[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN Auth issue


  • Subject: Re: [Openvpn-users] OpenVPN Auth issue
  • From: Michael Flaig <mflaig@xxxxxxxxxxxx>
  • Date: Thu, 04 Oct 2007 03:49:32 +0200

Hi,

seems to me like the plugin for pam auth is dying or exits and therefore
your openvpn server also quits. 

I'm using certificates for auth but I think you need to look deeper into
what the pam plugin does instead of openvpn itself ...

just my 2 cents,

Michael

Am Mittwoch, den 03.10.2007, 12:54 -0700 schrieb Caleb Pal:
> Hello all, 

[...]

> I just noticed the clock on the server is 10 minutes and some change
> behind, so ignore that....

you really want to use ntp or rdate
 
> Wed Oct  3 12:22:51 2007 TLS: new session incoming connection from
> 129.xxx.xxx.xxx:1194
> Wed Oct  3 12:22:52 2007 VERIFY OK:
> depth=1, /C=US/ST=Wa/L=SEA/O=xxxx/OU=IT/CN=Sec2/emailAddress=xxxxx
> Wed Oct  3 12:22:52 2007 VERIFY OK:
> depth=0, /C=US/ST=Wa/O=xxxx/OU=IT/CN=client1/emailAddress=xxxxx
> AUTH-PAM: BACKGROUND: user 'jdoe' failed to authenticate:
> Authentication failure
> Wed Oct  3 12:22:54 2007 PLUGIN_CALL:
> POST /usr/lib/openvpn/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY
> status=1
> Wed Oct  3 12:22:54 2007 PLUGIN_CALL: plugin function
> PLUGIN_AUTH_USER_PASS_VERIFY failed with status
> 1: /usr/lib/openvpn/openvpn-auth-pam.so
> Wed Oct  3 12:22:54 2007 TLS Auth Error: Auth Username/Password
> verification failed for peer
> Wed Oct  3 12:22:54 2007 TLS: move_session: dest=TM_ACTIVE
> src=TM_UNTRUSTED reinit_src=1
> Wed Oct  3 12:22:54 2007 TLS: tls_multi_process: untrusted session
> promoted to semi-trusted
> Wed Oct  3 12:22:54 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
> DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Oct  3 12:22:55 2007 PUSH: Received control message:
> 'PUSH_REQUEST'
> Wed Oct  3 12:22:55 2007 SENT CONTROL [client1]:
> 'AUTH_FAILED' (status=1)
> Wed Oct  3 12:22:55 2007 Delayed exit in 5 seconds
> Wed Oct  3 12:22:57 2007 read UDPv4 [ECONNREFUSED]: Connection refused
> (code=111)
> Wed Oct  3 12:22:59 2007 TLS Error: Cannot accept new session request
> from 129.xxx.xxx.xxx:1194 due to session context expire or
> --single-session [2]

the log looks supicious here ... are you using --single-session when
calling openvpn?

> Wed Oct  3 12:23:00 2007 TCP/UDP: Closing socket
> Wed Oct  3 12:23:00 2007 Closing TUN/TAP interface
> Wed Oct  3 12:23:00 2007
> PLUGIN_CLOSE: /usr/lib/openvpn/openvpn-auth-pam.so
> Wed Oct  3 12:23:00 2007 SIGTERM[soft,delayed-exit] received, process
> exiting
> 
> End Server Log

[...]

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil