Bug #9427
closed
OpenVPN Server Local User Auth fails
0%
Description
Just did a clean install of the latest pfSense-CE-2.5.0-DEVELOPMENT-amd64-20190322-1846.iso
Restored a backup config from 2.4.5.
Had issues with limiters fq_codel (will post in the relevent thread later) but got around them.
Now i'm having issues with my restored OpenVPN server. (TLS/SSL + User Auth)
Android client is now coming up with User authentication failed. Confirmed user and pass is right by logging into webgui with the user and it worked.
Set OpenVPN server to just TLS/SSL and the Android client could connect successfully.
When setting back to (TLS/SSL + User Auth), the following lines appear in the logs.
Mar 24 00:09:36 openvpn 94261 PLUGIN auth-script: Deferred handler using script_path=/usr/local/sbin/ovpn_auth_verify_async
Mar 24 00:09:36 openvpn 94261 PLUGIN auth-script: child pid is 21034
Mar 24 00:09:36 openvpn 94261 PLUGIN auth-script: child pid 21034 exited with status 2
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Not sure if the status=2 is causing the issue.
Further down in the log...
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1557'
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher AES-128-CBC'
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 UDPv4 WRITE [307] to [AF_INET]49.197.71.255:39095: P_CONTROL_V1 kid=0 [ 2651600047 2609898766 3189723140 3930503631 688794624 2396 2520653825 4 1056037397 692393527 6 386073344 4167072851 2401625684 1809007358 2566972647 2104800708 4118103862 1363080285 114085263 1546078306 2212178568 882013750 4008937817
Mar 24 00:09:36 openvpn 94261 GET INST BY REAL: 49.197.71.255:39095 [ok]
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 UDPv4 READ [50] from [AF_INET]49.197.71.255:39095: P_ACK_V1 kid=0 [ 2481286693 3363267202 2731812521 4189351195 315582976 2396 2520678657 6 172959299 1205737731 ]
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 PID_TEST [0] [TLS_WRAP-0] [00000000] 1553350273:8 1553350273:9 t=15533501760 r=[0,64,15,0,1] sl=[56,8,64,528]
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 [drew] Peer Connection Initiated with [AF_INET]49.197.71.255:39095
Mar 24 00:09:36 openvpn 94261 GET INST BY REAL: 49.197.71.255:39095 [ok]
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 UDPv4 READ [84] from [AF_INET]49.197.71.255:39095: P_CONTROL_V1 kid=0 [ 2636486593 1410710294 3407882541 2455197233 891879936 2652 2520678656 5 386073344 620756992 0 49665802 3547306292 3084479555 2364870493 2007252858 1671351021 714980085 ]
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 PID_TEST [0] [TLS_WRAP-0] [000000000] 1553350273:9 1553350273:10 t=15533501760 r=[0,64,15,0,1] sl=[55,9,64,528]
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 PUSH: Received control message: 'PUSH_REQUEST'
Mar 24 00:09:36 openvpn 94261 49.197.71.255:39095 UDPv4 WRITE [50] to [AF_INET]49.197.71.255:39095: P_ACK_V1 kid=0 [ 2254214924 2210486392 3861789963 260172450 2185896192 2652 2520653825 5 1056037397 692393527 ]
Mar 24 00:09:36 openvpn 51472 user 'drew' authenticated
Mar 24 00:09:37 openvpn 94261 MULTI: REAP range 64 -> 80
Mar 24 00:09:37 openvpn 94261 GET INST BY REAL: 49.197.71.255:39095 [ok]
Updated by Mohamed Eltantawi about 5 years ago
Windows, iOS, and macOS clients also show the same behavior when trying to login.
Updated by Jim Pingle about 5 years ago
- Status changed from New to Duplicate
- Target version deleted (
2.5.0) - Affected Version deleted (
2.5.0)
Duplicated by #9460 but it has the cause and fix there, so closing this one.