|
|
> > Now change "--tls-verify false" to "--tls-verify true" and both sides > authenticate. > > James > > Thanks James, It works now, I made stupid mistake, in my script i did echo 0, instead exit 0 - I thought I have to send 0 to the standard output, and in fact exit code of the script has to be 0 :) But now I found some other problem. I created certificates for few machines, and I am using tls-verify option to check if the CN inside certificate is ok. In the script I am checking the value of $tls_id_0 enviroment variable. If clients are alowed to authenticate, it works fine. From the moment when first non-authorized client is trying to connect, value of $tls_id_0 does not change any more - for each next proper client my authentication script gets same value for $tls_id_0 which non-authorized client had, and result is that no more clients can establish the connection. After I allow non-authorized client to connect, in that moment $tls_id_0 start getting correct values each time the authentication script is invoked. Also, I noticed that for each connection, tls-verify script is invoked 2 times. Is that normal? Once when disabled client is again allowed to connect, and I connect with some other client, in the first execution of tls-verify script $tls_id_0 is set to the old bad value, and because that disabled client is now alowed to connect, tls-verify script returns 0. In the second execution, $tls_id_0 get correct value from the client which is currently connecting. Looks like a bug? Just to mention that all this is happening without restarting the server, and that I am using beta 9 version. I will compile beta 10 and give it try as well. Hope explanation is not too confusing :) Thanks Vladimir ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |