- This topic is empty.
-
Posts
-
Hi,
I’m using Zeroshell 2.0.RC2.
I have setup OpenVPN server to use X.509 certificate + password.I have the ovpn, user pem and CA.pem file.
When I launch OpenVPN, i’m asked the login and password but I always got an AUTH_FAILED error in OpenVPN :Tue Aug 13 16:57:02 2013 AUTH: Received AUTH_FAILED control message
Tue Aug 13 16:57:02 2013 TCP/UDP: Closing socket
Tue Aug 13 16:57:02 2013 SIGTERM[soft,auth-failure] received, process exitingIf i try with “Only X.509 certificate” auth option (and auth-user-pass commented), it works.
I created another user to test with its credentials, but i got the same error.
I’m using the provided openvpn file in the tutorial and “auth-user-pass” is enabled.
Any idea ?
Thanks.
Zs and openvpn work perfectly together , from which S.O. are you trying to connect ? This is one of my configuration files , (host is win) and openvpn client is OpenVpn 2.3.2
remote xx.xx.xx.xx 1194
proto tcp
auth-user-pass
ca myCacert.pem
cert myusercert.pem
key myusercert.pem
#verify-x509-name 'OU=Hosts, CN=cn_on_certificate'
remote-cert-eku 'TLS Web Server Authentication'
#cipher AES-128-CBC
#auth RSA-SHA512
comp-lzo
verb 3
mute 20
resolv-retry infinite
nobind
client
dev tap
persist-key
persist-tun
auth-nocache
script-security 3
route-method exe
route-delay 2greetings
It doesn’t work with your config either :
Mon Aug 26 21:19:22 2013 VERIFY OK: depth=1, /O=example/OU=zeroshell_afec/CN=ZeroShell
Mon Aug 26 21:19:22 2013 VERIFY OK: depth=0, /OU=Hosts/CN=gateway.domain.com
Mon Aug 26 21:19:25 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 26 21:19:25 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 26 21:19:25 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 26 21:19:25 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 26 21:19:25 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Aug 26 21:19:25 2013 [gateway.domain.com] Peer Connection Initiated with XXX.XXX.XXX.XXX:1194
Mon Aug 26 21:19:27 2013 SENT CONTROL [gateway.domain.com]: 'PUSH_REQUEST' (status=1)
Mon Aug 26 21:19:27 2013 AUTH: Received AUTH_FAILED control message
Mon Aug 26 21:19:27 2013 TCP/UDP: Closing socket
Mon Aug 26 21:19:27 2013 SIGTERM[soft,auth-failure] received, process exitingStrange.. are you sure that user and pwd are correct ? And the logs on ZS , what say when you fail the vpn connection ?
21:18:57 89.2.150.224:50264 [user@EXAMPLE.COM] Trying Kerberos 5 (Local KDC) authentication
21:18:58 89.2.150.224:50264 [user@EXAMPLE.COM] Kerberos 5 authentication failed: host/gateway.domain.com@EXAMPLE.COM: Server not found in Kerberos database while getting credentials
21:18:58 89.2.150.224:50264 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 11
21:18:58 89.2.150.224:50264 TLS Auth Error: Auth Username/Password verification failed for peerWell, the user@example.com exists in kerberos database but gateway.domain.com doesn’t (gateway.localdomain.com exists, didn’t see the difference before).
Adding it fixed my issue, thanks for pointing that out 🙂
- You must be logged in to reply to this topic.