-
alfredballe
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
OpenVPN server 2.4.0 fails with auth issue
I’m running Debian 9 and OpenVPN 2.4.0 server.
This is my server.conf:
Server Config
port 443
proto tcp
dev tun
ca /etc/letsencrypt/live/easyvpn.net/chain.pem
cert /etc/letsencrypt/live/easyvpn.net/fullchain.pem
key /etc/letsencrypt/live/easyvpn.net/privkey.pem
dh /home/easyvpn/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push «route 100.10.0.0 255.255.0.0»
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 9
verify-client-cert none
username-as-common-name
auth-user-pass-verify /etc/openvpn/auth.sh via-file
This is my auth.sh:
auth.sh
#!/bin/bash
readarray -t lines < $1
username=${lines[0]}
password=${lines[1]}
# Replace your own authentication mechanism here
if [[ «$password» == «foobar» ]]; then
echo «ok»
exit 0
fi
echo «not ok»
exit 1
When trying to login I get the following error multiple times in my server/syslog:
syslog
Jul 23 18:58:33 vpneasy ovpn-server[24739]: TCP connection established with [AF_INET]203.44.52.110:1411
Jul 23 18:58:34 vpneasy ovpn-server[24739]: 203.44.52.110:1411 TLS: Initial packet from [AF_INET]203.44.52.110:1411, sid=e03f92a8 4b3084d6
Jul 23 18:58:34 vpneasy ovpn-server[24739]: 203.44.52.110:1411 Connection reset, restarting [0]
Jul 23 18:58:34 vpneasy ovpn-server[24739]: 203.44.52.110:1411 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 23 18:58:35 vpneasy ovpn-server[24739]: TCP connection established with [AF_INET]203.44.52.110:1412
Jul 23 18:58:35 vpneasy ovpn-server[24739]: 203.44.52.110:1412 TLS: Initial packet from [AF_INET]203.44.52.110:1412, sid=7a6005ce a9bb7497
Jul 23 18:58:36 vpneasy ovpn-server[24739]: 203.44.52.110:1412 Connection reset, restarting [0]
Jul 23 18:58:36 vpneasy ovpn-server[24739]: 203.44.52.110:1412 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 23 18:58:36 vpneasy ovpn-server[24739]: TCP connection established with [AF_INET]203.44.52.110:1413
Jul 23 18:58:37 vpneasy ovpn-server[24739]: 203.44.52.110:1413 TLS: Initial packet from [AF_INET]203.44.52.110:1413, sid=1dc8f98d 10a538d6
Jul 23 18:58:39 vpneasy ovpn-server[24739]: 203.44.52.110:1413 Connection reset, restarting [0]
Jul 23 18:58:39 vpneasy ovpn-server[24739]: 203.44.52.110:1413 SIGUSR1[soft,connection-reset] received, client-instance restarting
Jul 23 18:58:39 vpneasy ovpn-server[24739]: TCP connection established with [AF_INET]203.44.52.110:1414
Jul 23 18:58:40 vpneasy ovpn-server[24739]: 203.44.52.110:1414 TLS: Initial packet from [AF_INET]203.44.52.110:1414, sid=a6651350 0041a0ad
Jul 23 18:58:41 vpneasy ovpn-server[24739]: 203.44.52.110:1414 Connection reset, restarting [0]
Jul 23 18:58:41 vpneasy ovpn-server[24739]: 203.44.52.110:1414 SIGUSR1[soft,connection-reset] received, client-instance restarting
And my client, which is Shimo, shows:
shimo.log
>FATAL:ERROR: could not read Auth username/password/ok/string from management interface
How do I debug, and anyone has any idea on the issue?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN server 2.4.0 fails with auth issue
Post
by TinCanTech » Thu Jul 25, 2019 8:58 pm
alfredballe wrote: ↑
Thu Jul 25, 2019 7:21 pm
This is my server.conf
alfredballe wrote: ↑
Thu Jul 25, 2019 7:21 pm
shimo.log
>FATAL:ERROR: could not read Auth username/password/ok/string from management interface
Your client is failing to supply a password but you did not post your client config etc.
-
alfredballe
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: OpenVPN server 2.4.0 fails with auth issue
Post
by alfredballe » Thu Jul 25, 2019 10:15 pm
Oh, sorry, here:
Code: Select all
up-restart
nobind
remote easyvpn.net 443
dev tun
proto tcp-client
comp-lzo adaptive
auth-user-pass
tls-client
ca "/Users/alfredballe/lets-encrypt-x3-cross-signed.pem"
pull
up "/var/folders/8z/2zpy1c9s53bf20382d3hdm_c0000gn/T/7ee5934241e208198dad535e81b4122d-openvpn-up-script.sh"
down "/var/folders/8z/2zpy1c9s53bf20382d3hdm_c0000gn/T/7ee5934241e208198dad535e81b4122d-openvpn-down-script.sh"
-
alfredballe
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: OpenVPN server 2.4.0 fails with auth issue
Post
by alfredballe » Thu Jul 25, 2019 10:17 pm
Testing with OpenVPN Connect shows this in the log:
Code: Select all
2019-07-25 22:09:59+0200 [-] DynamicClientBase: Unable to obtain Session ID from 'easyvpn.net', port(s)=(443, 943): XML-RPC: TimeoutError.: client/dyncli:90,internet/defer:744,python/failure:338,client/dyncli:128,internet/defer:744,python/failure:338,client/asxmlcli:107,client/asxmlcli:86,internet/defer:744,python/failure:338,client/asxmlcli:129,internet/defer:744,python/failure:338,client/asxmlcli:196,client/asxmlcli:180 (twisted.internet.error.TimeoutError)
2019-07-25 22:09:59+0200 [-] *** API CALL f=xmlrpc_Poll args=['sess_easyvpn_net_u2105_9jPRmhiRtTmVAW94_1', 10] kw={} ret=[{'timestamp': 1564085399, 'info_type': u'twisted.internet.error.TimeoutError', 'type': 'INFO', 'severity': 'error', 'value': u"Unable to obtain Session ID from 'easyvpn.net', port(s)=(443, 943): XML-RPC: TimeoutError."}]
2019-07-25 22:09:59+0200 [-] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_KFYZpoxs1j7oEcfR_1', 10] kw={} ret=[{'timestamp': 1564085399, 'state': 'disconnect', 'profile_id': 'easyvpn_net_u2105', 'type': 'PROFILE'}]
2019-07-25 22:09:59+0200 [HTTPChannel,38,] *** API CALL f=xmlrpc_Poll args=['sess_easyvpn_net_u2105_9jPRmhiRtTmVAW94_1', 10] kw={} ret=[{'timestamp': 1564085399, 'type': 'DELETE_PENDING'}]
-
alfredballe
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: OpenVPN server 2.4.0 fails with auth issue
Post
by alfredballe » Fri Jul 26, 2019 9:42 am
This is my latest client.ovpn config:
Code: Select all
client
dev tun
proto tcp
remote easyvpn.net 443
nobind
persist-key
persist-tun
ca "/Users/alfredballe/lets-encrypt-x3-cross-signed.pem"
verb 3
auth-user-pass
Seems to get a bit further and actually have both OpenVPN Connect and Shimo ask for password.
But error logs shows the same as copy-pasted earlier.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN server 2.4.0 fails with auth issue
Post
by TinCanTech » Fri Jul 26, 2019 1:18 pm
Try this in your server conf:
Code: Select all
# auth-user-pass-verify /etc/openvpn/auth.sh via-file-
alfredballe
- OpenVpn Newbie
- Posts: 14
- Joined: Thu Jul 25, 2019 7:14 pm
Re: OpenVPN server 2.4.0 fails with auth issue
Post
by alfredballe » Sat Jul 27, 2019 5:44 pm
That is already present in the file, the very last line.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN server 2.4.0 fails with auth issue
Post
by TinCanTech » Sat Jul 27, 2019 7:05 pm
The point of my post is to temporarily comment out that script.
The question is, why is your server resetting the connection ?
schwabe
changed the title
could not read AUTH username
could not read AUTH username when using AIDL interface to start/import profile
Oct 4, 2021
akubinski
pushed a commit
to proget-hq/ics-openvpn
that referenced
this issue
Dec 21, 2021
This ensure the profile counter is incremented and the profile is
saved to disk to avoid the race condition of not getting the user/pass
which was started.
Closes schwabe#1342
laschico
pushed a commit
to laschico/ics-openvpn
that referenced
this issue
Jul 21, 2022
This ensure the profile counter is incremented and the profile is
saved to disk to avoid the race condition of not getting the user/pass
which was started.
Closes schwabe#1342
Pages 1 2 Next
You must login or register to post a reply
1 12.06.2016 17:03:47 (edited by sodbi4 12.06.2016 17:11:04)
- sodbi4
- Новичок
- Offline
- Registered: 12.06.2016
- Posts: 1
Topic: Проблема с подключением
un Jun 12 15:51:58 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Sun Jun 12 15:51:58 2016 Windows version 6.1 (Windows 7) 64bit
Sun Jun 12 15:51:58 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Sun Jun 12 15:55:54 2016 Control Channel Authentication: tls-auth using INLINE static key file
Sun Jun 12 15:55:54 2016 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Sun Jun 12 15:55:54 2016 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Sun Jun 12 15:55:54 2016 UDPv4 link local: [undef]
Sun Jun 12 15:55:54 2016 UDPv4 link remote: [AF_INET]46.30.45.178:19135
Sun Jun 12 15:55:54 2016 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Sun Jun 12 15:55:55 2016 VERIFY OK: depth=1, O=56f944706b4f9b078b884393, CN=56f944706b4f9b078b884394
Sun Jun 12 15:55:55 2016 Validating certificate key usage
Sun Jun 12 15:55:55 2016 ++ Certificate has key usage 00a0, expects 00a0
Sun Jun 12 15:55:55 2016 NOTE: —mute triggered…
Sun Jun 12 15:55:56 2016 10 variation(s) on previous 3 message(s) suppressed by —mute
Sun Jun 12 15:55:56 2016 [56f944706b4f9b078b8843a8] Peer Connection Initiated with [AF_INET]46.30.45.178:19135
Sun Jun 12 15:55:58 2016 AUTH: Received control message: AUTH_FAILED
Sun Jun 12 15:55:58 2016 SIGUSR1[soft,auth-failure] received, process restarting
Добрый день, подскажите пожалуйста, в чем может быть дело? И спасибо за сервис)
Пароль свежий, запускаю от имени администратора… подключился через Германию, с России так и не получается(
2 Reply by Admin 12.06.2016 17:36:56
- Admin
- Administrator
- Offline
- Registered: 30.04.2016
- Posts: 122
Re: Проблема с подключением
sodbi4 wrote:
Добрый день, подскажите пожалуйста, в чем может быть дело? И спасибо за сервис)
Пароль свежий, запускаю от имени администратора… подключился через Германию, с России так и не получается(
Попробуйте подключиться еще раз.
3 Reply by cb.lpd.pmr 05.07.2016 21:19:59
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
Здравствуйте. Впервые установил. Проблема та же самая, что и в первом сообщении:
Tue Jul 05 20:17:09 2016 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jul 05 20:17:09 2016 Windows version 6.2 (Windows 8 or greater) 32bit
Tue Jul 05 20:17:09 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Tue Jul 05 20:17:41 2016 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jul 05 20:17:41 2016 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Tue Jul 05 20:17:41 2016 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Tue Jul 05 20:17:41 2016 UDPv4 link local: [undef]
Tue Jul 05 20:17:41 2016 UDPv4 link remote: [AF_INET]93.170.169.229:16912
Tue Jul 05 20:17:41 2016 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Tue Jul 05 20:17:46 2016 VERIFY OK: depth=1, O=56eb7c9af8843002b1d43dca, CN=56eb7c9af8843002b1d43dcb
Tue Jul 05 20:17:46 2016 Validating certificate key usage
Tue Jul 05 20:17:46 2016 ++ Certificate has key usage 00a0, expects 00a0
Tue Jul 05 20:17:46 2016 NOTE: —mute triggered…
Tue Jul 05 20:17:56 2016 10 variation(s) on previous 3 message(s) suppressed by —mute
Tue Jul 05 20:17:56 2016 [56eb7c9bf8843002b1d43dd3] Peer Connection Initiated with [AF_INET]93.170.169.229:16912
Tue Jul 05 20:17:58 2016 AUTH: Received control message: AUTH_FAILED
Tue Jul 05 20:17:58 2016 SIGUSR1[soft,auth-failure] received, process restarting
Данные вводимые актуальны…
4 Reply by Rino 05.07.2016 22:28:51
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
Здравствуйте. Впервые установил. Проблема та же самая, что и в первом сообщении:
Tue Jul 05 20:17:09 2016 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Tue Jul 05 20:17:09 2016 Windows version 6.2 (Windows 8 or greater) 32bit
Tue Jul 05 20:17:09 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Tue Jul 05 20:17:41 2016 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jul 05 20:17:41 2016 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Tue Jul 05 20:17:41 2016 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Tue Jul 05 20:17:41 2016 UDPv4 link local: [undef]
Tue Jul 05 20:17:41 2016 UDPv4 link remote: [AF_INET]93.170.169.229:16912
Tue Jul 05 20:17:41 2016 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Tue Jul 05 20:17:46 2016 VERIFY OK: depth=1, O=56eb7c9af8843002b1d43dca, CN=56eb7c9af8843002b1d43dcb
Tue Jul 05 20:17:46 2016 Validating certificate key usage
Tue Jul 05 20:17:46 2016 ++ Certificate has key usage 00a0, expects 00a0
Tue Jul 05 20:17:46 2016 NOTE: —mute triggered…
Tue Jul 05 20:17:56 2016 10 variation(s) on previous 3 message(s) suppressed by —mute
Tue Jul 05 20:17:56 2016 [56eb7c9bf8843002b1d43dd3] Peer Connection Initiated with [AF_INET]93.170.169.229:16912
Tue Jul 05 20:17:58 2016 AUTH: Received control message: AUTH_FAILED
Tue Jul 05 20:17:58 2016 SIGUSR1[soft,auth-failure] received, process restarting
Данные вводимые актуальны…
Попробуйте еще раз
5 Reply by cb.lpd.pmr 06.07.2016 10:26:18
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
не работает…
6 Reply by Rino 06.07.2016 13:22:28
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
не работает…
Все проверено — работает.
На данный момент множество стабильных подключений к серверу.
7 Reply by cb.lpd.pmr 06.07.2016 14:14:08
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
В чем проблема может быть тогда?
8 Reply by Rino 06.07.2016 14:20:29
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
В чем проблема может быть тогда?
Лог можно будет? Используйте свежий пароль.
9 Reply by cb.lpd.pmr 06.07.2016 14:52:45
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
Wed Jul 06 13:48:06 2016 OpenVPN 2.3.11 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed Jul 06 13:48:06 2016 Windows version 6.2 (Windows 8 or greater) 32bit
Wed Jul 06 13:48:06 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Wed Jul 06 13:49:31 2016 Control Channel Authentication: tls-auth using INLINE static key file
Wed Jul 06 13:49:31 2016 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Wed Jul 06 13:49:31 2016 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Wed Jul 06 13:49:31 2016 Attempting to establish TCP connection with [AF_INET]93.170.169.229:18079 [nonblock]
Wed Jul 06 13:49:33 2016 TCP connection established with [AF_INET]93.170.169.229:18079
Wed Jul 06 13:49:33 2016 TCPv4_CLIENT link local: [undef]
Wed Jul 06 13:49:33 2016 TCPv4_CLIENT link remote: [AF_INET]93.170.169.229:18079
Wed Jul 06 13:49:33 2016 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Wed Jul 06 13:49:40 2016 VERIFY OK: depth=1, O=56eb7c9af8843002b1d43dca, CN=56eb7c9af8843002b1d43dcb
Wed Jul 06 13:49:40 2016 Validating certificate key usage
Wed Jul 06 13:49:40 2016 ++ Certificate has key usage 00a0, expects 00a0
Wed Jul 06 13:49:40 2016 NOTE: —mute triggered…
Wed Jul 06 13:49:45 2016 10 variation(s) on previous 3 message(s) suppressed by —mute
Wed Jul 06 13:49:45 2016 [56eb7c9bf8843002b1d43ddb] Peer Connection Initiated with [AF_INET]93.170.169.229:18079
Wed Jul 06 13:49:48 2016 AUTH: Received control message: AUTH_FAILED
Wed Jul 06 13:49:48 2016 SIGUSR1[soft,auth-failure] received, process restarting
Wed Jul 06 13:49:56 2016 ERROR: could not read Auth username/password/ok/string from management interface
Wed Jul 06 13:49:56 2016 Exiting due to fatal error
Такой вот лог…
10 Reply by Rino 06.07.2016 14:56:01
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
Такой вот лог…
Вы уверены, что используете последний, на текущий момент, пароль?
11 Reply by cb.lpd.pmr 06.07.2016 15:08:05
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
Ввожу, какой вижу на странице загрузки файлов конфигурации.
Или я не там пароль смотрю?)
12 Reply by Rino 06.07.2016 15:11:02
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
Ввожу, какой вижу на странице загрузки файлов конфигурации.
Или я не там пароль смотрю?)
На сервере видно, что кто-то из сетки вашего провайдера уже несколько часов подключен к серверу в Нидерландах. И все у него ок. Мы также проверили подключение к этому серверу из разных городов в разных странах. Все работает. Какой пароль вы вводите?
13 Reply by cb.lpd.pmr 06.07.2016 15:12:58 (edited by cb.lpd.pmr 06.07.2016 15:14:03)
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
508425204
Все верно. Я утром пытался подключиться к Голландии…
14 Reply by Rino 06.07.2016 15:17:19
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
508425204
Все верно. Я утром пытался подключиться к Голландии…
Посмотрите, пожалуйста, внимательно на страницу с доступом к бесплатному VPN-серверу в Нидерландах. Там совершенно другой пароль. И «Пароль был изменен 05.07.2016 в 16:48 (московское время)», т.е. пароль работает уже почти сутки.
15 Reply by cb.lpd.pmr 06.07.2016 15:21:53
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
Как это другой?) Обновил страницу десятки раз, вижу только тот, что написал тут…
16 Reply by Rino 06.07.2016 15:25:43
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
Как это другой?) Обновил страницу десятки раз, вижу только тот, что написал тут…
Зато более 700 пользователей нашего сервиса, которые подключались к серверу в Нидерландах со вчерашнего дня, увидели немного другой. Извините, нам запрещено писать на форуме текущие пароли, т.к. они могут создать неразбериху. Если вы хотите подключиться к серверу в Нидерландах, вам надо быть чуточку внимательнее.
17 Reply by cb.lpd.pmr 06.07.2016 15:30:42
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
Простите, а в чем моя «невнимательность» заключается? Пароль на странице не обновляется. Есть скрин, который я не могу выложить.
18 Reply by Rino 06.07.2016 15:34:23
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
Простите, а в чем моя «невнимательность» заключается? Пароль на странице не обновляется. Есть скрин, который я не могу выложить.
Посмотрите, пожалуйста, внимательно на вторую и восьмую цифры. Там совсем не нули.
Изображения, кстати, можно выставлять.
19 Reply by cb.lpd.pmr 06.07.2016 15:45:32
- cb.lpd.pmr
- Новичок
- Offline
- Registered: 05.07.2016
- Posts: 9
Re: Проблема с подключением
Свершилось… Спасибо
20 Reply by Rino 06.07.2016 15:46:51
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
cb.lpd.pmr wrote:
Свершилось… Спасибо
И вам спасибо!
21 Reply by vvblackvv 25.07.2016 15:50:51
- vvblackvv
- Новичок
- Offline
- Registered: 04.07.2016
- Posts: 7
Re: Проблема с подключением
Всё работало исправно , но сегодня тоже не могу подключиться , такая же проблема как и у автора , пишет всё тоже самое.
Пароль ввозу свежий, обновил файлы конфигурации , не помогло..Вообщем прошу помочь и заранее огромное спасибо)
22 Reply by Rino 25.07.2016 16:04:58
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
vvblackvv wrote:
Всё работало исправно , но сегодня тоже не могу подключиться , такая же проблема как и у автора , пишет всё тоже самое.
Пароль ввозу свежий, обновил файлы конфигурации , не помогло..Вообщем прошу помочь и заранее огромное спасибо)
Какое направление?
23 Reply by vvblackvv 25.07.2016 16:34:24
- vvblackvv
- Новичок
- Offline
- Registered: 04.07.2016
- Posts: 7
Re: Проблема с подключением
Направление? то есть куда подключаюсь ? если я так понял то к серверу России
24 Reply by Rino 25.07.2016 16:48:21
- Rino
- Moderator
- Offline
- Registered: 20.05.2016
- Posts: 518
Re: Проблема с подключением
vvblackvv wrote:
Направление? то есть куда подключаюсь ? если я так понял то к серверу России
С российским сервером все в порядке. Какой пароль вводите?
25 Reply by vvblackvv 25.07.2016 17:03:19
- vvblackvv
- Новичок
- Offline
- Registered: 04.07.2016
- Posts: 7
Re: Проблема с подключением
хмм , а вот теперь подключилось , странно..пароль я использовал вчерашний т.к он так и не обновился , вводил правильно ибо я его запомнил , а сейчас когда не получилось подключиться я его по много раз перепроверял , в общем не важно , заработало и славно , извините что отвлёк и спасибо)
Pages 1 2 Next
You must login or register to post a reply
Skip to content
Got a problem with Viscosity or need help? Ask here!
-
sigmadict
- Posts: 3
- Joined: Fri Feb 12, 2016 5:00 am
Hello,
I am trying to connect and I get Authentification Failed all the time.
I am with Internet Private Access, and it’s working connected.
So, i try entering my Username and Password and it always fails.
I get this error in the message box :
Feb 11 13:04:20: Viscosity Mac 1.5.11 (1314)
Feb 11 13:04:20: Viscosity OpenVPN Engine Started
Feb 11 13:04:20: Running on Mac OS X 10.11.3
Feb 11 13:04:20: ———
Feb 11 13:04:20: Checking reachability status of connection…
Feb 11 13:04:21: Connection is reachable. Starting connection attempt.
Feb 11 13:04:22: OpenVPN 2.3.8 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 23 2015
Feb 11 13:04:22: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Feb 11 13:04:33: UDPv4 link local: [undef]
Feb 11 13:04:33: UDPv4 link remote: [AF_INET]172.98.67.44:1194
Feb 11 13:04:33: WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Feb 11 13:04:33: [Private Internet Access] Peer Connection Initiated with [AF_INET]172.98.67.44:1194
Feb 11 13:04:35: AUTH: Received control message: AUTH_FAILED
Feb 11 13:04:35: SIGUSR1[soft,auth-failure] received, process restarting
Feb 11 13:04:38: ERROR: could not read Auth username/password/ok/string from management interface
Feb 11 13:04:38: Exiting due to fatal error
Could you provide me support to get connected please ?
Thanks
Regards
-
James
- Posts: 2220
- Joined: Thu Sep 04, 2008 9:27 pm
Hi sigmadict,
Thanks for posting your log. It indicates that the OpenVPN server is rejecting your authentication attempt:
Feb 11 13:04:35: AUTH: Received control message: AUTH_FAILED
It’s possible this means that your login attempt is being rejected as the username/password being used is incorrect, or the VPN server may be rejecting your authentication attempt for another reason (for example, most VPN Service Providers limit the number of simultaneous connections you can make — it may think you are already connected).
I’d recommend checking for sure that the username and password being entered is correct and what your VPN Provider expects. If that fails, you may like to reset the saved details in your Keychain to be 100% old login details are not being used. Please see the following support article for details of how to clear saved details: http://www.sparklabs.com/support/kb/art … -keychain/
Finally, if you’re still stuck I recommend getting in touch with your VPN Provider. They should be able to check their server-side logs to check why your authentication attempt is being rejected.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
-
sigmadict
- Posts: 3
- Joined: Fri Feb 12, 2016 5:00 am
Hello,
I am not sure the problem is with Private Internet Access, because their Service gets connected.
I can’t get Viscosity to connect, I tryed everything, and I Also look to delete the keychain, but their was no Keychain remembered from Viscosity. So I keep getting Authentification Failed from Viscosity, not Private internet Access.
It could be a problem with Mac and Viscosity trying to login with username and password, but I tryed everything and surfed the net without answers.
What would be your advice for the next step I should take to solve the problem ?
Thanks
Regards
-
James
- Posts: 2220
- Joined: Thu Sep 04, 2008 9:27 pm
Hi sigmadict,
I’m afraid you’ll need to get in touch with your VPN Provider — only they can offer you a definite answer as to why their server is rejecting your authentication attempt. As mentioned above, an OpenVPN server can be configured to send an AUTH_FAILED message for other reasons as well, so it’s possible your configuration may be out of date, your certificate authentication details expired, etc.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
-
sigmadict
- Posts: 3
- Joined: Fri Feb 12, 2016 5:00 am
I found the problem, PIA (Private Internet Access), if the program is Open, even if it is Not Connected, Viscosity cannot login on Mac.
So I had to shut down both programs, relaunch Viscosity only, then I could get connected.
The Username and Password are the ones from Private Internet Access in this case, not from my personal computer.
Thanks for helping me solving my problem.
I think the installation guide should include this information, because I lost alot of time and I think some other people are having the same issue and it got really frustrating to get the product working. The support was great, but the procedure to run the program should be clearer in my opinion.
Thanks
Regards
I am having similar problems. I fixed the warnings to make my settings consistent with the PIA server settings but still get the AUTH_FAILED error. Like the OP, using «openvpn /etc/openvpn/<vpnname>.ovpn works correctly as expected, but fails if initiated from the networkmanager applet. Using the nm-applet, I am prompted for a password. I enter the correct password and am prompted again, and this repeats until I cancel or the applet exits.
Here is my CA Toronto.ovpn file:
client
dev tun
proto udp
remote ca-toronto.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass pia.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occThe corresponding NetworkManager connection file is:
[connection]
id=PIA - CA Toronto
uuid=eb0c00ef-5a9c-4712-ad16-ae343cf60003
type=vpn
autoconnect=false
permissions=user:marshal:;
[vpn]
auth=SHA1
ca=/etc/openvpn/pia-ca.rsa.4096.crt
cipher=BF-CBC
comp-lzo=yes
connection-type=password
dev-type=tun
keysize=128
password-flags=0
port=1197
remote=ca-toronto.privateinternetaccess.com
username=<correct PIA username>
service-type=org.freedesktop.NetworkManager.openvpn
[vpn-secrets]
password=<correct PIA password>
[ipv4]
dns-search=
method=auto
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=ignoreI’ve read numerous posts, wiki, etc. to no avail. I’ve tried manually editing the nm connection file, but it just gets rewritten by nm. I’m beginning to think this is a bug in networkmanager-openvpn and wonder if anyone has a working example — one they use successfully to establish a vpn connection via the nm applet.
A snippet of journalctl -u NetworkManager, if it might help: (I was prompted for the password twice before I clicked the «cancel» button)
Nov 19 22:59:04 zenbook NetworkManager[1386]: <info> [1511150344.2299] vpn-connection[0x557c6f8b32e0,eb0c00ef-5a9c-4712-ad16-ae343cf60003,"PIA - CA Toronto",0]: VPN plugin: requested secrets; state connect
Nov 19 22:59:06 zenbook NetworkManager[1386]: <info> [1511150346.0072] settings-connection[0x557c6f6e22b0,eb0c00ef-5a9c-4712-ad16-ae343cf60003]: write: successfully commited (keyfile: update /etc/NetworkManager/system-connections/PIA - CA Toronto (eb0c00ef-5a9c-4712-ad16-ae343cf60003,"PIA - CA Toronto"))
Nov 19 22:59:06 zenbook nm-openvpn[3844]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 19 22:59:06 zenbook nm-openvpn[3844]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 19 22:59:06 zenbook nm-openvpn[3844]: TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.67.62:1197
Nov 19 22:59:06 zenbook nm-openvpn[3844]: UDP link local: (not bound)
Nov 19 22:59:06 zenbook nm-openvpn[3844]: UDP link remote: [AF_INET]172.98.67.62:1197
Nov 19 22:59:06 zenbook nm-openvpn[3844]: [5413181d7a866ec2edcb0b5f50efed02] Peer Connection Initiated with [AF_INET]172.98.67.62:1197
Nov 19 22:59:07 zenbook nm-openvpn[3844]: AUTH: Received control message: AUTH_FAILED
Nov 19 22:59:07 zenbook nm-openvpn[3844]: SIGUSR1[soft,auth-failure] received, process restarting
Nov 19 22:59:14 zenbook NetworkManager[1386]: <error> [1511150354.0065] vpn-connection[0x557c6f8b32e0,eb0c00ef-5a9c-4712-ad16-ae343cf60003,"PIA - CA Toronto",0]: Failed to request VPN secrets #4: User canceled the secrets request.
Nov 19 22:59:14 zenbook nm-openvpn[3844]: ERROR: could not read Auth username/password/ok/string from management interface
Nov 19 22:59:14 zenbook nm-openvpn[3844]: Exiting due to fatal error
Nov 19 22:59:14 zenbook NetworkManager[1386]: <warn> [1511150354.0242] vpn-connection[0x557c6f8b32e0,eb0c00ef-5a9c-4712-ad16-ae343cf60003,"PIA - CA Toronto",0]: VPN plugin: failed: connect-failed (1)
Nov 19 22:59:14 zenbook NetworkManager[1386]: <info> [1511150354.0246] vpn-connection[0x557c6f8b32e0,eb0c00ef-5a9c-4712-ad16-ae343cf60003,"PIA - CA Toronto",0]: VPN plugin: state changed: stopping (5)
Nov 19 22:59:14 zenbook NetworkManager[1386]: <info> [1511150354.0250] vpn-connection[0x557c6f8b32e0,eb0c00ef-5a9c-4712-ad16-ae343cf60003,"PIA - CA Toronto",0]: VPN plugin: state changed: stopped (6)Any and all help would be much appreciated.
-
Войти
- ВОПРОСЫ
- Форум техподдержки
- Техническая поддержка / Support
- По работе туннелей и маршрутизации / VPN tuns & routing
- Перестал подключаться по OpenVpn
3 года 6 мес. назад #4463
от VladimirS
user5901 и user5902
Использую openvpn
msk.vpnki.ru пингуется
Thu Aug 08 09:27:59 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu Aug 08 09:27:59 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Aug 08 09:27:59 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Thu Aug 08 09:28:03 2019 WARNING: —ns-cert-type is DEPRECATED. Use —remote-cert-tls instead.
Thu Aug 08 09:28:03 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]146.185.130.180:35148
Thu Aug 08 09:28:03 2019 UDP link local (bound): [AF_INET][undef]:1194
Thu Aug 08 09:28:03 2019 UDP link remote: [AF_INET]146.185.130.180:35148
Thu Aug 08 09:28:03 2019 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Thu Aug 08 09:28:04 2019 [VPNKI] Peer Connection Initiated with [AF_INET]146.185.130.180:35148
Thu Aug 08 09:28:05 2019 AUTH: Received control message: AUTH_FAILED
Thu Aug 08 09:28:05 2019 SIGUSR1[soft,auth-failure] received, process restarting
Thu Aug 08 09:28:17 2019 ERROR: could not read Auth username/password/ok/string from management interface
Thu Aug 08 09:28:17 2019 Exiting due to fatal error
Что-то непонятное с отображением состоянию туннелей.
— останавливаю OpenVpn
— индикатор становиться серым
— перехожу на страницу «Статус подключений» — оба канала включены
— нажимаю кнопки отключить
— индикаторы остаются активными, кнопки исчезают, но тут же опять появляются.
Пожалуйста Войти или Регистрация, чтобы присоединиться к беседе.
3 года 6 мес. назад #4464
от admin
Странно, по данным сервера сейчас ваши соединения активны с 16 часов 7 августа. Но это невозможно, так как в 00-00 был перезапуск туннелей и уж точно все должно было сброситься.
Сейчас кое-что поменял, попробуйте подключиться.
Насчет отображения статуса — это из-за высокой загрузки сервера вчера около 16-30…
У нас тут дружеский DDoS от наших же пользователей, которые услугами не пользуются, а соединения со своих модемов не удалили. Вот роботы нас и атакуют. Ввиду этого тут высокая нагрузка на сервер и разные странности.
Спасибо сказали: VladimirS
Пожалуйста Войти или Регистрация, чтобы присоединиться к беседе.
- ВОПРОСЫ
- Форум техподдержки
- Техническая поддержка / Support
- По работе туннелей и маршрутизации / VPN tuns & routing
- Перестал подключаться по OpenVpn
Время создания страницы: 0.066 секунд
Google Authenticator and OpenVPN
In my previous post, we went over how to get Google Authenticator installed on FreeNAS. Then we setup SSH to use it. In this guide, we’ll get Multi-Factor Authentication working for OpenVPN. This guide will be specific to FreeNAS, but should be applicable to FreeBSD as well.
Part I
Get Google Authenticator installed and setup for users
Go see my previous guide on getting Google Authenticator installed.
Part II
Configure OpenVPN to use both certificates and an OTP (one time password) provided by Google Authenticator.
1. Open a terminal either through the GUI or ssh.
2. Switch user to root.
su enter root password
3. Mount the file system and make it writeable
mount -uw /
4. First we need to create an entry for openvpn under /etc/pam.d This will tell OpenVPN that authentication with the pam_google_authenticator.so module is required. Also need to remember to copy this file to /conf/base/etc/pam.d so that our change will survive a reboot.
touch /etc/pam.d/openvpn printf "auth required /usr/local/lib/pam_google_authenticator.so" >> /etc/pam.d/openvpn cp /etc/pam.d/openvpn /conf/base/etc/pam.d/openvpn
5. Check to make sure the permissions are correct on the pam_google_authenticator.so module. sshd doesn’t seem to care, but OpenVPN does seem to care. Side note, there are several guides written for Linux that say you have to modify the MakeFile with LDFLAGS=”-lpam” when building the pam_google_authenticator.so module. That is NOT the case in FreeNAS / FreeBSD as the port takes care of that.
chmod 555 /usr/local/lib/pam_google_authenticator.so
6. Now we need to add a few settings to our OpenVPN server config. If you followed my guide on setting up OpenVPN on FreeNAS, your server config is on your data drive. Change the part after the “>>” to match your setup.
printf "n#Enable Multi-Factor Authenticationn" >> /mnt/Files/openvpn/openvpn.conf printf "plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpnnn" >> /mnt/Files/openvpn/openvpn.conf printf "#Prevent re-authorization every 3600 secondsn" >> /mnt/Files/openvpn/openvpn.conf printf "reneg-sec 0nn" >> /mnt/Files/openvpn/openvpn.conf
7. Now, on your client computers, you need to add the following to your openvpn-client config. You can just add it at the bottom.
#Add this to the client config to enable Multi-Factor Authentication
auth-user-pass
#Prevent the password file from being cached
auth-nocache
8. Now restart openvpn on your FreeNAS box.
service openvpn restart
Your output should look like this:
Stopping openvpn.
Waiting for PIDS: 494.
Starting openvpn.
AUTH-PAM: BACKGROUND: INIT service='openvpn'
add net 10.8.0.0: gateway 10.8.0.2
9. Make the filesystem read only again.
mount -ur /
10. Fire up your VPN connection on a client computer and you should get a field that asks for a username and password in order to connect.
You will put in your user name for one of the accounts you set up using the google-authenticator command on your FreeNAS server. The password will just be the 6 digit OTP you get from the Google Authenticator App on your smart phone. Don’t bother saving it in the keychain. If everything goes right, you will connect and then see this in your terminal session:
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: joe
AUTH-PAM: BACKGROUND: my_conv[0] query='Verification code: ' style=1
Part III
Questions and such…
We’ve done it. We now have multi-factor authentication setup for our VPN. I’m left wondering though. Many of the guides I looked at related to this subject said that /etc/pam.d/openvpn needed a lot more in it that what I have used. For instance, one guide over at askubuntu.com says to use this:
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so
account requisite pam_deny.so
account required pam_permit.so
auth required pam_google_authenticator.so
Is all of that account stuff really needed? My hunch is that it is not. If you have any insight, please share it in the comments section.