[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: auth-user-pass problem


  • Subject: Re: auth-user-pass problem
  • From: Gonda Laszlo <lgonda@xxxxxx>
  • Date: Thu, 20 Jan 2005 11:47:01 +0100


James Yonan wrote:

> It's not a security hole because you shouldn't be able to actually forward
> any tunnel data over such a connection.
>
> In this case the TLS connection must be established, because otherwise the
> client would have no secure channel over which to transmit the
> username/password.  Any actual tunnel packets will be filtered by the
> server until the client provides the correct username/password.
>
> If a client doesn't have --pull in it's config, the client would show
> the TLS connection being established but would be blocked from sending or
> receiving tunnel data from the server.  The server will retain the client
> instance object until either the client provides a valid username/password
> or the client instance on the server times out due to --keepalive or
> --ping-exit.
>
> James

Thank's, I understand it. On the client I see the connection established, but don't
send or receive any data
(exception username/password for authtentication).

I have another question.
If I set  --user and --group on the server username/password authentication always
fail (without these all ok)
I used auth-pam.pl script for authentication (from sample-script).

once more: Thank's

Leslie