==================================================================
Please DO NOT REPLY to this mail or send email to the developers
about this bug. Please follow-up to Bugzilla using this link:
http://bugs.contribs.org/show_bug.cgi?id=5060
Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ
Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==================================================================
--- Comment #13 from tim nash <[email protected]> 2009-03-12 11:20:34 ---
I have updated to 2.0-18 and would confirm issues with the plugin and log
location now appear fixed. I did have some problem with the phpki certificates
not working even though the server manager panel for openvpn said Certificates
were ready. The log was giving an error to do with the private key password. I
had created a server openvpn certificate in phpki wiht a password. I tried to
revoke and reissue the certificate without a password but the phpki interface
never returned from the comit process. I tried this twice and have subsequently
found two openssl processes that have been running all day and pushing cpu to
100%.
I eventually revoked the original certificate and created a new one, without a
password. The first was also an openvpn server, and the second an openvpn
server and client. Not sure if this matters - perhaps the wiki needs to be
clearer on what type of certificate to create and whether a password is
allowed. The new certificate now works, although the openvpn-bridge/current
logs fill with a lot of noise and have been logrotating all day, one about
every 7 minutes. The logs are full of current parameter settings, ending with
Thu Mar 12 16:10:45 2009 us=36150 OpenVPN 2.1_rc15 i386-redhat-linux-gnu [SSL]
[LZO1] [EPOLL] built on Nov 30 2008
Thu Mar 12 16:10:45 2009 us=36848 MANAGEMENT: TCP Socket listening on
127.0.0.1:11194
Thu Mar 12 16:10:45 2009 us=36921 NOTE: when bridging your LAN adapter with the
TAP adapter, note that the new bridge adapter will often take on its own IP
address that is different from what the LAN adapter was previously set to
Thu Mar 12 16:10:45 2009 us=37046 NOTE: OpenVPN 2.1 requires '--script-security
2' or higher to call user-defined scripts or executables
AUTH-PAM: BACKGROUND: INIT service='login'
Thu Mar 12 16:10:45 2009 us=37604 PLUGIN_INIT: POST
/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so
'[/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so] [login]'
intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Thu Mar 12 16:10:45 2009 us=46690 Diffie-Hellman initialized with 1024 bit key
Thu Mar 12 16:10:45 2009 us=47089 WARNING: file 'priv/key.pem' is group or
others accessible
Thu Mar 12 16:10:45 2009 us=47872 WARNING: file 'priv/takey.pem' is group or
others accessible
Thu Mar 12 16:10:45 2009 us=47908 Control Channel Authentication: using
'priv/takey.pem' as a OpenVPN static key file
Thu Mar 12 16:10:45 2009 us=47949 Outgoing Control Channel Authentication:
Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 12 16:10:45 2009 us=47984 Incoming Control Channel Authentication:
Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 12 16:10:45 2009 us=48032 TLS-Auth MTU parms [ L:1574 D:166 EF:66 EB:0
ET:0 EL:0 ]
Thu Mar 12 16:10:45 2009 us=48114 TCP/UDP: Socket bind failed on local address
[undef]:1194: Address already in use
Thu Mar 12 16:10:45 2009 us=48145 Exiting
AUTH-PAM: BACKGROUND: received command code: 1
AUTH-PAM: BACKGROUND: EXIT
and then starting all over again with the current parameters. This occurs ever
couple of seconds. I assume udp 1194 is already being used by some process but
I haven't found what yet - any ideas where to look.
Apart from that all looks good, although I still haven't been able to test an
actual connection yet. Will hopefully get an opportunity later.
--
Configure bugmail: http://bugs.contribs.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at http://lists.contribs.org/mailman/public/contribteam
