TLS false. Help me!!
N-LamTruong opened this issue · 3 comments
I don't know where I went wrong
1. Docker-compose.yml
version: '3.8'
services:
openvpn-ldap-otp:
image: 'wheelybird/openvpn-ldap-otp:latest'
container_name: openvpn-ldap-otp
cap_add:
- NET_ADMIN
volumes:
- '.config:/config'
- '/etc/openvpn:/etc/openvpn'
- '/lib/modules:/lib/modules'
environment:
- 'USE_CLIENT_CERTIFICATE=false'
- 'LDAP_ENCRYPT_CONNECTION=off'
- 'LDAP_TLS_VALIDATE_CERT=false'
- 'OVPN_SERVER_CN=openvpn.xxx.com'
- 'LDAP_URI=ldap://xxx.xxx.xxx.xxx'
- 'LDAP_BASE_DN=dc=xxx,dc=com'
- 'LDAP_BIND_USER_DN=admin'
- 'LDAP_BIND_USER_PASS=xxx'
- 'OVPN_PROTOCOL=udp'
- 'OVPN_NAT=true'
- 'OVPN_NETWORK=172.31.32.0 255.255.240.0'
- 'OVPN_INTERFACE_NAME=tun'
- 'OVPN_DNS_SERVERS=8.8.8.8,8.8.4.4'
ports:
- '1194:1194/udp'
2. FIle config client:
client
tls-client
dev tun
persist-key
persist-tun
remote-cert-tls server
key-direction 1
auth SHA512
auth-nocache
proto udp
reneg-sec 0
redirect-gateway def1
auth-user-pass
verb 3
3. Logs client:
Mon May 29 09:39:07 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon May 29 09:39:07 2023 TLS Error: TLS handshake failed
Mon May 29 09:39:07 2023 SIGUSR1[soft,tls-error] received, process restarting
Mon May 29 09:39:07 2023 Restart pause, 5 second(s)
Hi. Does your LDAP server expect TLS to be enabled?
Hi. Does your LDAP server expect TLS to be enabled?
No, I just use http
I meant the LDAP server itself (not any kind of web GUI). You've got the LDAP URI set as ldap://xxx.xxx.xxx.xxx; it's possible that the server doesn't accept non-encrypted connections. You might need to enable TLS or connect with ldaps.