OpenVPN Host-to-LAN VPN with X.509, Kerberos 5 and Radius A

Home Page Forums Network Management ZeroShell OpenVPN Host-to-LAN VPN with X.509, Kerberos 5 and Radius A

This topic contains 4 replies, has 0 voices, and was last updated by  marcus@richters-it.de 1 year, 2 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #44683

    80.187.114.22:16145 [marcus@RICHTERS-IT.DE] Trying Kerberos 5 (Local KDC) authentication

    80.187.114.22:16145 [marcus@RICHTERS-IT.DE] Kerberos 5 authentication failed for marcus@RICHTERS-IT.DE: kinit(v5): Password incorrect while getting initial credentials

    80.187.114.22:16145 WARNING: Failed running command (–auth-user-pass-verify): external program exited with error status: 10

    80.187.114.22:16145 TLS Auth Error: Auth Username/Password verification failed for peer

    80.187.114.22:16145 [marcus] Peer Connection Initiated with [AF_INET]80.187.114.22:16145

    #54294

    #============================================================================#
    # Specify the Hostname or the IP, the port and the protocol (tcp or udp) #
    # to reach the OpenVPN Server. #
    # The Hostname can be a dynamic FQDN such as a DynDNS one. #
    #============================================================================#

    remote XXXX XXXX

    proto udp

    #============================================================================#
    # You must specify this parameter if you want the Username and Password #
    # request to appear. Comment it if you only use X.509 Authentication. #
    #============================================================================#

    auth-user-pass

    #============================================================================#
    # You need to specify the file which contains the certificate (PEM format) #
    # of the Certification Authority that signed the OpenVPN server certificate. #
    # You can export it by clicking the hyperlink CA on the login page of #
    # ZeroShell. #
    # Notice that you need to specify this parameter also if you use #
    # “Password Only” Authentication. #
    #============================================================================#


    BEGIN CERTIFICATE



    END CERTIFICATE


    #============================================================================#
    # If you want to use the Client X.509 Authentication you must specify #
    # a client certificate and the related private key in pem format. #
    # You can merge both in the same file. #
    #============================================================================#


    BEGIN CERTIFICATE



    END CERTIFICATE



    BEGIN RSA PRIVATE KEY



    END RSA PRIVATE KEY


    #============================================================================#
    # You should not need to change these settings. #
    #============================================================================#

    comp-lzo

    verb 3

    resolv-retry infinite

    nobind

    client

    dev tap

    persist-key

    persist-tun

    #54295

    Zeroshell 3.6.0

    Current Kernel: 4.4.13-ZS-64

    Installed Packages

    NTOP – Web-based Traffic Analysis and Flow Collection 2.4
    BUG FIX #00 – Captive Portal
    64-Bit Kernel 4.4.13
    A Kit of Utilities and Services 1.0.0
    Nmap – Security Port Scanner 6.47

    https://www.richters-it.de/openvpn-connect-2.1.3.110.msi

    #54296

    The latest OpenVPN Connect Client (openvpn-connect-2.1.3.110.msi) won’t work with Zeroshell.

    I tried the latest standard OpenVPN software (openvpn-install-2.3.14-I601-x86_64.exe) and it worked exactly for one time.

    Now I’m getting connection failed.

    // “port check”
    root@lvps…:~# echo -e “x38x01x00x00x00x00x00x00x00” | timeout 10 nc -u XXXX.richters-it.de 1194 | cat -v

    @M-^@m+:M-g#M-$}^@^@^@^@^@@M-^@m+:M-g#M-$}^@^@^@^@^@@M-^@m+:M-g#M-$}^@^@^@^@^@

    Zeroshell Log:
    23:02:42 lvps…:49163 TLS Error: reading acknowledgement record from packet
    23:03:42 lvps…:49163 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    23:03:42 lvps…:49163 TLS Error: TLS handshake failed
    23:04:35 lvps…:32987 NOTE: –mute triggered…

    But Server is obviously running

    #54297

    iulyb
    Member

    Hi,
    I use linux client (linux mint ), and work flawless but, it was a huge pain to set it up.
    There are a lot of parameters to match.
    I use the simple password only. You should start with this, make it to work, and then go further.

    On ZS, I am using command line option:

    --float --cipher AES-128-CBC --engine padlock --push 'foreign_option_1='dhcp-option DNS 192.168.250.254''

    Then on client I had to check LZO compression and TCP (because I use TCP port), default I think is UDP. This was the reason for me why I got the connection error.
    Then Under the security client I picked the same cipher AES-128-CBC and hashing (HMAC Authentication) to SHA1
    This was the reason for my authentication errors.. 😉

    Make sure you check the instructions on the VPN board and other HowTos

    #54298

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.