Vyos配置openvpn+radius，验证未通过

986068836 · February 9, 2021, 5:57am

Error: Radius-plugin:foreground:common_name is not defined，具体如附件图片

问题：根据radiusplugin.cnf，OpenVPNConfig应该是 “/etc/openvpn/server.conf”，但未有此文件生成，后请人查实，也不是“/run/openvpn/vtun0.conf”，正确的是“/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val”,不得所知，官网和其他网上并未查看相关说明文件，能否请看得懂源码的朋友帮忙看看，为何是此目录“/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val”

Version：VyOS 1.4-rolling-202101281254

Config:
vyos@vyos#show
openvpn vtun0 {
mode server
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option --duplicate-cn
openvpn-option “–plugin /usr/lib/openvpn/radiusplugin.so /config/auth/radiusplugin.cnf”
protocol tcp-passive
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/central.crt
dh-file /config/auth/dh.pem
key-file /config/auth/central.key
}

nat { source { rule 1001 { outbound-interface eth0 source { address 192.168.0.0/16 } translation { address masquerade } } } }
protocols { static { route 0.0.0.0/0 { next-hop 10.2.2.254 { } } } }
———————————————————————————————————————————————————————
vyos@vyos# sudo cat /config/auth/radiusplugin.cnf
#OpenVPNConfig=/etc/openvpn/server.conf
#OpenVPNConfig=/run/openvpn/vtun0.conf
OpenVPNConfig=/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val
subnet=255.255.255.0
overwriteccfiles=true
————————————————————————————————————————————————————————
[edit]
vyos@vyos#/run/openvpn/vtun0.conf
verb 3
user openvpn
group openvpn
dev-type tun
dev vtun0
persist-key
iproute /usr/libexec/vyos/system/unpriv-ip
proto tcp-server
mode server
tls-server
topology net30
management /run/openvpn/openvpn-mgmt-intf unix

TLS options

ca /config/auth/ca.crt
cert /config/auth/central.crt
key /config/auth/central.key
dh /config/auth/dh.pem
–persist-key
–persist-tun
–duplicate-cn
–log /var/log/openvpn.log
–verb 4
–plugin /usr/lib/openvpn/radiusplugin.so /config/auth/radiusplugin.cnf
–client-cert-not-required
–username-as-common-name
[edit]
————————————————————————————————————————————————————————
vyos@vyos#/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val
–persist-key
–persist-tun
–duplicate-cn
log /var/log/openvpn.log
verb 4
–plugin /usr/lib/openvpn/radiusplugin.so /config/auth/radiusplugin.cnf
client-cert-not-required
username-as-common-name[edit]
————————————————————————————————————————————————————————
vyos@vyos# ls
client server update-resolv-conf
[edit]
vyos@vyos# pwd
/etc/openvpn
[edit]

986068836 · February 9, 2021, 6:04am

Error: Radius-plugin:foreground:common_name is not defined，具体如附件图片

问题：根据radiusplugin.cnf，OpenVPNConfig应该是 “/etc/openvpn/server.conf”，但未有此文件生成，后请人查实，也不是“/run/openvpn/vtun0.conf”，正确的是“/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val”,不得所知，官网和其他网上并未查看相关说明文件，能否请看得懂源码的朋友帮忙看看，为何是此目录“/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val”

Version：VyOS 1.4-rolling-202101281254

Config:
vyos@vyos#show
openvpn vtun0 {
mode server
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option --duplicate-cn
openvpn-option “–plugin /usr/lib/openvpn/radiusplugin.so /config/auth/radiusplugin.cnf”
protocol tcp-passive
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/central.crt
dh-file /config/auth/dh.pem
key-file /config/auth/central.key
}

nat { source { rule 1001 { outbound-interface eth0 source { address 192.168.0.0/16 } translation { address masquerade } } } }
protocols { static { route 0.0.0.0/0 { next-hop 19.0.1.254 { } } } }
———————————————————————————————————————————————————————
vyos@vyos# sudo cat /config/auth/radiusplugin.cnf
#OpenVPNConfig=/etc/openvpn/server.conf
#OpenVPNConfig=/run/openvpn/vtun0.conf
OpenVPNConfig=/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val
subnet=255.255.255.0
overwriteccfiles=true
————————————————————————————————————————————————————————
[edit]
vyos@vyos#/run/openvpn/vtun0.conf
verb 3
user openvpn
group openvpn
dev-type tun
dev vtun0
persist-key
iproute /usr/libexec/vyos/system/unpriv-ip
proto tcp-server
mode server
tls-server
topology net30
management /run/openvpn/openvpn-mgmt-intf unix

TLS options

ca /config/auth/ca.crt
cert /config/auth/central.crt
key /config/auth/central.key
dh /config/auth/dh.pem
–persist-key
–persist-tun
–duplicate-cn
–log /var/log/openvpn.log
–verb 4
–plugin /usr/lib/openvpn/radiusplugin.so /config/auth/radiusplugin.cnf
–client-cert-not-required
–username-as-common-name
[edit]
————————————————————————————————————————————————————————
vyos@vyos#/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val
–persist-key
–persist-tun
–duplicate-cn
log /var/log/openvpn.log
verb 4
–plugin /usr/lib/openvpn/radiusplugin.so /config/auth/radiusplugin.cnf
client-cert-not-required
username-as-common-name[edit]
————————————————————————————————————————————————————————
vyos@vyos# ls
client server update-resolv-conf
[edit]
vyos@vyos# pwd
/etc/openvpn
[edit]

jack9603301 · February 9, 2021, 6:36am

Let me translate it for you

问题：根据radiusplugin.cnf，OpenVPNConfig应该是 “/etc/openvpn/server.conf”，但未有此文件生成，后请人查实，也不是“/run/openvpn/vtun0.conf”，正确的是“/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val”,不得所知，官网和其他网上并未查看相关说明文件，能否请看得懂源码的朋友帮忙看看，为何是此目录“/opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val”

Question: According to radiusplugin.cnf, OpenVPNConfig should be /etc/openvpn/server.conf, but not the files are generated, please verify, nor /run/openvpn/vtun0.conf, the correct is /opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val, may not know, Website and other online did not check the related documents, could you please read the source code of friends to see, why is this directory /opt/vyatta/config/active/interfaces/openvpn/vtun0/openvpn-option/node.val