> > Server logs at verb=4 should have more info -- the above snippets > > only show debug messages from the pam module.
-% log: PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so TLS Auth Error: Auth Username/Password verification failed for peer Delayed exit in 5 seconds SENT CONTROL [thapeex4]: 'AUTH_FAILED' (status=1) Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 384 bit EC, curve secp384r1, signature: ecdsa-with-SHA512 [thapeex4] Peer Connection Initiated with [AF_INET]X.Y.Z:59465 AUTH-PAM: BACKGROUND: received command code: 0 AUTH-PAM: BACKGROUND: USER: thapeex4 AUTH-PAM: BACKGROUND: my_conv[0] query='login:' style=2 AUTH-PAM: BACKGROUND: name match found, query/match-string ['login:', 'login'] = 'USERNAME' AUTH-PAM: BACKGROUND: my_conv[0] query='pin' style=1 AUTH-PAM: BACKGROUND: name match found, query/match-string ['pin', 'pin'] = 'OTP' On Fri, Jun 4, 2021 at 8:30 AM Gokan Atmaca <linux.go...@gmail.com> wrote: > > > Have you checked whether the client is setup to pass the username, > > password and pin in the right format? You have to use > > --static-challenge in the client config and either run openvpn client > > using a UI that supports static challenge. Running from the command > > line should work too. > > Username is demo. Same as PAM user name. The parameter > static-challenge "Enter Google Authenticator Code:" 1 > has been added in the client. I have attached the error image in the > e-mail attachment. > > -% Client: > > client > dev tun > proto udp > remote x.x.x.x 1194 > float > resolv-retry infinite > nobind > persist-key > persist-tun > #redirect-gateway autolocal > push "redirect-gateway autolocal" > auth-user-pass > comp-lzo > verb 3 > static-challenge "Enter Google Authenticator Code:" 1 > comp-lzo > verb 3 > rcvbuf 0 > cipher AES-256-CBC > reneg-sec 0 > > > On Thu, Jun 3, 2021 at 10:30 PM Selva Nair <selva.n...@gmail.com> wrote: > > > > Hi > > > > On Thu, Jun 3, 2021 at 1:40 PM Gokan Atmaca <linux.go...@gmail.com> wrote: > > > > > > Hello > > > > > > I am using Ubuntu server. I am using openvpn as SSL and TLS. PAM auth. > > > together... Now I want to use google mfa. I got the following errors > > > in the settings I made. > > > I can ssh sign with the same 2fa information. > > > > > > > > > What could cause the problem ? > > > > > > > > > -% ovpn_srv: > > > plugin > > > /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so > > > openvpn login USERNAME password PASSWORD pin OTP > > > > That looks right assuming the prompts from the pam module in > > /etc/pam.d/openvpn will match "login", "password" and "pin" > > > > > > > > > > > -% log: > > > openvpn(pam_google_authenticator)[3183]: debug: Secret file > > > permissions are 0400. Allowed permissions are 0600 > > > openvpn(pam_google_authenticator)[3183]: debug: > > > "/home/thapeex4/.google_authenticator" read > > > openvpn(pam_google_authenticator)[3183]: debug: shared secret in > > > "/home/thapeex4/.google_authenticator" processed > > > openvpn(pam_google_authenticator)[3183]: Did not receive verification > > > code from user > > > openvpn(pam_google_authenticator)[3183]: Did not receive verification > > > code from user > > > openvpn(pam_google_authenticator)[3183]: Invalid verification code for > > > thapeex4 > > > openvpn(pam_google_authenticator)[3183]: debug: > > > "/home/thapeex4/.google_authenticator" written > > > > Have you checked whether the client is setup to pass the username, > > password and pin in the right format? You have to use > > --static-challenge in the client config and either run openvpn client > > using a UI that supports static challenge. Running from the command > > line should work too. > > > > Server logs at verb=4 should have more info -- the above snippets > > only show debug messages from the pam module. > > > > > > Selva _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
