Client/Server question for client.zip and error client

Question

Client/Server question for client.zip and error client

Opened this issue 4 years ago · 1 comments

My playbook is:

- hosts: openvpn
  become: "{{ become | default('yes') }}"
  roles:
    - Stouts.openvpn
    - nkakouros.easyrsa
  vars:
    # EasyRSA
    easyrsa_generate_dh: true
    easyrsa_replace_pki: true
    easyrsa_conf_req_country: IT
    easyrsa_conf_req_province: "MT"
    easyrsa_conf_req_city: "Matera"
    easyrsa_conf_req_org: "Ninux"
    easyrsa_conf_req_email: "admin@basilicata.ninux.org"
    easyrsa_conf_req_ou: "Ninux Basilicata"
    easyrsa_conf_req_cn: "basilicata.ninux.org"
    easyrsa_servers:
      - name: server
    easyrsa_clients:
      - name: dns01
      - name: dns02
      - name: mobile-mikytux
    easyrsa_pki_dir: /etc/easyrsa/pki
    # Stouts.openvpn
    openvpn_net: 10.27.253
    openvpn_keydir: "{{ easyrsa_pki_dir }}"
    openvpn_clients: "{{ easyrsa_clients | map(attribute='name') | list }}"
    openvpn_download_dir: /tmp/
    openvpn_ccd_configs:
      - name: dns01
        content: |
          ifconfig-push "{{ openvpn_net }}.2 255.255.255.0"
      - name: dns02
        content: |
          ifconfig-push "{{ openvpn_net }}.3 255.255.255.0"
      - name: mobile-mikytux
        content: |
          ifconfig-push "{{ openvpn_net }}.9 255.255.255.0"
    openvpn_script_output_directories:
      - /var/log/openvpn-script-out/
    openvpn_script_files:
      - scripts/client-disconnect.sh.j2
    openvpn_inline_scripts:
      - name: up.sh
        content: |
          #!/usr/bin/env
          echo 'Up!' >> "/var/log/openvpn-up.log"
    openvpn_download_clients: true
    openvpn_open_firewall: false
    openvpn_route_traffic: false
    openvpn_unified_client_profiles: false
    openvpn_management_enable: false
    openvpn_client_to_client_via_ip: false
    openvpn_dev: vpnbas
    openvpn_max_clients: 254
    openvpn_key_country: IT
    openvpn_key_province: MT
    openvpn_key_city: Matera
    openvpn_key_org: Ninux Basilicata
    openvpn_key_email: mikysal78@gmail.com
    openvpn_key_size: 2048
    openvpn_use_pam: no
    openvpn_cipher: none
    openvpn_keepalive: "5 60"
    openvpn_ifconfig_pool_persist: ipp.txt
    openvpn_status: openvpn-status.log
    openvpn_verb: 3
    openvpn_topology: subnet
    openvpn_server: "{{ openvpn_net }}.0 255.255.255.0"
    openvpn_simple_auth: True
    openvpn_simple_auth_password: MyPassWord
    openvpn_bridge:
        address: "{{ openvpn_net }}.1"
        netmask: 255.255.255.0
        network: "{{ openvpn_net }}.0"
        broadcast: "{{ openvpn_net }}.255"
        dhcp_start: "{{ openvpn_net }}.10"
        dhcp_end: "{{ openvpn_net }}.254"
    openvpn_server_options:
        - "dev-type tap"
        - "client-to-client"
        - "username-as-common-name"
        - "client-cert-not-required"
        - "tls-server"
        - "fast-io"
  pre_tasks:
    - name: Install Bridge Utils
      apt:
        name: bridge-utils
        state: present

[Question] in directory /etc/openvpn/ovpns/ have dns01.ovpn and dns01.zip.
In the zip i don't find certificate and file auth with password

[Client Error log]

Tue Oct 27 20:43:38 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Oct 27 20:43:38 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Tue Oct 27 20:43:38 2020 ******* WARNING *******: '--cipher none' was specified. This means NO encryption will be performed and tunnelled data WILL be transmitted in clear text over the network! PLEASE DO RECONSIDER THIS SETTING!
Tue Oct 27 20:43:38 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]86.107.110.91:1194
Tue Oct 27 20:43:38 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Oct 27 20:43:38 2020 UDP link local: (not bound)
Tue Oct 27 20:43:38 2020 UDP link remote: [AF_INET]86.107.110.91:1194
Tue Oct 27 20:43:38 2020 TLS: Initial packet from [AF_INET]86.107.110.91:1194, sid=e43493cd 84622ac7
Tue Oct 27 20:43:38 2020 VERIFY OK: depth=1, CN=basilicata.ninux.org
Tue Oct 27 20:43:38 2020 VERIFY KU OK
Tue Oct 27 20:43:38 2020 Validating certificate extended key usage
Tue Oct 27 20:43:38 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Oct 27 20:43:38 2020 VERIFY EKU OK
Tue Oct 27 20:43:38 2020 VERIFY OK: depth=0, CN=server
Tue Oct 27 20:44:38 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Oct 27 20:44:38 2020 TLS Error: TLS handshake failed
Tue Oct 27 20:44:38 2020 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 27 20:44:38 2020 Restart pause, 5 second(s)

[Server error log]

# tail -f /var/log/openvpn.log 
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 peer info: IV_NCP=2
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 peer info: IV_LZ4=1
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 peer info: IV_LZ4v2=1
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 peer info: IV_LZO=1
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 peer info: IV_COMP_STUB=1
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 peer info: IV_COMP_STUBv2=1
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 peer info: IV_TCPNL=1
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 TLS Error: Auth Username/Password was not provided by peer
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 TLS Error: TLS handshake failed
Tue Oct 27 21:34:09 2020 86.107.110.93:42426 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Oct 27 21:40:10 2020 86.107.110.93:51543 TLS: Initial packet from [AF_INET]86.107.110.93:51543, sid=84a8efa1 f234a27e
Tue Oct 27 21:40:10 2020 86.107.110.93:51543 peer info: IV_VER=2.4.7
Tue Oct 27 21:40:10 2020 86.107.110.93:51543 peer info: IV_PLAT=linux
Tue Oct 27 21:40:10 2020 86.107.110.93:51543 peer info: IV_PROTO=2

Answer 1 · 2021-01-11T15:07:48.000Z

did you found a solution?