|
|
On Fri, 1 Jul 2005, Anthony Ewell wrote: > Hi All, > > Help! I think I am loosing my mind! :'( > > I am trying to set up a tunnel (openvpn-2.0-gui-1.0-install.exe) > that asks for a user name and password before enabling the tunnel. > I am using the "secret" option. > > From the on line manual page, I configured > auth-user-pass-verify on the server and auth-user-pass > on the client. I created and tested a perl script > that works in Windows for the auth-user-pass-verify option. > > The tunnel work fine with the auth-user-pass[-verify] options > commented out. > > 1) When I go to fire up the client with auth-user-pass, > the error box tells me: > > Options error: --auth-user-pass requires --pull > > > 2) Okay, so I put the "pull" option in the client config > file. Then it tells me: > > Parameter --pull can only be specified in TLS-mode > > > 3) Okay, so "tls-client" gets stuck in the config file. > Then it tells me that: > > Options error: specify only one of --tls-server, > --tls-client, or --secret" > > > [Editorial comment: AAAAAAHHHHHHHHHHHHHHHHHHH !!!! If > auth-user-pass[-verify] can only be used with > "tls-client/server" and not "--secret", why is it > not documented in the man page ?!?!?] > > > What am I missing; what am I doing wrong? Is there a > better way to get a user name and password prompt? Well if you look at the man page under the "Options" heading, the subheadings are very clearly arranged according to mode, e.g. client mode, server mode, TLS mode, etc. Rather than having explicit text for each command description saying "this command only works in server mode", all the server-mode-only commands are arranged under the server heading. There's also a fair amount of code that does options sanity checking to let you know when you're using options together which are incompatible or which require code that hasn't been written yet in order to be compatible. In your example above, it wasn't as direct as it could have been, mostly because it would be a lot more coding work to anticipate all of the direct mappings between options requirements, rather than merely saying "A requires B" and "B requires C", and let the user connect the dots and see that A requires C. Perhaps the static key mode documentation needs more emphasis on the limitations of the mode. Static-key mode is designed for pure stateless tunnels, where there is no handshake or key negotiation or push/pull exchange of configuration info. All of the configuration info necessary to begin each side of the tunnel must exist in static form before the OpenVPN daemon is started. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |