Debian
openvpn-auth-ldap package

  1. Bug #1602813
  2. Comment #23

Comment 23 for bug 1602813

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Confirmed the crash on xenial:
ubuntu@xenial-openvpn-server-1602813:/etc/openvpn$ sudo openvpn --config server.conf
Mon Jul 24 16:49:50 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Mon Jul 24 16:49:50 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Mon Jul 24 16:49:50 2017 TUN/TAP device tun0 opened
Mon Jul 24 16:49:50 2017 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Mon Jul 24 16:49:50 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul 24 16:49:50 2017 /sbin/ip link set dev tun0 up mtu 1500
Mon Jul 24 16:49:50 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Mon Jul 24 16:49:50 2017 UDPv4 link local (bound): [undef]
Mon Jul 24 16:49:50 2017 UDPv4 link remote: [undef]
Mon Jul 24 16:49:50 2017 Initialization Sequence Completed
openvpn: sasl.c:257: ldap_parse_sasl_bind_result: Assertion `res != NULL' failed.
Aborted (core dumped)

$ dpkg-query -W openvpn-auth-ldap
openvpn-auth-ldap 2.0.3-6.1

Upgrading to -proposed:
$ sudo apt install openvpn-auth-ldap
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  openvpn-auth-ldap
1 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
Need to get 36.8 kB of archives.
After this operation, 25.6 kB disk space will be freed.
Get:1 http://br.archive.ubuntu.com/ubuntu xenial-proposed/universe amd64 openvpn-auth-ldap amd64 2.0.3-6.1ubuntu0.16.04.1 [36.8 kB]
Fetched 36.8 kB in 0s (465 kB/s)
(Reading database ... 25809 files and directories currently installed.)
Preparing to unpack .../openvpn-auth-ldap_2.0.3-6.1ubuntu0.16.04.1_amd64.deb ...
Unpacking openvpn-auth-ldap (2.0.3-6.1ubuntu0.16.04.1) over (2.0.3-6.1) ...
Setting up openvpn-auth-ldap (2.0.3-6.1ubuntu0.16.04.1) ...

Running test again, this time we get just a timeout:
$ sudo openvpn --config server.conf
Mon Jul 24 16:51:28 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Mon Jul 24 16:51:28 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Mon Jul 24 16:51:28 2017 TUN/TAP device tun0 opened
Mon Jul 24 16:51:28 2017 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Mon Jul 24 16:51:28 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul 24 16:51:28 2017 /sbin/ip link set dev tun0 up mtu 1500
Mon Jul 24 16:51:28 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Mon Jul 24 16:51:28 2017 UDPv4 link local (bound): [undef]
Mon Jul 24 16:51:28 2017 UDPv4 link remote: [undef]
Mon Jul 24 16:51:28 2017 Initialization Sequence Completed
LDAP bind failed: Timed out
Unable to bind as uid=john,ou=People,dc=lxd
LDAP connect failed.
Mon Jul 24 16:51:40 2017 10.0.100.42:1194 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so
Mon Jul 24 16:51:40 2017 10.0.100.42:1194 TLS Auth Error: Auth Username/Password verification failed for peer
Mon Jul 24 16:51:40 2017 10.0.100.42:1194 [client] Peer Connection Initiated with [AF_INET]10.0.100.42:1194
(...)

Verification passed for xenial.