05-16-2019 11:25 AM
Hello,
I recently built and installed the duo_openvpn.so plugin on my openvpn server (version 2.4.6) and after installation/configuration of the plugin I am getting the following error on startup of openvpn:
openvpn[2547]: Options error: Unrecognized option or missing or extra parameter(s) in /tmp/openvpn/openvpn.conf:33: plugin (2.4.6)
This line (#33) that generated this error in the openvpn.conf is as follows:
plugin /opt/duo/duo_openvpn.so ‘xxxxx yyyyyy zzzzzzzzz’
I saw that there was an error using this syntax with OpenVpn (v2.4.1-2)
Reference posting here:
(Latest OpenVPN Update (v2.4.1-2) Breaks duo_openvpn.so)
and the solution there was to enclose the 3 keys for the plugin in single quotes ’ '. Is this a known issue with OpenVpn 2.4.6 and is there any workaround for this error?
I also followed the setup guide here:
and I have tried using double quotes and no-quotes but the error is the same after restarting the openvpn server. Because of this error, openvpn server fails to start and I have commented out loading of the duo plugin for now.
Let me know if this should be investigated further with Support/Engineering.
Thank you!
John
05-22-2019 09:02 AM
Hi JohnB,
An error to start the OpenVPN service with the above resulting error typically means there is an issue with the syntax of the config file, as you have noted. I haven’t been able to reproduce the error that you are seeing so I am curious though for more details. What OS are you currently running with specific version?
If you want to get more immediate help, the Duo Support Team is always at your disposal as well via phone, email, or chat. Check out, Support | Duo Security, for the details.
06-02-2019 08:10 AM
Hi Landon,
I did some additional investigation and the error was caused by my OpenVpn server compiled without the ‘enable_plugin’ runtime option.
I was able to install a different OpenVpn version with this option enabled and the Duo plugin with the same security key/API ID syntax worked as expected.
NOTE: I was able to use this plugin on an ARM-based Netgear R7000 router using Python and libpam dev. tools to compile it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide