Trouble compiling openvpn-auth-pam.so

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Post Reply
fede333lago
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 25, 2014 9:23 pm

Trouble compiling openvpn-auth-pam.so

Post by fede333lago » Fri Jul 25, 2014 9:33 pm

Hi everybody, im having a problem setting up an openssl server i hope you can help me with.
I install correctly the certificates for the clients and the server, and everything works without pam authentification.
However, i can't compile openvpn-auth-pam.so. To do so, i follow the usual steps
download the open vpn source,
download liblzo2-dev liblzo2-2, pam-devel and libssl-dev,
./configure, make, make install,
but when i cd to /src/plugin/auth-pam/ and i enter "make" i get the following error
make: Nothing to e done for `all'.


I tried using the default auth-pam.pl, and i have the users created and the configuration files in ccd but when i try to autenticate, after parsing the user and password from the client side i get [OK] but the ifconfig shows no tun interface. The client certificates have the default common name, but if i'm not mistaken, all you need is the clients created in the server machine (the authentification's trough PAM), and they are. Here's the syslog from the server side

Jul 25 18:29:57 openvpn ovpn-server[3997]: MULTI: multi_create_instance called
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Re-using SSL/TLS context
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 LZO compression initialized
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Local Options hash (VER=V4): '530fdded'
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Expected Remote Options hash (VER=V4): '41690919'
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 TLS: Initial packet from [AF_INET]10.16.3.195:35678, sid=707f7203 00c38222
Jul 25 18:29:59 openvpn ovpn-server[3997]: 10.16.3.195:35678 VERIFY OK: depth=1, /C=AR/ST=CAP/L=BsAs/O=Adecef/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
Jul 25 18:29:59 openvpn ovpn-server[3997]: 10.16.3.195:35678 VERIFY OK: depth=0, /C=AR/ST=CAP/L=BsAs/O=Adecef/OU=changeme/CN=client/name=changeme/emailAddress=mail@host.domain
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 2
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 TLS Auth Error: Auth Username/Password verification failed for peer
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 [client] Peer Connection Initiated with [AF_INET]10.16.3.195:35678
Jul 25 18:30:04 openvpn ovpn-server[3997]: 10.16.3.195:35678 PUSH: Received control message: 'PUSH_REQUEST'
Jul 25 18:30:04 openvpn ovpn-server[3997]: 10.16.3.195:35678 Delayed exit in 5 seconds
Jul 25 18:30:04 openvpn ovpn-server[3997]: 10.16.3.195:35678 SENT CONTROL [client]: 'AUTH_FAILED' (status=1)
Jul 25 18:30:06 openvpn ovpn-server[3997]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Jul 25 18:30:09 openvpn ovpn-server[3997]: 10.16.3.195:35678 SIGTERM[soft,delayed-exit] received, client-instance exiting

Any ideas on how these problems can be solved?

Here's the server.conf

auth-user-pass-verify auth-pam.pl via-file
port 1194
proto udp
dev tun
ca ca.crt
cert Server230.crt
key Server230.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

And the client.conf


auth-user-pass
client
dev tun
proto udp
remote 10.16.3.230 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

Thanks in advance!

fede333lago
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 25, 2014 9:23 pm

Re: Trouble compiling openvpn-auth-pam.so

Post by fede333lago » Mon Jul 28, 2014 2:26 pm

Any ideas on this matter?

fede333lago
OpenVpn Newbie
Posts: 3
Joined: Fri Jul 25, 2014 9:23 pm

Re: Trouble compiling openvpn-auth-pam.so

Post by fede333lago » Thu Jul 31, 2014 2:48 pm

Well, for anyone wondering, i could not get the pam module to work, i was able to debug the pam script executing it on its own, the problem were some uninstalled dependencies. To anyone that wants to install this in ubuntu 12.04, here are the packages you need to have:
libauthen-simple-pam-perl, libssl-dev, liblzo2-dev, liblzo2-2, libpam0g-dev

And the reason why the static ips weren't working was that i was missing the "duplicate cn" directive in the server.conf file.

Post Reply