Re: [Openvpn-users] First time set up using openvpn

Dajka Tamás Sat, 04 Apr 2020 06:29:06 -0700

You are missing the authentication fully.

Since you plan to use radius authentication and not cert base auth, you must
have these lines in the server.conf:


verify-client-cert none
username-as-common-name

plugin /lib64/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login
USERNAME password PASSWORD "

(note: you might need the finetune the plugin path)

In client.conf  'auth-user-pass' in enogh.

Once you've these in your server.conf and you did install pam_radius, create
a pam module named 'openvpn' (first argument of the plugin) and add at least
radius for auth with 'sufficient' - if you're not that familiar with PAM,
just ask :)

Also, don't forget to set up the radius server(s) (for linux it's in
/etc/pam_radius.conf)

Cheers,

        Tom

-----Original Message-----
From: The Doctor via Openvpn-users
[mailto:[email protected]] 
Sent: Saturday, April 4, 2020 1:30 AM
To: [email protected]
Subject: [Openvpn-users] First time set up using openvpn

All right.

Trying to set up a  radius based authentication openvpn on Freebsd 12.!

.

Server file:
-----------------------------------------------------

local 192.168.81.1

port 1194

proto udp

dev tun

ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key

dh /usr/local/etc/openvpn/server/dh.pem

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 192.168.81.1"
push "dhcp-option DNS 192.168.81.3"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DOMAIN domain.ca"

client-to-client

keepalive 10 120

tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret

cipher AES-256-CBC

comp-lzo

max-clients 1000

user nobody
group nobody

persist-key
persist-tun

status /var/log/openvpn-status.log

verb 9
mute 20

explicit-exit-notify 1
fast-io
auth SHA512
remote-cert-tls client

-----------------------------------------------

Trying either LDAP or Radius authentication methphds.

I have the following client file:

------------------------------------------------------------

client
dev tun
proto udp

remote doctor.nl2k.ab.ca 1194

nobind

ca ca.crt
cert client.crt
key client.key

revolv-retry infinite

persist-key
persist-tun

mute-replay-warnings
auth-user-pass
remote-cert-tls server
cipher AES-256-CBC
auth SHA512
;tls-auth /usr/local/etc/openvpn/server/ta.key 1 verb 9

mute 5

----------------------------------------------------------------



server log is gving me this:

----------------------------------------------------------------


Apr  3 17:13:41 doctor openvpn[80649]: SCHEDULE: schedule_find_least NULL
Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=7
arg=0x002a9820 Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL rwflags=0x0001
ev=6 arg=0x002a8c14 Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL
rwflags=0x0001 ev=9 arg=0x002a8c1c Apr  3 17:13:41 doctor openvpn[80649]:
I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3 17:13:41 doctor kernel: <118>Apr  3
17:13:41 doctor openvpn[80649]: TLS Error: cannot locate HMAC in incoming
packet from [AF_INET]75.156.190.254:58210 Apr  3 17:13:42 doctor
openvpn[80649]: PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001
arg=0x002a9820 Apr  3 17:13:42 doctor openvpn[80649]:  event_wait returned 1
Apr  3 17:13:42 doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3
17:13:42 doctor openvpn[80649]: MULTI: REAP range 240 -> 256 Apr  3 17:13:42
doctor openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:42 doctor
openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:42 doctor openvpn[80649]: GET
INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:42 doctor
openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:42 doctor
openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:42
doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
17:13:42 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
Apr  3 17:13:42 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
17:13:42 doctor kernel: <118>Apr  3 17:13:42 doctor openvpn[80649]: TLS
Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:43 doctor openvpn[80649]:
PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x002a9820 Apr  3
17:13:43 doctor openvpn[80649]:  event_wait returned 1 Apr  3 17:13:43
doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3 17:13:43 doctor
openvpn[80649]: MULTI: REAP range 0 -> 16 Apr  3 17:13:43 doctor
openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:43 doctor
openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:43 doctor openvpn[80649]: GET
INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:43 doctor
openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:43 doctor
openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:43
doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
17:13:43 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
Apr  3 17:13:43 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
17:13:43 doctor kernel: <118>Apr  3 17:13:43 doctor openvpn[80649]: TLS
Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:44 doctor openvpn[80649]:
PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x002a9820 Apr  3
17:13:44 doctor openvpn[80649]:  event_wait returned 1 Apr  3 17:13:44
doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3 17:13:44 doctor
openvpn[80649]: MULTI: REAP range 16 -> 32 Apr  3 17:13:44 doctor
openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:44 doctor
openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:44 doctor openvpn[80649]: GET
INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:44 doctor
openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:44 doctor
openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:44
doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
17:13:44 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
Apr  3 17:13:44 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
17:13:44 doctor kernel: <118>Apr  3 17:13:44 doctor openvpn[80649]: TLS
Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:45 doctor openvpn[80649]:
PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x002a9820 Apr  3
17:13:45 doctor openvpn[80649]:  event_wait returned 1 Apr  3 17:13:45
doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3 17:13:45 doctor
openvpn[80649]: MULTI: REAP range 32 -> 48 Apr  3 17:13:45 doctor
openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:45 doctor
openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:45 doctor openvpn[80649]: GET
INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:45 doctor
openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:45 doctor
openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:45
doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
17:13:45 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
Apr  3 17:13:45 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
17:13:45 doctor kernel: <118>Apr  3 17:13:45 doctor openvpn[80649]: TLS
Error: cannot locate HMAC in incoming packet from
[AF_INET]75.156.190.254:58210 Apr  3 17:13:55 doctor openvpn[80649]:
event_wait returned 0 Apr  3 17:13:55 doctor openvpn[80649]: I/O WAIT
status=0x0020 Apr  3 17:13:55 doctor openvpn[80649]: MULTI: REAP range 48 ->
64 Apr  3 17:13:55 doctor openvpn[80649]: SCHEDULE: schedule_find_least NULL
Apr  3 17:13:55 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=7
arg=0x002a9820 Apr  3 17:13:55 doctor openvpn[80649]: PO_CTL rwflags=0x0001
ev=6 arg=0x002a8c14 Apr  3 17:13:55 doctor openvpn[80649]: PO_CTL
rwflags=0x0001 ev=9 arg=0x002a8c1c Apr  3 17:13:55 doctor openvpn[80649]:
I/O WAIT TR|Tw|SR|Sw [10/0]

--------------------------------------------------------

what is needed to get this to work?

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici
doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President
Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on
Atheism Those who cannot win on facts rely upon slander.  -unknown


_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users



_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] First time set up using openvpn

Reply via email to