Help: Openvpn AUTH_FAILED and remote authentication script issues

[xauen]

Hello,

Ive been trying to fix my openvpn remote authentication script.
I managed to write a script for remote authentication using wordpress db as my base access details storage. However I cannot seem to get past AUTH-FAILED issue. Possible source of conflict might be my database query inside the script which returns nothing.

Hope someone with enough knowledge of scripting and database querying can help me here.

here is my vpn_auth.sh:
Code:

Code:

#!/bin/bash

### Database Informations
DBUSER='dbuser'
DBPASS='dbpass'
DBHOST='host.ip'
DBNAME='dbname'

### OpenVPN get's send the filename to the script, with the script's first parameter = $1
### The file contains 2 lines, Username and Password what the client sent to the server ( --auth-user-pass )
### When the script finished, the file will be removed
vpnnev=`head -n1 $1 | tail -1`      # Get the First line -> Username
vpnjelszo=`head -n2 $1 | tail -1 `   # Get the Second line -> Password

### Name + Password
sqlnev=`mysql -u $DBUSER -p$DBPASS -h $DBHOST --skip-column-name -e 
"SELECT user_login FROM wp_users WHERE ((user_login = '$vpnnev') AND (user_pass = PASSWORD('$vpnjelszo')));" $DBNAME`

### If the MySQL Query failed, the "sqlnev" variable contains nothing! If the "sqlnev" contains Bob's username,
##  we are good to go! If this script exit with errorcode 0, that means the script is successful, OpenVPN will
## If the exit code IS NOT "0", OpenVPN will destroy the tunnel.
##
if [ "$sqlnev" == "$vpnnev" ]; then
exit 0
   else
exit 1
fi

Here is my server.conf:
Code:

Code:

port 9200
proto udp
dev tun0
cipher BF-CBC
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
script-security 2
auth-user-pass-verify "/etc/openvpn/vpn_auth" via-file
tmp-dir "/etc/openvpn"
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
status /etc/openvpn/onlineusers.log 5
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
reneg-sec 0
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server.log
verb 3
mute 10

Notice the:
Code:

Code:

script-security 2
auth-user-pass-verify "/etc/openvpn/vpn_auth" via-file

Authentication via file.

Im having problem with the following sql query if its right or wrong:
Code:

Code:

sqlnev=`mysql -u $DBUSER -p$DBPASS -h $DBHOST --skip-column-name -e 
"SELECT user_login FROM wp_users WHERE ((user_login = '$vpnnev') AND (user_pass = PASSWORD('$vpnjelszo')));" $DBNAME`

Please note that:
user_login; and
user_pass
are columns for the table "wp_users", which is inside my wordpress db.

Any help on solving this mysql query problem or restructuring of vpn_auth.sh is of great help to me.

Thanks

[guus.leeuw.jr]

I reckon the SQL statement should look like:
SELECT user_login FROM $DBNAME.wp_users ...

Did you test the SQL statement separately with valid values?