search

gate-sso / gate

Gate is MFA Enabled SSO Platform that supports SAML, OAuth, Linux shell login and CAS
https://gate-sso.github.io
MIT License
203 stars 53 forks source link

Unable to create/download openvpn profile #120

Closed gbobr closed 6 years ago

gbobr commented 6 years ago

When i want to download my openvpn profile i get: _Cannot read file /opt/vpnkeys/my@email.com.tar.gz_

Apparently easy-rsa and openvpn install folders and scripts are different that the ones gate is expecting in Ubuntu 16.04

App trace

app/controllers/profile_controller.rb:72:indownload_vpn'`

Full trace

.local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/data_streaming.rb:68:insend_file' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/instrumentation.rb:52:in block in send_file' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications.rb:164:inblock in instrument' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications/instrumenter.rb:20:in instrument' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications.rb:164:ininstrument' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/instrumentation.rb:50:in send_file' app/controllers/profile_controller.rb:72:indownload_vpn' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/implicit_render.rb:4:in send_action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/abstract_controller/base.rb:198:inprocess_action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/rendering.rb:10:in process_action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/abstract_controller/callbacks.rb:20:inblock in process_action' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:117:in call' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:555:inblock (2 levels) in compile' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:505:in call' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:92:inrun_callbacks__' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:778:in _run_process_action_callbacks' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:81:inrun_callbacks' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/abstract_controller/callbacks.rb:19:in process_action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/rescue.rb:29:inprocess_action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/instrumentation.rb:32:in block in process_action' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications.rb:164:inblock in instrument' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications/instrumenter.rb:20:in instrument' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/notifications.rb:164:ininstrument' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/instrumentation.rb:30:in process_action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/params_wrapper.rb:250:inprocess_action' .local/ruby/2.3.0/gems/activerecord-4.2.8/lib/active_record/railties/controller_runtime.rb:18:in process_action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/abstract_controller/base.rb:137:inprocess' .local/ruby/2.3.0/gems/actionview-4.2.8/lib/action_view/rendering.rb:30:in process' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal.rb:196:indispatch' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal/rack_delegation.rb:13:in dispatch' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_controller/metal.rb:237:inblock in action' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/routing/route_set.rb:74:in dispatch' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/routing/route_set.rb:43:inserve' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/routing/mapper.rb:49:in serve' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/journey/router.rb:43:inblock in serve' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/journey/router.rb:30:in each' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/journey/router.rb:30:inserve' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/routing/route_set.rb:817:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/omniauth-1.8.1/lib/omniauth/strategy.rb:190:in call!' .local/ruby/2.3.0/gems/omniauth-1.8.1/lib/omniauth/strategy.rb:168:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/rack/agent_hooks.rb:30:intraced_call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/rack/browser_monitoring.rb:32:intraced_call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/warden-1.2.7/lib/warden/manager.rb:36:inblock in call' .local/ruby/2.3.0/gems/warden-1.2.7/lib/warden/manager.rb:35:in catch' .local/ruby/2.3.0/gems/warden-1.2.7/lib/warden/manager.rb:35:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/etag.rb:24:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/conditionalget.rb:25:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/head.rb:13:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/params_parser.rb:27:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/flash.rb:260:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/session/abstract/id.rb:225:incontext' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/session/abstract/id.rb:220:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/cookies.rb:560:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/activerecord-4.2.8/lib/active_record/query_cache.rb:36:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/activerecord-4.2.8/lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/activerecord-4.2.8/lib/active_record/migration.rb:377:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/callbacks.rb:29:in block in call' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:88:inrun_callbacks__' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:778:in _run_call_callbacks' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/callbacks.rb:81:inrun_callbacks' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/callbacks.rb:27:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/reloader.rb:73:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/remote_ip.rb:78:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/debug_exceptions.rb:17:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/web-console-3.3.0/lib/web_console/middleware.rb:131:in call_app' .local/ruby/2.3.0/gems/web-console-3.3.0/lib/web_console/middleware.rb:28:inblock in call' .local/ruby/2.3.0/gems/web-console-3.3.0/lib/web_console/middleware.rb:18:in catch' .local/ruby/2.3.0/gems/web-console-3.3.0/lib/web_console/middleware.rb:18:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/show_exceptions.rb:30:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/railties-4.2.8/lib/rails/rack/logger.rb:38:incall_app' .local/ruby/2.3.0/gems/railties-4.2.8/lib/rails/rack/logger.rb:20:in block in call' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/tagged_logging.rb:68:inblock in tagged' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/tagged_logging.rb:26:in tagged' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/tagged_logging.rb:68:intagged' .local/ruby/2.3.0/gems/railties-4.2.8/lib/rails/rack/logger.rb:20:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/request_store-1.4.1/lib/request_store/middleware.rb:19:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/request_id.rb:21:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/methodoverride.rb:22:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/runtime.rb:18:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/activesupport-4.2.8/lib/active_support/cache/strategy/local_cache_middleware.rb:28:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/lock.rb:17:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/actionpack-4.2.8/lib/action_dispatch/middleware/static.rb:120:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/sendfile.rb:113:in call' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:incall' .local/ruby/2.3.0/gems/railties-4.2.8/lib/rails/engine.rb:518:in call' .local/ruby/2.3.0/gems/railties-4.2.8/lib/rails/application.rb:165:incall' .local/ruby/2.3.0/gems/newrelic_rpm-5.2.0.345/lib/new_relic/agent/instrumentation/middleware_tracing.rb:92:in call' .local/ruby/2.3.0/gems/rack-1.6.10/lib/rack/content_length.rb:15:incall' .local/ruby/2.3.0/gems/puma-3.11.4/lib/puma/configuration.rb:225:in call' .local/ruby/2.3.0/gems/puma-3.11.4/lib/puma/server.rb:632:inhandle_request' .local/ruby/2.3.0/gems/puma-3.11.4/lib/puma/server.rb:446:in process_client' .local/ruby/2.3.0/gems/puma-3.11.4/lib/puma/server.rb:306:inblock in run' .local/ruby/2.3.0/gems/puma-3.11.4/lib/puma/thread_pool.rb:120:in block in spawn_thread'

gbobr commented 6 years ago

Found the scripts in this repo and copied them to the appropriate folder, however, it's not correctly creating the client certificates.

I might have something wrong in my easy-rsa / openvpn installation. Do you have any guide / tutorial to follow so i end up with the same paths you are using

ajeygore commented 6 years ago

@gbobr those should be standard, after copying the script what's the error are you getting?

gbobr commented 6 years ago

My keys were ending up in /etc/openvpn/easy-rsa/keys but gen-client-keys was expecting them in /etc/openvpn/keys I've changed KEY_DIR on /etc/openvpn/easy-rsa/vars to point to /etc/openvpn/keys and now it's working.

My installation procedure for OpenVPN + easy-rsa was:

ajeygore commented 6 years ago

Glad to know that it's working, we just added SAML authentication to Gate, that means now you can use same MFA Auth for multiple services and not only VPN.

Anything else we should be helping you with? Let me know..

ajeygore commented 6 years ago

I am closing this issue now. Can you please update the instructions on readme and send me a pull request.