Erro de plug-in do OpenVPN LDAP

Navegue suas respostas
2

Estou recebendo este erro depois (o que eu acho) de uma autenticação LDAP bem-sucedida: 

No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT).

O que esse erro significa?

Do syslog: 

Jan 28 13:57:58 vmVPN ovpn-server[2774]: MULTI: multi_create_instance called
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Re-using SSL/TLS context
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Local Options hash (VER=V4): '0ddbb6e3'
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Expected Remote Options hash (VER=V4): '2c50bd2c'
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 TLS: Initial packet from [AF_INET]184.151.61.191:58231, sid=7a0e31d7 42a199cf
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 VERIFY OK: depth=1, XXXXX
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 VERIFY OK: depth=0, XXXXX
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 TLS: Username/Password authentication succeeded for username 'ian.seyler' 
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1574'
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 [vpn.XXXXX.com] Peer Connection Initiated with [AF_INET]184.151.61.191:58231
Jan 28 13:58:03 vmVPN ovpn-server[2774]: No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT).
Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=1
Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PLUGIN_CALL: plugin function PLUGIN_CLIENT_CONNECT failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 WARNING: client-connect plugin call failed
Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PUSH: Received control message: 'PUSH_REQUEST'
Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 Delayed exit in 5 seconds
Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 SENT CONTROL [vpn.thalmic.com]: 'AUTH_FAILED' (status=1)
Jan 28 13:58:10 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 SIGTERM[soft,delayed-exit] received, client-instance exiting

Mais detalhes:

Ubuntu Server 12.04.4 x86-64

OpenVPN 2.2.1

Windows 2012 R2 AD

    
por Ian Seyler 28.01.2014 / 20:10

1 resposta

1

O OpenVPN define (ou melhor, deve definir) a variável de ambiente ifconfig_pool_remote_ip para o endereço IP atribuído ao cliente remoto. O erro que você está vendo está vindo do plug-in LDAP não encontrar essa variável de ambiente.

Não está claro para mim por que o OpenVPN pode não estar configurando essa variável, mas suspeito de um bug no OpenVPN. Essa é uma versão bastante antiga e, embora eu não esteja encontrando nenhuma referência específica para problemas com a configuração dessa variável nos changelogs para versões mais novas, eu consideraria tentar uma nova versão.

    
por 28.01.2014 / 20:34

Tags

acesso SSH para centenas de milhares de usuários samba: altera o grupo unix do windows client