Project

General

Profile

Bug #3596

OpenVPN being passed bad arguments

Added by Anonymous over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
VPN
Target version:
Start date:
04/10/2014
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.2
Affected Architecture:

Description

Basic OpenVPN configuration (Remote Access SSL/TLS) yields the following result in system log:

openvpn34830: Options error: the --tls-verify directive should have at most 1 parameter. To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").

Disabling TLS auth has no effect, changing to Remote Access User Auth causes it to become this:

openvpn53828: Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").

Associated revisions

Revision db45bc68 (diff)
Added by Chris Buechler over 4 years ago

tls-verify requires quotes around the command to be executed. Ticket #3596

Revision d471a890 (diff)
Added by Chris Buechler over 4 years ago

tls-verify requires quotes around the command to be executed. Ticket #3596

History

#1 Updated by Chris Buechler over 4 years ago

What arguments does it have after those parameters in the conf file?

#2 Updated by Anonymous over 4 years ago

I pulled this from /var/etc/openvpn/server1.conf:

tls-verify /usr/local/sbin/ovpn_auth_verify tls 'gateway.domain.com' 1 via-env

If I place everything after 'tls-verify' in double quotes and try to start the service, I get as far as this:

Apr 11 05:04:39    openvpn[23401]: OpenVPN 2.3.2 amd64-portbld-freebsd10.0 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Mar 19 2014
Apr 11 05:04:39    openvpn[23401]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 11 05:04:40    openvpn[23401]: TUN/TAP device /dev/tun1 opened
Apr 11 05:04:40    openvpn[23401]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 11 05:04:40    openvpn[23401]: /sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
Apr 11 05:04:40    openvpn[23401]: FreeBSD ifconfig failed: external program exited with error status: 1
Apr 11 05:04:40    openvpn[23401]: Exiting due to fatal error

ifconfig's issue is that the interface 'ovpns1' doesn't exist. Weird.

I guess this is an entirely different problem. Has there been a major change to OpenVPN with the migration to 10?

#3 Updated by Jim Pingle over 4 years ago

  • Status changed from New to Resolved

Confirmed fixed on current code (snap+gitsync), no error and the process is running. Interface is there also.

#4 Updated by Anonymous over 4 years ago

Confirmed working here also.

Also available in: Atom PDF