Running the latest OpenVPN AS after apt-get upgrade/update with Google Auth and a local DB.
I'm running a nonstandard ports pointed to 443/943/1194 through port translation and double NAT.
I'm getting a "Challenge" error in error log after I grab the client, enter user/pass, and google auth.
I haven't found much using the ol' google fu on this.
Can anybody help out?
"Challenge" in error log
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jan 18, 2018 5:05 am
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: "Challenge" in error log
Maybe post the relevant log bit?
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jan 18, 2018 5:05 am
Re: "Challenge" in error log
Is there a way to post a more verbose log?
Quite literally, all the error shows is "Challenge" on the error column of the web gui.
Quite literally, all the error shows is "Challenge" on the error column of the web gui.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: "Challenge" in error log
Aha. Yes, and, most likely, you'll get more relevant results from the client side. Not in all cases, but usually so. See this page;
https://docs.openvpn.net/troubleshootin ... nectivity/
https://docs.openvpn.net/troubleshootin ... nectivity/
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Jan 18, 2018 5:05 am
Re: "Challenge" in error log
Thanks novaflash!
I looked in the client error log and it appeared that the port translation was not playing well with the client, specifically the ports it was expecting to connect to.
I changed the expected ports to maintain the same all the way through double nat and, success.
Now to integrate a SSL cert to replace the self signed.
I looked in the client error log and it appeared that the port translation was not playing well with the client, specifically the ports it was expecting to connect to.
I changed the expected ports to maintain the same all the way through double nat and, success.
Now to integrate a SSL cert to replace the self signed.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: "Challenge" in error log
Aha. Yes. It does not do port translation. Well, it can, but then you have to manually adjust stuff in the client profile as the one generated will have the wrong ports.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.