Home Page › Forums › Network Management › ZeroShell › OpenVPN Host-to-LAN VPN with X.509, Kerberos 5 and Radius A
- This topic is empty.
-
AuthorPosts
-
November 29, 2016 at 10:24 pm #44683
marcus@richters-it.de
Participant80.187.114.22:16145 [marcus@RICHTERS-IT.DE] Trying Kerberos 5 (Local KDC) authentication
80.187.114.22:16145 [marcus@RICHTERS-IT.DE] Kerberos 5 authentication failed for marcus@RICHTERS-IT.DE: kinit(v5): Password incorrect while getting initial credentials
80.187.114.22:16145 WARNING: Failed running command (–auth-user-pass-verify): external program exited with error status: 10
80.187.114.22:16145 TLS Auth Error: Auth Username/Password verification failed for peer
80.187.114.22:16145 [marcus] Peer Connection Initiated with [AF_INET]80.187.114.22:16145
November 29, 2016 at 10:26 pm #54294marcus@richters-it.de
Participant#============================================================================#
# Specify the Hostname or the IP, the port and the protocol (tcp or udp) #
# to reach the OpenVPN Server. #
# The Hostname can be a dynamic FQDN such as a DynDNS one. #
#============================================================================#remote XXXX XXXX
proto udp
#============================================================================#
# You must specify this parameter if you want the Username and Password #
# request to appear. Comment it if you only use X.509 Authentication. #
#============================================================================#auth-user-pass
#============================================================================#
# You need to specify the file which contains the certificate (PEM format) #
# of the Certification Authority that signed the OpenVPN server certificate. #
# You can export it by clicking the hyperlink CA on the login page of #
# ZeroShell. #
# Notice that you need to specify this parameter also if you use #
# “Password Only” Authentication. #
#============================================================================#
BEGIN CERTIFICATE
END CERTIFICATE
#============================================================================#
# If you want to use the Client X.509 Authentication you must specify #
# a client certificate and the related private key in pem format. #
# You can merge both in the same file. #
#============================================================================#
BEGIN CERTIFICATE
END CERTIFICATE
BEGIN RSA PRIVATE KEY
END RSA PRIVATE KEY
#============================================================================#
# You should not need to change these settings. #
#============================================================================#comp-lzo
verb 3
resolv-retry infinite
nobind
client
dev tap
persist-key
persist-tun
November 29, 2016 at 10:29 pm #54295marcus@richters-it.de
ParticipantZeroshell 3.6.0
Current Kernel: 4.4.13-ZS-64
Installed Packages
NTOP – Web-based Traffic Analysis and Flow Collection 2.4
BUG FIX #00 – Captive Portal
64-Bit Kernel 4.4.13
A Kit of Utilities and Services 1.0.0
Nmap – Security Port Scanner 6.47December 7, 2016 at 10:04 pm #54296marcus@richters-it.de
ParticipantThe latest OpenVPN Connect Client (openvpn-connect-2.1.3.110.msi) won’t work with Zeroshell.
I tried the latest standard OpenVPN software (openvpn-install-2.3.14-I601-x86_64.exe) and it worked exactly for one time.
Now I’m getting connection failed.
// “port check”
root@lvps…:~# echo -e “x38x01x00x00x00x00x00x00x00” | timeout 10 nc -u XXXX.richters-it.de 1194 | cat -v@M-^@m+:M-g#M-$}^@^@^@^@^@@M-^@m+:M-g#M-$}^@^@^@^@^@@M-^@m+:M-g#M-$}^@^@^@^@^@
Zeroshell Log:
23:02:42 lvps…:49163 TLS Error: reading acknowledgement record from packet
23:03:42 lvps…:49163 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
23:03:42 lvps…:49163 TLS Error: TLS handshake failed
23:04:35 lvps…:32987 NOTE: –mute triggered…But Server is obviously running
December 9, 2016 at 4:03 pm #54297iulyb
MemberHi,
I use linux client (linux mint ), and work flawless but, it was a huge pain to set it up.
There are a lot of parameters to match.
I use the simple password only. You should start with this, make it to work, and then go further.On ZS, I am using command line option:
--float --cipher AES-128-CBC --engine padlock --push 'foreign_option_1='dhcp-option DNS 192.168.250.254''
Then on client I had to check LZO compression and TCP (because I use TCP port), default I think is UDP. This was the reason for me why I got the connection error.
Then Under the security client I picked the same cipher AES-128-CBC and hashing (HMAC Authentication) to SHA1
This was the reason for my authentication errors.. 😉Make sure you check the instructions on the VPN board and other HowTos
August 23, 2017 at 7:38 am #54298marcus@richters-it.de
Participant -
AuthorPosts
- You must be logged in to reply to this topic.