Re: [Openvpn-users] management-auth breaks data-channel?

Thu, 02 Apr 2020 13:52:06 -0700 

Hi

On Thu, Apr 2, 2020 at 4:38 PM Dajka Tamás <vi...@vipernet.hu> wrote:

>
> Plugin part, when management-client is used:
>
>
>
> CLIENT_PUBLIC_IP:49712 TLS: Username/Password authentication deferred for
> username 'mysecretuser' [CN SET]
>
> CLIENT_PUBLIC_IP:49712 TCPv4_SERVER WRITE [308] to
> [AF_INET]CLIENT_PUBLIC_IP:49712: P_CONTROL_V1 kid=0 [ ] pid=1374 DATA
> len=294
>
> CLIENT_PUBLIC_IP:49712 TCPv4_SERVER READ [62] from
> [AF_INET]CLIENT_PUBLIC_IP:49712: P_ACK_V1 kid=0 [ ]
>
> CLIENT_PUBLIC_IP:49712 Control Channel: TLSv1.2, cipher TLSv1.2
> ECDHE-ECDSA-AES256-GCM-SHA384
>
> CLIENT_PUBLIC_IP:49712 [mysecretuser] Peer Connection Initiated with
> [AF_INET]CLIENT_PUBLIC_IP:49712
>
> CLIENT_PUBLIC_IP:49712 TCPv4_SERVER READ [96] from
> [AF_INET]CLIENT_PUBLIC_IP:49712: P_CONTROL_V1 kid=0 [ ] pid=2142 DATA len=82
>
> CLIENT_PUBLIC_IP:49712 PUSH: Received control message: 'PUSH_REQUEST'
>
> CLIENT_PUBLIC_IP:49712 TCPv4_SERVER WRITE [62] to
> [AF_INET]CLIENT_PUBLIC_IP:49712: P_ACK_V1 kid=0 [ ]
>
> MANAGEMENT: CMD 'client-auth 0 0'
>

I don't understand, your reports are inconsistent each time. Now you are
sending "client-auth" as in the first email, not "client-auth-nt" in the
second mail. And not sending END which is required to terminate
"client-auth" configuration directives. Not required after "client-auth-nt"

mysecretuser/CLIENT_PUBLIC_IP:49712 MULTI_sva: pool returned
> IPv4=10.14.14.1, IPv6=(Not enabled)
>
> mysecretuser/CLIENT_PUBLIC_IP:49712 SENT CONTROL [mysecretuser]:
> 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.12.18.65,dhcp-option
> DNS 172.12.18.66,dhcp-option DOMAIN mydomain.intra,dhcp-option PROXY_HTTP
> 10.0.0.31 8080,dhcp-option PROXY_HTTPS 10.0.0.31 8080,dhcp-option
> PROXY_AUTO_CONFIG_URL http://172.12.5.5/proxy.pac,dhcp-option ip-win32
> adaptive -3 28800,route 8.13.15.3 255.255.255.255 10.14.12.1,ping
> 60,route-gateway 10.14.12.1,ifconfig 10.14.14.1 255.255.252.0,peer-id
> 0,cipher AES-256-GCM,auth-token' (status=1)
>

Also you were not pushing ifconfig as per the log snippet last time, and
that's why I had asked you how you are setting the client IP.

I'm at a loss.

Selva

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to