[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2.0_rc6: --auth-user-pass don't work without --pull


  • Subject: Re: [Openvpn-users] 2.0_rc6: --auth-user-pass don't work without --pull
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Wed, 29 Dec 2004 14:26:47 -0700 (MST)

On Wed, 29 Dec 2004, Mathias Sundman wrote:

> The following config doesn't work without pull on WinXP and OpenVPN 
> 2.0_rc6:
> 
> dev tap
> proto tcp-client
> remote xxxx.xxxx.xx 443
> tls-client
> tls-remote VPN_Server
> ca ca.crt
> auth-user-pass
> tls-auth tls-auth.key
> ifconfig 172.20.101.100 255.255.255.0
> #pull
> nobind
> mssfix 1400
> resolv-retry infinite
> verb 3

Right now --auth-user-pass requires --pull because the server uses the
push/pull channel to return either the push list on success or an
AUTH_FAILED message on failure.  There are other reasons as well why 
--auth-user-pass cannot work except in client/server mode.

Basically you'd need to write some code if you wanted to use 
--auth-user-pass in point-to-point TLS mode.

And you'd need to write even more code if you wanted to make it work with 
preshared static keys.

James

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users