I want to execute a batch script to verify if the common name of the user is present in some TXT file, if yes, authorize the connection, otherwise deny.
My server.ovpn is:
local IPADDRESS
mode server
port 1194
dev tun
dev-node VPNInterface
server 10.1.1.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
comp-lzo
tls-server
tls-auth keys/shared.key 0
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
keepalive 10 60
tls-verify "C:\verify.bat"
And my verify.bat script is:
@echo off
echo "%1 %2" > C:\log.txt
setlocal enableextensions enabledelayedexpansion
for /f "tokens=*" %%a in (C:\CN_List.txt) do (
set tst=%%a
set tst=!tst:%2=!
if not !tst!==%%a (
exit /b 0
) else (
exit /b 1
)
)
I did that echo in log.txt to see if I get the certificate depth and the X509 common name inside the file, but doesn't appear nothing. And in the OpenVPN I get the following error:
Thu Sep 25 11:26:15 2014 191.177.89.124:54063 WARNING: Failed running command (--tls-verify script): returned error code 1
Thu Sep 25 11:26:15 2014 191.177.89.124:54063 TLS_ERROR: BIO read еls_read_plain text error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Thu Sep 25 11:26:15 2014 191.177.89.124:54063 TLS Error: > TLS object -> incoming plaintext read error
Thu Sep 25 11:26:15 2014 191.177.89.124:54063 TLS Error: TLS handshake failed
As you can see in the first line, looks like there's some error on the tls-verify script. I'm using exit /b 0 when found the second parameter (user CN). Someone has any clue how to do this script gets executed properly?
Best Answer
I need to add:
in my server.ovpn file.