我得到这个错误后(我认为是)成功的LDAP身份validation:
No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT). 这个错误是什么意思?
从系统日志:
Jan 28 13:57:58 vmVPN ovpn-server[2774]: MULTI: multi_create_instance called Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Re-using SSL/TLS context Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ] Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ] Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Local Options hash (VER=V4): '0ddbb6e3' Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Expected Remote Options hash (VER=V4): '2c50bd2c' Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 TLS: Initial packet from [AF_INET]184.151.61.191:58231, sid=7a0e31d7 42a199cf Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 VERIFY OK: depth=1, XXXXX Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 VERIFY OK: depth=0, XXXXX Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0 Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 TLS: Username/Password authentication succeeded for username 'ian.seyler' Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1574' Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 [vpn.XXXXX.com] Peer Connection Initiated with [AF_INET]184.151.61.191:58231 Jan 28 13:58:03 vmVPN ovpn-server[2774]: No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT). Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=1 Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PLUGIN_CALL: plugin function PLUGIN_CLIENT_CONNECT failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 WARNING: client-connect plugin call failed Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PUSH: Received control message: 'PUSH_REQUEST' Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 Delayed exit in 5 seconds Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 SENT CONTROL [vpn.thalmic.com]: 'AUTH_FAILED' (status=1) Jan 28 13:58:10 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 SIGTERM[soft,delayed-exit] received, client-instance exiting
更多细节:
Ubuntu服务器12.04.4 x86-64
OpenVPN 2.2.1
Windows 2012 R2 AD
OpenVPN将ifconfig_pool_remote_ip环境variables设置为(或者相反,应该设置)分配给远程客户端的IP地址。 您看到的错误来自LDAP插件未能find此环境variables。
我不清楚为什么OpenVPN可能不会设置这个variables,但我怀疑在OpenVPN的一个错误。 这是一个相当老的版本,虽然我没有find任何具体的引用问题,在更新版本的更改日志中设置该variables,我会考虑尝试一个新的版本。