Re: [Openvpn-users] First time set up using openvpn

The Doctor via Openvpn-users Sat, 04 Apr 2020 07:07:26 -0700

On Sat, Apr 04, 2020 at 03:25:37PM +0200, Dajka Tam?s wrote:
> You are missing the authentication fully.
> 
> Since you plan to use radius authentication and not cert base auth, you must
> have these lines in the server.conf:
> 
> verify-client-cert none
> username-as-common-name
> 
> plugin /lib64/openvpn/plugins/openvpn-plugin-auth-pam.so "openvpn login
> USERNAME password PASSWORD "
> 
> (note: you might need the finetune the plugin path)
>


Got you.

> In client.conf  'auth-user-pass' in enogh.
> 
> Once you've these in your server.conf and you did install pam_radius, create
> a pam module named 'openvpn' (first argument of the plugin) and add at least
> radius for auth with 'sufficient' - if you're not that familiar with PAM,
> just ask :)
> 
> Also, don't forget to set up the radius server(s) (for linux it's in
> /etc/pam_radius.conf)
>

I use FreeBSD and have radius set up ready to go.

> Cheers,
> 
>       Tom
> 
> -----Original Message-----
> From: The Doctor via Openvpn-users
> [mailto:openvpn-users@lists.sourceforge.net] 
> Sent: Saturday, April 4, 2020 1:30 AM
> To: openvpn-users@lists.sourceforge.net
> Subject: [Openvpn-users] First time set up using openvpn
> 
> All right.
> 
> Trying to set up a  radius based authentication openvpn on Freebsd 12.!
> 
> .
> 
> Server file:
> -----------------------------------------------------
> 
> local 192.168.81.1
> 
> port 1194
> 
> proto udp
> 
> dev tun
> 
> ca /usr/local/etc/openvpn/server/ca.crt
> cert /usr/local/etc/openvpn/server/issued/server.crt
> key /usr/local/etc/openvpn/server/private/server.key
> 
> dh /usr/local/etc/openvpn/server/dh.pem
> 
> topology subnet
> 
> server 10.8.0.0 255.255.255.0
> 
> ifconfig-pool-persist ipp.txt
> 
> push "redirect-gateway def1 bypass-dhcp"
> 
> push "dhcp-option DNS 192.168.81.1"
> push "dhcp-option DNS 192.168.81.3"
> push "dhcp-option DNS 8.8.8.8"
> push "dhcp-option DOMAIN domain.ca"
> 
> client-to-client
> 
> keepalive 10 120
> 
> tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
> 
> cipher AES-256-CBC
> 
> comp-lzo
> 
> max-clients 1000
> 
> user nobody
> group nobody
> 
> persist-key
> persist-tun
> 
> status /var/log/openvpn-status.log
> 
> verb 9
> mute 20
> 
> explicit-exit-notify 1
> fast-io
> auth SHA512
> remote-cert-tls client
> 
> -----------------------------------------------
> 
> Trying either LDAP or Radius authentication methphds.
> 
> I have the following client file:
> 
> ------------------------------------------------------------
> 
> client
> dev tun
> proto udp
> 
> remote doctor.nl2k.ab.ca 1194
> 
> nobind
> 
> ca ca.crt
> cert client.crt
> key client.key
> 
> revolv-retry infinite
> 
> persist-key
> persist-tun
> 
> mute-replay-warnings
> auth-user-pass
> remote-cert-tls server
> cipher AES-256-CBC
> auth SHA512
> ;tls-auth /usr/local/etc/openvpn/server/ta.key 1 verb 9
> 
> mute 5
> 
> ----------------------------------------------------------------
> 
> 
> 
> server log is gving me this:
> 
> ----------------------------------------------------------------
> 
> 
> Apr  3 17:13:41 doctor openvpn[80649]: SCHEDULE: schedule_find_least NULL
> Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=7
> arg=0x002a9820 Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL rwflags=0x0001
> ev=6 arg=0x002a8c14 Apr  3 17:13:41 doctor openvpn[80649]: PO_CTL
> rwflags=0x0001 ev=9 arg=0x002a8c1c Apr  3 17:13:41 doctor openvpn[80649]:
> I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3 17:13:41 doctor kernel: <118>Apr  3
> 17:13:41 doctor openvpn[80649]: TLS Error: cannot locate HMAC in incoming
> packet from [AF_INET]75.156.190.254:58210 Apr  3 17:13:42 doctor
> openvpn[80649]: PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001
> arg=0x002a9820 Apr  3 17:13:42 doctor openvpn[80649]:  event_wait returned 1
> Apr  3 17:13:42 doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3
> 17:13:42 doctor openvpn[80649]: MULTI: REAP range 240 -> 256 Apr  3 17:13:42
> doctor openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:42 doctor
> openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:42 doctor openvpn[80649]: GET
> INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:42 doctor
> openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:42 doctor
> openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:42
> doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
> 17:13:42 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
> Apr  3 17:13:42 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
> 17:13:42 doctor kernel: <118>Apr  3 17:13:42 doctor openvpn[80649]: TLS
> Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:43 doctor openvpn[80649]:
> PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x002a9820 Apr  3
> 17:13:43 doctor openvpn[80649]:  event_wait returned 1 Apr  3 17:13:43
> doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3 17:13:43 doctor
> openvpn[80649]: MULTI: REAP range 0 -> 16 Apr  3 17:13:43 doctor
> openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:43 doctor
> openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:43 doctor openvpn[80649]: GET
> INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:43 doctor
> openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:43 doctor
> openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:43
> doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
> 17:13:43 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
> Apr  3 17:13:43 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
> 17:13:43 doctor kernel: <118>Apr  3 17:13:43 doctor openvpn[80649]: TLS
> Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:44 doctor openvpn[80649]:
> PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x002a9820 Apr  3
> 17:13:44 doctor openvpn[80649]:  event_wait returned 1 Apr  3 17:13:44
> doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3 17:13:44 doctor
> openvpn[80649]: MULTI: REAP range 16 -> 32 Apr  3 17:13:44 doctor
> openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:44 doctor
> openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:44 doctor openvpn[80649]: GET
> INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:44 doctor
> openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:44 doctor
> openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:44
> doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
> 17:13:44 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
> Apr  3 17:13:44 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
> 17:13:44 doctor kernel: <118>Apr  3 17:13:44 doctor openvpn[80649]: TLS
> Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:45 doctor openvpn[80649]:
> PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x002a9820 Apr  3
> 17:13:45 doctor openvpn[80649]:  event_wait returned 1 Apr  3 17:13:45
> doctor openvpn[80649]: I/O WAIT status=0x0001 Apr  3 17:13:45 doctor
> openvpn[80649]: MULTI: REAP range 32 -> 48 Apr  3 17:13:45 doctor
> openvpn[80649]: UDPv4 read returned 14 Apr  3 17:13:45 doctor
> openvpn[80649]: TLS Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:45 doctor openvpn[80649]: GET
> INST BY REAL: 75.156.190.254:58210 [failed] Apr  3 17:13:45 doctor
> openvpn[80649]: SCHEDULE: schedule_find_least NULL Apr  3 17:13:45 doctor
> openvpn[80649]: PO_CTL rwflags=0x0001 ev=7 arg=0x002a9820 Apr  3 17:13:45
> doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=6 arg=0x002a8c14 Apr  3
> 17:13:45 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=9 arg=0x002a8c1c
> Apr  3 17:13:45 doctor openvpn[80649]: I/O WAIT TR|Tw|SR|Sw [10/0] Apr  3
> 17:13:45 doctor kernel: <118>Apr  3 17:13:45 doctor openvpn[80649]: TLS
> Error: cannot locate HMAC in incoming packet from
> [AF_INET]75.156.190.254:58210 Apr  3 17:13:55 doctor openvpn[80649]:
> event_wait returned 0 Apr  3 17:13:55 doctor openvpn[80649]: I/O WAIT
> status=0x0020 Apr  3 17:13:55 doctor openvpn[80649]: MULTI: REAP range 48 ->
> 64 Apr  3 17:13:55 doctor openvpn[80649]: SCHEDULE: schedule_find_least NULL
> Apr  3 17:13:55 doctor openvpn[80649]: PO_CTL rwflags=0x0001 ev=7
> arg=0x002a9820 Apr  3 17:13:55 doctor openvpn[80649]: PO_CTL rwflags=0x0001
> ev=6 arg=0x002a8c14 Apr  3 17:13:55 doctor openvpn[80649]: PO_CTL
> rwflags=0x0001 ev=9 arg=0x002a8c1c Apr  3 17:13:55 doctor openvpn[80649]:
> I/O WAIT TR|Tw|SR|Sw [10/0]
> 
> --------------------------------------------------------
> 
> what is needed to get this to work?
> 
> --
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici
> doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President
> Republic!Beware AntiChrist rising!
> https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on
> Atheism Those who cannot win on facts rely upon slander.  -unknown
> 
> 
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b  Look at Psalms 14 and 53 on Atheism
Those who cannot win on facts rely upon slander.  -unknown


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] First time set up using openvpn

Reply via email to