Bug#507747: marked as done (openvpn auth via-env fails to pass password to auth script)

Mon, 08 Dec 2008 11:38:10 -0800 

Your message dated Mon, 08 Dec 2008 20:36:46 +0100
with message-id <[EMAIL PROTECTED]>
and subject line closing openvpn script-security level bugreport.
has caused the Debian Bug report #507747,
regarding openvpn auth via-env fails to pass password to auth script
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
507747: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507747
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: openvpn
Version: 2.1~rc11-1
Severity: grave

Steps to verify/recreate:
Create a test auth script that simply echos the username and password
and configure opevnvpn to use this script

#!/bin/sh
echo $username
echo $password

Start openvpn with the following command
openvpn --config /etc/openvpn/server.conf --script-security 2

When a client attempts a connection, the username will be printed in
the output but the password will not.

Notes: Installing 2.0.9-4etch1 on lenny using the same server.conf and
client setup works as expected.

#server.conf
port 1194
proto udp
dev tap0
ca /etc/openvpn/CA/keys/ca.crt
cert /etc/openvpn/CA/keys/vpn.domain.com.crt
key /etc/openvpn/CA/keys/vpn.domain.com.key
crl-verify /etc/openvpn/CA/keys/crl.pem
dh /etc/openvpn/CA/keys/dh1024.pem
ifconfig-pool-persist used-ips
server-bridge 192.168.100.9 255.255.255.0 192.168.100.60 192.168.100.75
push "route 192.168.101.0 255.255.255.0 192.168.100.1"
push "dhcp-option WINS 192.168.100.3"
push "dhcp-option DNS 192.168.100.3"
push "dhcp-option DOMAIN domain.com"
client-to-client
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
auth-user-pass-verify /etc/openvpn/ldap-auth.sh via-env
keepalive 10 120
comp-lzo

#client configuration
client
dev tap
proto udp
remote vpn.domain.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
ns-cert-type server
ca "c:\\Program Files\\openvpn\\config\\Work\\ca.crt"
cert "c:\\Program Files\\openvpn\\config\\Work\\user.crt"
key "c:\\Program Files\\openvpn\\config\\Work\\user.key"

--- End Message ---
--- Begin Message --- 
Closing as requested by the submitter.

-- 
Regards,
Andreas Henriksson

--- End Message ---

Reply via email to