auth-script-openvpn
auth-script-openvpn copied to clipboard
fac
child exists with status 2
Hi,
no matter what I do, where I place the script I'm always getting "exit status 2".
System: Oracle Linux 8.1 (Selinux disabled) OpenVPN: 2.4.8
10.10.10.10:59549 PLUGIN_CALL: PRE type=PLUGIN_AUTH_USER_PASS_VERIFY
10.10.10.10:59549 ARGV[0] = '/lib64/openvpn/plugins/openvpn-plugin-auth-script.so'
10.10.10.10:59549 ENVP[0] = 'auth_control_file=/tmp/openvpn_acf_44f1c1f2166e154e656d559c30225d72.tmp'
10.10.10.10:59549 ENVP[1] = 'untrusted_port=59549'
10.10.10.10:59549 ENVP[2] = 'untrusted_ip=10.10.10.10'
10.10.10.10:59549 ENVP[4] = 'username=mysecretuser'
10.10.10.10:59549 ENVP[5] = 'IV_GUI_VER=OpenVPN_GUI_11'
10.10.10.10:59549 ENVP[6] = 'IV_TCPNL=1'
10.10.10.10:59549 ENVP[7] = 'IV_COMP_STUBv2=1'
10.10.10.10:59549 ENVP[8] = 'IV_COMP_STUB=1'
10.10.10.10:59549 ENVP[9] = 'IV_LZO=1'
10.10.10.10:59549 ENVP[10] = 'IV_LZ4v2=1'
10.10.10.10:59549 ENVP[11] = 'IV_LZ4=1'
10.10.10.10:59549 ENVP[12] = 'IV_NCP=2'
10.10.10.10:59549 ENVP[13] = 'IV_PROTO=2'
10.10.10.10:59549 ENVP[14] = 'IV_PLAT=win'
10.10.10.10:59549 ENVP[15] = 'IV_VER=2.4.8'
10.10.10.10:59549 ENVP[16] = 'remote_port_1=443'
10.10.10.10:59549 ENVP[17] = 'local_port_1=443'
10.10.10.10:59549 ENVP[18] = 'proto_1=tcp-server'
10.10.10.10:59549 ENVP[19] = 'daemon_pid=5588'
10.10.10.10:59549 ENVP[20] = 'daemon_start_time=1584123802'
10.10.10.10:59549 ENVP[21] = 'daemon_log_redirect=1'
10.10.10.10:59549 ENVP[22] = 'daemon=0'
10.10.10.10:59549 ENVP[23] = 'verb=7'
10.10.10.10:59549 ENVP[24] = 'config=server.conf'
10.10.10.10:59549 ENVP[25] = 'script_context=init'
10.10.10.10:59549 ENVP[26] = 'tun_mtu=1500'
10.10.10.10:59549 ENVP[27] = 'link_mtu=1655'
10.10.10.10:59549 ENVP[28] = 'dev=tap0'
10.10.10.10:59549 ENVP[29] = 'dev_type=tap'
10.10.10.10:59549 ENVP[30] = 'redirect_gateway=0'
PLUGIN auth-script: FUNC: openvpn_plugin_func_v3
PLUGIN auth-script: Handling auth with deferred script
PLUGIN auth-script: Deferred handler using script_path=/tmp/ovpn-auth-script
PLUGIN auth-script: child pid is 5607
10.10.10.10:59549 PKCS#11: Terminating openssl
10.10.10.10:59549 PKCS#11: Removing providers
10.10.10.10:59549 PKCS#11: Releasing sessions
10.10.10.10:59549 PKCS#11: Terminating slotevent
10.10.10.10:59549 PKCS#11: Marking as uninitialized
PLUGIN auth-script: child pid 5607 exited with status 2
10.10.10.10:59549 PLUGIN_CALL: POST /lib64/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
I've tried it with a simpla bash script (placed in /tmp or /usr/local/bin):
#!/bin/bash
echo "Running: " > /tmp/openvpn-sciprt-auth-test.viper
exit 0
And also with a simple perl:
#!/bin/perl
use strict;
use warnings;
my $filename = '/tmp/report.txt';
open(my $fh, '>', $filename) or die "Could not open file '$filename' $!";
print $fh "My first report generated by perl\n";
close $fh;
Both script runs ok, if I run them manually. It does not matter either if openvpn runs under root or special user. Path is always correct (verified with copy-paste).
What can be the matter?
Hi V1pr,
I had the same problem and it took me a while to understand how the plugin works.
The exit code 0 doesn't do anything, you have to write 0 or 1 to the auth_control_file in /tmp/ folder.
See below an example of external bash script working with radius.
#!/bin/bash
username=
printenv | grep username | awk -F"=" {'print $2'}password=printenv | grep password | awk -F"=" {'print $2'}control=printenv | grep auth_control_file | awk -F"=" {'print $2'}radius_secret='radius-secret-key'echo "User-Name="$username",User-Password="$password",Framed-Protocol=PPP" | radclient radius-server:1812 auth $radius_secret
if [ $? -eq 0 ]; then echo "1" > $control else echo "0" > $control fi
exit 0
I have tested this plugin with above script on Ubuntu 18.04 + OpenVPN 2.4 .
