Openvpn+AD
dariangrai 28 ноября, 2014 - 06:07
Доброго времени суток уважаемые форумчане
прошу помощи в настройке openvpn + AD
мозг взрывается уже шеф раздает тумаки
проблема заключается в том что настроил openvp создал ключи
настроил конфиг все хорошо . Клиент при наличии у него сертификатов подключается к серверу без проблем . А вот подключение к ldap настроить не могу помогите люди добрые
конфиг openvpn
local xx.xx.xx.xx port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem #tls-auth /etc/openvpn/keys/ta.key 1 #ta /etc/openvpn/keys/ta.key server 10.133.1.0 255.255.255.0 # Сеть для клииентов push "route 192.168.180.0 255.255.255.0" # роутинг persist-key persist-tun username-as-common-name plugin /usr/lib64/openvpn-auth-ldap.so /etc/openvpn/auth-ldap.conf ifconfig-pool-persist ipp.txt #max-clients 32 client-to-client #client-cert-not-required keepalive 10 120 #пинговать клиента каждые 10 с если не отвечает оключать status /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log verb 9 #mute 20 #daemon #mode server tls-server
Конфиг ldap
<LDAP>
URL ldap://192.168.180.4
BindDN
Password pass
Timeout 15
# TLSEnable no
Follow LDAP Referrals (anonymously
</LDAP>
Параметры авторизации пользователей входящих в группу vpn которая создана в подразделении в домене
<Authorization>
BaseDN "DC=domain,DC=lan"
SearchFilter "(&(sAMAccountName=%u)(memberOf=CN=VPN,OU=group,DC=domain,DC=lan))"
лог
Thu Nov 27 15:36:39 2014 us=320868 Diffie-Hellman initialized with 1024 bit key Thu Nov 27 15:36:39 2014 us=321639 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Nov 27 15:36:39 2014 us=321710 Socket Buffers: R=[229376->131072] S=[229376->131072] Thu Nov 27 15:36:39 2014 us=322106 ROUTE_GATEWAY xx.xx.xx.xx/255.255.255.248 IFACE=eth1.2 HWADDR=00:13:49:aa:6c:c4 Thu Nov 27 15:36:39 2014 us=322675 TUN/TAP device tun0 opened Thu Nov 27 15:36:39 2014 us=322747 TUN/TAP TX queue length set to 100 Thu Nov 27 15:36:39 2014 us=322791 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Thu Nov 27 15:36:39 2014 us=322850 /bin/ip link set dev tun0 up mtu 1500 Thu Nov 27 15:36:39 2014 us=325771 /bin/ip addr add dev tun0 local 10.133.1.1 peer 10.133.1.2 Thu Nov 27 15:36:39 2014 us=328779 /bin/ip route add 10.133.1.0/24 via 10.133.1.2 Thu Nov 27 15:36:39 2014 us=331059 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ] Thu Nov 27 15:36:39 2014 us=333007 GID set to openvpn Thu Nov 27 15:36:39 2014 us=333174 UID set to openvpn Thu Nov 27 15:36:39 2014 us=333240 UDPv4 link local (bound): [AF_INET]46.61.138.18:1194 Thu Nov 27 15:36:39 2014 us=333271 UDPv4 link remote: [undef] Thu Nov 27 15:36:39 2014 us=333311 MULTI: multi_init called, r=256 v=256 Thu Nov 27 15:36:39 2014 us=333460 IFCONFIG POOL: base=10.133.1.4 size=62, ipv6=0 Thu Nov 27 15:36:39 2014 us=333505 ifconfig_pool_read(), in='client,10.133.1.4', TODO: IPv6 Thu Nov 27 15:36:39 2014 us=333550 succeeded -> ifconfig_pool_set() Thu Nov 27 15:36:39 2014 us=333583 IFCONFIG POOL LIST Thu Nov 27 15:36:39 2014 us=333613 client,10.133.1.4 Thu Nov 27 15:36:39 2014 us=333691 Initialization Sequence Completed OpenVPN CLIENT LIST Updated,Thu Nov 27 15:36:49 2014 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 OpenVPN CLIENT LIST Updated,Thu Nov 27 15:38:49 2014 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref GLOBAL STATS Max bcast/mcast queue length,0 END Thu Nov 27 15:38:58 2014 us=421175 MULTI: multi_create_instance called Thu Nov 27 15:38:58 2014 us=421609 192.168.200.205:1194 Re-using SSL/TLS context Thu Nov 27 15:38:58 2014 us=422056 192.168.200.205:1194 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu Nov 27 15:38:58 2014 us=422108 192.168.200.205:1194 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ] Thu Nov 27 15:38:58 2014 us=422189 192.168.200.205:1194 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Thu Nov 27 15:38:58 2014 us=422219 192.168.200.205:1194 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Thu Nov 27 15:38:58 2014 us=422265 192.168.200.205:1194 Local Options hash (VER=V4): '239669a8' Thu Nov 27 15:38:58 2014 us=422305 192.168.200.205:1194 Expected Remote Options hash (VER=V4): '3514370b' Thu Nov 27 15:38:58 2014 us=422402 192.168.200.205:1194 TLS: Initial packet from [AF_INET]192.168.200.205:1194, sid=d422dde1 dd137391 Thu Nov 27 15:38:58 2014 us=556864 192.168.200.205:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate Thu Nov 27 15:38:58 2014 us=556983 192.168.200.205:1194 TLS Error: TLS object -> incoming plaintext read error Thu Nov 27 15:38:58 2014 us=557016 192.168.200.205:1194 TLS Error: TLS handshake failed Thu Nov 27 15:38:58 2014 us=557206 192.168.200.205:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
»
- Для комментирования войдите или зарегистрируйтесь