/ / OpenVPN: dhclient schlägt fehl - debian, openvpn, dhcp

OpenVPN: dhclient schlägt fehl - debian, openvpn, dhcp

Wenn ich den openvpn client starte und dann laufe dhclient tap0 Um eine IP-Adresse zu erhalten, funktioniert alles einwandfrei.

Wenn derselbe Befehl von openvpn aus einem Skript aufgerufen wird (up Möglichkeit):

#!/bin/sh
/sbin/dhclient tap0 || exit 1
exit 0

Es schlägt fehl:

dhclient[30524]: Sending on   LPF/tap0/aa:aa:aa:12:23:e9
dhclient[30524]: Can"t bind to dhcp address: Permission denied
dhclient[30524]: Please make sure there is no other dhcp server
dhclient[30524]: running and that there"s no entry for dhcp or
dhclient[30524]: bootp in /etc/inetd.conf.   Also make sure you
dhclient[30524]: are not running HP JetAdmin software, which
openvpn[30517]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
openvpn[30517]: Exiting due to fatal error
dhclient[30524]: includes a bootp server.
dhclient[30524]:
dhclient[30524]: If you think you have received this message due to a bug rather
dhclient[30524]: than a configuration issue please read the section on submitting
dhclient[30524]: bugs on either our web page at www.isc.org or in the README file
dhclient[30524]: before submitting a bug.  These pages explain the proper
dhclient[30524]: process and the information we find helpful for debugging..
dhclient[30524]:
dhclient[30524]: exiting.
systemd[1]: openvpn-client.service: Main process exited, code=exited, status=1/FAILURE

Alles wird als root ausgefĂĽhrt, daher sollte es sich nicht um ein Berechtigungsproblem handeln.

Antworten:

0 fĂĽr Antwort â„– 1

Versuchen Sie, "sudo" in Ihr Skript einzufĂĽgen ... und erlauben Sie dhclient von sudoers ohne Kennwort fĂĽr den Benutzer, unter dem openvpn ausgefĂĽhrt wird.

Haben Sie in Ihrer conf auch "script-security 2" angegeben?

--script-security level [method]
This  directive offers policy-level control over OpenVPN’s usage
of external programs and scripts.  Lower level values  are  more
restrictive,  higher  values  are more permissive.  Settings for
level:

0 -- Strictly no calling of external programs.
1 -- (Default) Only call built-in executables such as  ifconfig,
ip, route, or netsh.
2  --  Allow  calling  of  built-in executables and user-defined
scripts.
3 -- Allow passwords to be passed to scripts  via  environmental
variables (potentially unsafe).`