this might be off topic, since strictly speaking it is not about the openvpn server but rather how the authentication should happen via PAM.
The reason I'm posting here is because I've build the server myself (2.4.1) rather than using the one that is packages with my OS (Ubuntu Xenial)
In a nutshell :
My OS : Ubuntu Xenial x86_64
Open VPN 2.4.1 I've configured it with : ./configure --prefix=/opt/openvpn-2.4.1 --enable-systemd --enable-plugin-auth-pam
My server.conf :
Code: Select all
port 1194
proto udp4
dev tun
ca /opt/openvpn-2.4.1/etc/ssl/ca.cer
cert /opt/openvpn-2.4.1/etc/ssl/inter.cer
key /opt/openvpn-2.4.1/etc/ssl/inter.prv.key # This file should be kept secret
dh /opt/openvpn/etc/ssl/dh2048.pem
server 10.18.18.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-128-CBC
persist-key
persist-tun
comp-lzo
explicit-exit-notify 1
user vpnd
group nogroup
plugin /opt/openvpn/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
client-cert-not-required
verb 256
status /opt/openvpn/log/status.log
log /opt/openvpn/log/server.log
Code: Select all
auth required pam_permit.so
account required pam_permit.so
My connection command :
Code: Select all
sudo /usr/sbin/openvpn --verb 3 --remote myserv --comp-lzo --dev tun --auth-user-pass --cipher AES-128-CBC --client --ca /home/thf/temp/certs/ca.cer
Can anybody give me a hint ?