bug #3596
closed
OpenVPN being passed bad arguments
Added by Anonymous about 10 years ago.
Updated about 10 years ago.
Category:
VPN (Multiple Types)
Description
Basic OpenVPN configuration (Remote Access SSL/TLS) yields the following result in system log:
openvpn34830: Options error: the --tls-verify directive should have at most 1 parameter. To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").
Disabling TLS auth has no effect, changing to Remote Access User Auth causes it to become this:
openvpn53828: Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").
What arguments does it have after those parameters in the conf file?
I pulled this from /var/etc/openvpn/server1.conf:
tls-verify /usr/local/sbin/ovpn_auth_verify tls 'gateway.domain.com' 1 via-env
If I place everything after 'tls-verify' in double quotes and try to start the service, I get as far as this:
Apr 11 05:04:39 openvpn[23401]: OpenVPN 2.3.2 amd64-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
Apr 11 05:04:39 openvpn[23401]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 11 05:04:40 openvpn[23401]: TUN/TAP device /dev/tun1 opened
Apr 11 05:04:40 openvpn[23401]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 11 05:04:40 openvpn[23401]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
Apr 11 05:04:40 openvpn[23401]: FreeBSD ifconfig failed: external program exited with error status: 1
Apr 11 05:04:40 openvpn[23401]: Exiting due to fatal error
ifconfig's issue is that the interface 'ovpns1' doesn't exist. Weird.
I guess this is an entirely different problem. Has there been a major change to OpenVPN with the migration to 10?
- Status changed from New to Resolved
Confirmed fixed on current code (snap+gitsync), no error and the process is running. Interface is there also.
Confirmed working here also.
Also available in: Atom
PDF
Updated by 
Updated by