我在 (我认为) LDAP 身份验证成功后收到此错误:
No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT).
这个错误是什么意思?
来自系统日志:
Jan 28 13:57:58 vmVPN ovpn-server[2774]: MULTI: multi_create_instance called
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Re-using SSL/TLS context
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Local Options hash (VER=V4): '0ddbb6e3'
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Expected Remote Options hash (VER=V4): '2c50bd2c'
Jan 28 13:57:58 vmVPN ovpn-server[2774]: 184.151.61.191:58231 TLS: Initial packet from [AF_INET]184.151.61.191:58231, sid=7a0e31d7 42a199cf
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 VERIFY OK: depth=1, XXXXX
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 VERIFY OK: depth=0, XXXXX
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 TLS: Username/Password authentication succeeded for username 'ian.seyler'
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1574'
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jan 28 13:58:03 vmVPN ovpn-server[2774]: 184.151.61.191:58231 [vpn.XXXXX.com] Peer Connection Initiated with [AF_INET]184.151.61.191:58231
Jan 28 13:58:03 vmVPN ovpn-server[2774]: No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT).
Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=1
Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PLUGIN_CALL: plugin function PLUGIN_CLIENT_CONNECT failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
Jan 28 13:58:03 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 WARNING: client-connect plugin call failed
Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 PUSH: Received control message: 'PUSH_REQUEST'
Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 Delayed exit in 5 seconds
Jan 28 13:58:05 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 SENT CONTROL [vpn.thalmic.com]: 'AUTH_FAILED' (status=1)
Jan 28 13:58:10 vmVPN ovpn-server[2774]: vpn.XXXXX.com/184.151.61.191:58231 SIGTERM[soft,delayed-exit] received, client-instance exiting
更多细节:
Ubuntu 服务器 12.04.4 x86-64
OpenVPN 2.2.1
Windows 2012 R2 AD
答案1
OpenVPN 将环境变量设置为(或者说应该设置为)ifconfig_pool_remote_ip分配给远程客户端的 IP 地址。您看到的错误是由于 LDAP 插件无法找到此环境变量而导致的。
我不清楚为什么 OpenVPN 可能没有设置此变量,但我怀疑 OpenVPN 中存在错误。这是一个相当旧的版本,虽然我没有在新版本的变更日志中找到任何关于设置该变量的问题的具体参考,但我还是会考虑尝试新版本。