pb with openvpn client : entering a wrong password

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Lan12
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 23, 2009 5:36 pm

pb with openvpn client : entering a wrong password

Post by Lan12 » Wed Dec 23, 2009 6:00 pm

Hello,

I'm trying to connect to UltraVPN with the Linux OpenVPN client and while trying to find what was wrong in my setup I discovered something quite strange :
The server ask for my login and password and if I enter a wrong login/password the process just continue the same and I can't find any error message !

Code: Select all

Enter Auth Username:XXX
Enter Auth Password:
Wed Dec 23 18:19:56 2009 us=551743 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Dec 23 18:19:56 2009 us=551816 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Dec 23 18:19:56 2009 us=553633 LZO compression initialized
Wed Dec 23 18:19:56 2009 us=553869 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Dec 23 18:19:56 2009 us=557540 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Dec 23 18:19:56 2009 us=557646 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Dec 23 18:19:56 2009 us=557687 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Dec 23 18:19:56 2009 us=557759 Local Options hash (VER=V4): '69109d17'
Wed Dec 23 18:19:56 2009 us=557811 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed Dec 23 18:19:56 2009 us=557882 Attempting to establish TCP connection with A.B.C.D:8080 [nonblock]
Wed Dec 23 18:19:57 2009 us=558217 TCP connection established with A.B.C.D:8080
Wed Dec 23 18:19:57 2009 us=558320 Send to HTTP proxy: 'CONNECT servers443.ultravpn.fr:443 HTTP/1.0'
Wed Dec 23 18:20:01 2009 us=174545 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Wed Dec 23 18:20:02 2009 us=684399 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Dec 23 18:20:02 2009 us=684489 TCPv4_CLIENT link local: [undef]
Wed Dec 23 18:20:02 2009 us=684535 TCPv4_CLIENT link remote: A.B.C.D:8080
WWed Dec 23 18:20:02 2009 us=685013 Connection reset, restarting [0]
Wed Dec 23 18:20:02 2009 us=685150 TCP/UDP: Closing socket
Wed Dec 23 18:20:02 2009 us=685280 SIGUSR1[soft,connection-reset] received, process restarting
Wed Dec 23 18:20:02 2009 us=685331 Restart pause, 5 second(s)
Wed Dec 23 18:20:07 2009 us=685458 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Dec 23 18:20:07 2009 us=685528 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Dec 23 18:20:07 2009 us=685555 Re-using SSL/TLS context
Wed Dec 23 18:20:07 2009 us=685595 LZO compression initialized
Wed Dec 23 18:20:07 2009 us=685658 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Dec 23 18:20:07 2009 us=685712 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Dec 23 18:20:07 2009 us=685749 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Dec 23 18:20:07 2009 us=685764 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Dec 23 18:20:07 2009 us=685786 Local Options hash (VER=V4): '69109d17'
Wed Dec 23 18:20:07 2009 us=685806 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed Dec 23 18:20:07 2009 us=685825 Attempting to establish TCP connection with A.B.C.D:8080 [nonblock]
Wed Dec 23 18:20:08 2009 us=686034 TCP connection established with A.B.C.D:8080
Wed Dec 23 18:20:08 2009 us=686114 Send to HTTP proxy: 'CONNECT servers443.ultravpn.fr:443 HTTP/1.0'
Wed Dec 23 18:20:09 2009 us=902712 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Wed Dec 23 18:20:11 2009 us=904928 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Dec 23 18:20:11 2009 us=905030 TCPv4_CLIENT link local: [undef]
Wed Dec 23 18:20:11 2009 us=905074 TCPv4_CLIENT link remote: A.B.C.D:8080
WRWed Dec 23 18:20:12 2009 us=134426 TLS: Initial packet from A.B.C.D:8080, sid=b61cd691 55028bfd
WWed Dec 23 18:20:12 2009 us=134685 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WWRRRRRWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRWed Dec 23 18:20:14 2009 us=903913 VERIFY OK: depth=1, /C=FR/ST=NA/L=BISHKEK/O=OpenVPN-TEST/CN=ludwig/emailAddress=me@myhost.mydomain
Wed Dec 23 18:20:14 2009 us=904191 VERIFY OK: depth=0, /C=FR/ST=NA/O=OpenVPN-TEST/CN=ludwig/emailAddress=me@myhost.mydomain
RWWRWRWRWWRRRRWWWWWRRRRRRWed Dec 23 18:20:16 2009 us=814162 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec 23 18:20:16 2009 us=814221 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Dec 23 18:20:16 2009 us=814294 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Dec 23 18:20:16 2009 us=814312 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWWed Dec 23 18:20:16 2009 us=814382 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Dec 23 18:20:16 2009 us=814416 [ludwig] Peer Connection Initiated with A.B.C.D:8080
Wed Dec 23 18:20:19 2009 us=44580 SENT CONTROL [ludwig]: 'PUSH_REQUEST' (status=1)
WRRRRWed Dec 23 18:20:19 2009 us=363438 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.7.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.7.223.174 10.7.223.173'
Wed Dec 23 18:20:19 2009 us=363541 OPTIONS IMPORT: timers and/or timeouts modified
Wed Dec 23 18:20:19 2009 us=363558 OPTIONS IMPORT: --ifconfig/up options modified
Wed Dec 23 18:20:19 2009 us=363572 OPTIONS IMPORT: route options modified
Wed Dec 23 18:20:19 2009 us=363587 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Dec 23 18:20:19 2009 us=363845 ROUTE: default_gateway=UNDEF
Wed Dec 23 18:20:19 2009 us=364093 TUN/TAP device tun0 opened
Wed Dec 23 18:20:19 2009 us=365053 TUN/TAP TX queue length set to 100
Wed Dec 23 18:20:19 2009 us=365112 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 23 18:20:19 2009 us=368872 /sbin/ip addr add dev tun0 local E.F.G.H peer E.F.G.I
WWWed Dec 23 18:20:21 2009 us=503166 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Wed Dec 23 18:20:21 2009 us=503577 /sbin/ip route add 10.7.0.1/32 via E.F.G.I
Wed Dec 23 18:20:21 2009 us=506638 Initialization Sequence Completed
I really don't know where to start from here... any idea?

Thanks,
Top
User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: pb with openvpn client : entering a wrong password

Post by krzee » Wed Jan 27, 2010 11:25 am

with openvpn the password mechanism is handled by an external script called with --auth-user-pass-verify
the return value of this script dictates whether a password was valid or not.
Whoever runs the server controls this.
Top
Post Reply

Return to “Server Administration”