[CentOS] Problems with VPN Connection
Leon Fauster
leonfauster at googlemail.com
Mon Oct 24 23:52:24 UTC 2016
Am 24.10.2016 um 23:38 schrieb Macmor Mach <lfmacmor.mach at gmail.com>:
> I'm having trouble with a CentOS server release 5.10, so that my users
> connect via VPN Intranet type, I could not find a solution, if I can
> collaborate appreciate them, attached logs when it worked and now.
>
> Log running:
>
> Mon Oct 10 13:50:02 2016 193.60.90.72:23683 Re-using SSL/TLS context
> Mon Oct 10 13:50:02 2016 193.60.90.72:23683 LZO compression initialized
> Mon Oct 10 13:50:02 2016 193.60.90.72:23683 Control Channel MTU parms [
> L:1543 D:163 EF:66 EB:3 ET:3 EL:0 ]
> Mon Oct 10 13:50:02 2016 193.60.90.72:23683 Data Channel MTU parms [ L:1543
> D:1453 EF:43 EB:133 ET:3 EL:0 AF:3/1 ]
> Mon Oct 10 13:50:02 2016 193.60.90.72:23683 Local Options hash (VER=V4):
> '31aebcbb'
> Mon Oct 10 13:50:02 2016 193.60.90.72:23683 Expected Remote Options hash
> (VER=V4): '3ebe1e45'
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 CRL CHECK OK:
> /C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWE
> ... mawebs.com
> </C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=OpenVPN-CA/emailAddress=tecnologico at imawebs.com>
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 VERIFY OK: depth=1,
> /C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWE
> ... mawebs.com
> </C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=OpenVPN-CA/emailAddress=tecnologico at imawebs.com>
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 CRL CHECK OK:
> /C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=S
> ... mawebs.com
> </C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=imawebs_common_cert/emailAddress=tecnologico at imawebs.com>
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 VERIFY OK: depth=0,
> /C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=S
> ... mawebs.com
> </C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=imawebs_common_cert/emailAddress=tecnologico at imawebs.com>
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 TLS: Username/Password
> authentication succeeded for username 'usuario6'
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 Data Channel Encrypt: Cipher
> 'DES-EDE-CBC' initialized with 128 bit key
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 Data Channel Encrypt: Using 160
> bit message hash 'SHA1' for HMAC authentication
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 Data Channel Decrypt: Cipher
> 'DES-EDE-CBC' initialized with 128 bit key
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 Data Channel Decrypt: Using 160
> bit message hash 'SHA1' for HMAC authentication
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 Control Channel: TLSv1, cipher
> TLSv3/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Mon Oct 10 13:50:03 2016 193.60.90.72:23683 [imawebs_common_cert] Peer
> Connection Initiated with 193.60.90.72:23683
>
> Log no Operating:
>
> Mon Oct 24 10:46:31 2016 193.60.90.72:60903 Re-using SSL/TLS context
> Mon Oct 24 10:46:31 2016 193.60.90.72:60903 LZO compression initialized
> Mon Oct 24 10:46:31 2016 193.60.90.72:60903 Control Channel MTU parms [
> L:1543 D:163 EF:63 EB:3 ET:3 EL:0 ]
> Mon Oct 24 10:46:31 2016 193.60.90.72:60903 Data Channel MTU parms [ L:1543
> D:1453 EF:43 EB:133 ET:3 EL:0 AF:3/1 ]
> Mon Oct 24 10:46:31 2016 193.60.90.72:60903 Local Options hash (VER=V4):
> '31aebcbb'
> Mon Oct 24 10:46:31 2016 193.60.90.72:60903 Expected Remote Options hash
> (VER=V4): '3ebe1e45'
> Mon Oct 24 10:46:32 2016 193.60.90.72:60903 CRL CHECK OK:
> /C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWE
> ... mawebs.com
> </C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=OpenVPN-CA/emailAddress=tecnologico at imawebs.com>
> Mon Oct 24 10:46:32 2016 193.60.90.72:60903 VERIFY OK: depth=1,
> /C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWE
> ... mawebs.com
> </C=CO/ST=Valle/L=CALI/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=OpenVPN-CA/emailAddress=tecnologico at imawebs.com>
> Mon Oct 24 10:46:32 2016 193.60.90.72:60903 CRL CHECK OK:
> /C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=S
> ... mawebs.com
> </C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=imawebs_common_cert/emailAddress=tecnologico at imawebs.com>
> Mon Oct 24 10:46:32 2016 193.60.90.72:60903 VERIFY OK: depth=0,
> /C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=S
> ... mawebs.com
> </C=CO/ST=Valle/O=IMAWEBS_-_IMAWEBS/OU=Sistemas/CN=imawebs_common_cert/emailAddress=tecnologico at imawebs.com>
> Mon Oct 24 10:46:34 2016 193.60.90.72:60903 WARNING: Failed running command
> (--auth-user-pass-verify): external program exited with error status: 1
> Mon Oct 24 10:46:34 2016 193.60.90.72:60903 TLS Auth Error: Auth
> Username/Password verification failed for peer
> Mon Oct 24 10:46:34 2016 193.60.90.72:60903 Control Channel: TLSv1, cipher
> TLSv3/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Mon Oct 24 10:46:34 2016 193.60.90.72:60903 [imawebs_common_cert] Peer
> Connection Initiated with 193.60.90.72:60903
It looks like openvpn, right? Which version?
Your auth-user-pass-verify script does not authenticate your users.
How does your configuration look like?
--
LF
More information about the CentOS
mailing list