OpenVZ Forum


Home » General » Support » OPENVPN user/pass Authentication on OpenVZ  () 1 Vote
OPENVPN user/pass Authentication on OpenVZ [message #12869] Mon, 14 May 2007 01:31 Go to previous message
Kevin2008 is currently offline  Kevin2008
Messages: 3
Registered: May 2007
Junior Member
Hi,

I've tried to connect to openvpn server based on OpenVZ via user/pass authentication. I enabled pam_mysql authentication according to openvpn 2.0 howto. I run testsaslauthd -u 'rl3' -p 'rl123' -s openvpn. ok succeed. But I cannot pass the authentication from windows client opengui(I try md5 or sha1 ).

AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER/PASS: rl3/rl123
AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
AUTH-PAM: BACKGROUND: user 'rl3' failed to authenticate: Permission
denied
Sun May 13 15:32:48 2007 us=192322 221.221.21.236:63953 PLUGIN_CALL:
POST
/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_ USER_PASS_VERIFY status=1
Sun May 13 15:32:48 2007 us=192361 221.221.21.236:63953 PLUGIN_CALL:
plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1:
/usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so
Sun May 13 15:32:48 2007 us=192396 221.221.21.236:63953 TLS Auth Error:
Auth Username/Password verification failed for peer
Sun May 13 15:32:51 2007 us=657119 221.221.21.236:63953 Control
Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA
Sun May 13 15:32:51 2007 us=657208 221.221.21.236:63953 [] Peer
Connection Initiated with 221.221.21.236:63953
Sun May 13 15:32:52 2007 us=814681 221.221.21.236:63953 PUSH: Received
control message: 'PUSH_REQUEST'
Sun May 13 15:32:52 2007 us=814766 221.221.21.236:63953 SENT CONTROL
[UNDEF]: 'AUTH_FAILED' (status=1)
Sun May 13 15:32:52 2007 us=814787 221.221.21.236:63953 Delayed exit in
5 seconds
Sun May 13 15:32:58 2007 us=55503 221.221.21.236:63953
SIGTERM[soft,delayed-exit] received, client-instance exiting
---------------------------------cut here-----------------------

my configuration in /etc/pam.d/openvpn
auth sufficient /lib/security/pam_mysql.so user=vpn passwd=vpn123
host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=4

account required /lib/security/pam_mysql.so user=vpn passwd=vpn123
host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=4

auth optional pam_stack.so service=system-auth
auth optional pam_nologin.so
password required pam_stack.so service=system_auth
---------------------------------cut here ----------------------------
#crypt =4 sha1 crypt=3 md5

/etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ./keys/ca.crt
cert ./keys/server.crt
key ./keys/server.key
dh ./keys/dh1024.pem
server 192.168.2.0 255.255.255.0
client-config-dir ccd
plugin /usr/lib/openvpn/plugin/lib/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 20 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status server-tcp.log
log /var/log/openvpn.log
verb 4
--------------------cut here-------------------
configuration in client.ovpn

client
dev tun
proto udp
remote 209.168.245.98
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
ns-cert-type server
comp-lzo
verb 4
port 1194

I think it shoud work on dedicated host. Do i need any specific
configuration on OpenVZ platform? Any idea or help is appreciated. Thanks!
 
Read Message
Read Message
Read Message
Previous Topic: *SOLVED* Unable to set iptables on running VE
Next Topic: Sun UltraSPARC T1 CPU architecture compatibility
Goto Forum:
  


Current Time: Fri Mar 29 01:44:07 GMT 2024

Total time taken to generate the page: 0.01616 seconds