- This topic is empty.
August 13, 2013 at 3:05 pm #43710
I’m using Zeroshell 2.0.RC2.
I have setup OpenVPN server to use X.509 certificate + password.
I have the ovpn, user pem and CA.pem file.
When I launch OpenVPN, i’m asked the login and password but I always got an AUTH_FAILED error in OpenVPN :
Tue Aug 13 16:57:02 2013 AUTH: Received AUTH_FAILED control message
Tue Aug 13 16:57:02 2013 TCP/UDP: Closing socket
Tue Aug 13 16:57:02 2013 SIGTERM[soft,auth-failure] received, process exiting
If i try with “Only X.509 certificate” auth option (and auth-user-pass commented), it works.
I created another user to test with its credentials, but i got the same error.
I’m using the provided openvpn file in the tutorial and “auth-user-pass” is enabled.
Any idea ?
Thanks.August 22, 2013 at 4:33 pm #52825
The error still occurs with Zeroshell 2.0.2 RC3.August 22, 2013 at 5:26 pm #52826redfiveParticipant
Zs and openvpn work perfectly together , from which S.O. are you trying to connect ? This is one of my configuration files , (host is win) and openvpn client is OpenVpn 2.3.2
remote xx.xx.xx.xx 1194
#verify-x509-name 'OU=Hosts, CN=cn_on_certificate'
remote-cert-eku 'TLS Web Server Authentication'
greetingsAugust 26, 2013 at 7:21 pm #52827
It doesn’t work with your config either :
Mon Aug 26 21:19:22 2013 VERIFY OK: depth=1, /O=example/OU=zeroshell_afec/CN=ZeroShell
Mon Aug 26 21:19:22 2013 VERIFY OK: depth=0, /OU=Hosts/CN=gateway.domain.com
Mon Aug 26 21:19:25 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 26 21:19:25 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 26 21:19:25 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 26 21:19:25 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 26 21:19:25 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Aug 26 21:19:25 2013 [gateway.domain.com] Peer Connection Initiated with XXX.XXX.XXX.XXX:1194
Mon Aug 26 21:19:27 2013 SENT CONTROL [gateway.domain.com]: 'PUSH_REQUEST' (status=1)
Mon Aug 26 21:19:27 2013 AUTH: Received AUTH_FAILED control message
Mon Aug 26 21:19:27 2013 TCP/UDP: Closing socket
Mon Aug 26 21:19:27 2013 SIGTERM[soft,auth-failure] received, process exitingAugust 26, 2013 at 10:33 pm #52828redfiveParticipant
Strange.. are you sure that user and pwd are correct ? And the logs on ZS , what say when you fail the vpn connection ?August 27, 2013 at 7:55 am #52829
21:18:57 18.104.22.168:50264 [user@EXAMPLE.COM] Trying Kerberos 5 (Local KDC) authentication
21:18:58 22.214.171.124:50264 [user@EXAMPLE.COM] Kerberos 5 authentication failed: host/gateway.domain.com@EXAMPLE.COM: Server not found in Kerberos database while getting credentials
21:18:58 126.96.36.199:50264 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 11
21:18:58 188.8.131.52:50264 TLS Auth Error: Auth Username/Password verification failed for peer
Well, the firstname.lastname@example.org exists in kerberos database but gateway.domain.com doesn’t (gateway.localdomain.com exists, didn’t see the difference before).
Adding it fixed my issue, thanks for pointing that out 🙂
- You must be logged in to reply to this topic.