歡迎您光臨本站 註冊首頁

嘗試 openvpn + radius + mysql 的時候伺服器端測試沒有問題,但客戶端驗證失敗

有下面這些提示,有朋友遇到過嗎?

Wed Apr  2 23:44:16 2008 us=226166 MULTI: multi_create_instance called
Wed Apr  2 23:44:16 2008 us=226295 Re-using SSL/TLS context
Wed Apr  2 23:44:16 2008 us=226359 LZO compression initialized
Wed Apr  2 23:44:16 2008 us=226586 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Apr  2 23:44:16 2008 us=226617 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Apr  2 23:44:16 2008 us=226683 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Apr  2 23:44:16 2008 us=226698 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Apr  2 23:44:16 2008 us=226775 Local Options hash (VER=V4): '3c14feac'
Wed Apr  2 23:44:16 2008 us=226798 Expected Remote Options hash (VER=V4): 'e39a3273'
Wed Apr  2 23:44:16 2008 us=226835 TCP connection established with 124.163.165.232:2167
Wed Apr  2 23:44:16 2008 us=226853 Socket Buffers: R= S=
Wed Apr  2 23:44:16 2008 us=226870 TCPv4_SERVER link local:
Wed Apr  2 23:44:16 2008 us=226884 TCPv4_SERVER link remote: 124.163.165.232:2167
RWed Apr  2 23:44:16 2008 us=227106 124.163.165.232:2167 TLS: Initial packet from 124.163.165.232:2167, sid=12b3a26f 6c5aa505
WRRWWWWRWRWRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWed Apr  2 23:44:16 2008 us=841182 124.163.165.232:2167 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Wed Apr  2 23:44:16 2008 us=841209 124.163.165.232:2167 TLS Error: TLS object -> incoming plaintext read error
Wed Apr  2 23:44:16 2008 us=841225 124.163.165.232:2167 TLS Error: TLS handshake failed
Wed Apr  2 23:44:16 2008 us=841339 124.163.165.232:2167 Fatal TLS error (check_tls_errors_co), restarting
Wed Apr  2 23:44:16 2008 us=841356 124.163.165.232:2167 SIGUSR1 received, client-instance restarting
Wed Apr  2 23:44:16 2008 us=841403 TCP/UDP: Closing socket
《解決方案》

看到有個國外的貼子說可能是證書的問題,但我的證書應該沒有問題,之前採用證書驗證是通過的
我的配置參考了下面這個貼子
http://blog.chinaunix.net/u1/36506/showart_457803.html
《解決方案》

我也測試過遇到同樣的問題,freeradius的debug裡面顯示驗證成功了,openvpn客戶端就是不能通過。
採用的是radiusplugin.so
參考:
http://www.chinaunix.net/jh/50/981672.html

[ 本帖最後由 kaile 於 2008-4-3 10:02 編輯 ]
《解決方案》

還是沒能解決,各位高手有何指點?
《解決方案》

今天再次折騰一番終於搞定了
----------------------------
Sat Apr  5 00:51:15 2008 OpenVPN 2.0.9 i686-pc-linux built on Apr  5 2008
Sat Apr  5 00:51:15 2008 MANAGEMENT: TCP Socket listening on 127.0.0.1:7505
RADIUS-PLUGIN: Configfile name: /root/openvpn/radiusplugin.cnf .
Sat Apr  5 00:51:15 2008 PLUGIN_INIT: POST /root/radiusplugin_v2.0b/radiusplugin.so '/root/openvpn/radiusplugin.cnf' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT
Sat Apr  5 00:51:15 2008 Diffie-Hellman initialized with 1024 bit key
Sat Apr  5 00:51:15 2008 WARNING: This configuration may accept clients which do not present a certificate
Sat Apr  5 00:51:15 2008 Control Channel Authentication: using '/root/openvpn/ssl/ta.key' as a OpenVPN static key file
Sat Apr  5 00:51:15 2008 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr  5 00:51:15 2008 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr  5 00:51:15 2008 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Apr  5 00:51:15 2008 TUN/TAP device tun0 opened
Sat Apr  5 00:51:15 2008 /sbin/ifconfig tun0 10.14.0.1 pointopoint 10.14.0.2 mtu 1500
Sat Apr  5 00:51:15 2008 /sbin/route add -net 10.14.0.0 netmask 255.255.0.0 gw 10.14.0.2
Sat Apr  5 00:51:15 2008 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr  5 00:51:15 2008 UDPv4 link local (bound): :1194
Sat Apr  5 00:51:15 2008 UDPv4 link remote:
Sat Apr  5 00:51:15 2008 MULTI: multi_init called, r=256 v=256
Sat Apr  5 00:51:15 2008 IFCONFIG POOL: base=10.14.0.4 size=16382
Sat Apr  5 00:51:15 2008 Initialization Sequence Completed
《解決方案》

前陣我的也是這樣,最後倒置的竟然好了

但是當時沒記下錯誤
《解決方案》

檢查協議,地址
《解決方案》

原帖由 kaile 於 2008-4-15 14:35 發表 http://bbs.chinaunix.net/images/common/back.gif
今天再次折騰一番終於搞定了
----------------------------
Sat Apr  5 00:51:15 2008 OpenVPN 2.0.9 i686-pc-linux built on Apr  5 2008
Sat Apr  5 00:51:15 2008 MANAGEMENT: TCP S ...
怎麼折騰的?

[火星人 ] 嘗試 openvpn + radius + mysql 的時候伺服器端測試沒有問題,但客戶端驗證失敗已經有538次圍觀

http://coctec.com/docs/service/show-post-30314.html