Hi everybody, im having a problem setting up an openssl server i hope you can help me with.
I install correctly the certificates for the clients and the server, and everything works without pam authentification.
However, i can't compile openvpn-auth-pam.so. To do so, i follow the usual steps
download the open vpn source,
download liblzo2-dev liblzo2-2, pam-devel and libssl-dev,
./configure, make, make install,
but when i cd to /src/plugin/auth-pam/ and i enter "make" i get the following error
make: Nothing to e done for `all'.
I tried using the default auth-pam.pl, and i have the users created and the configuration files in ccd but when i try to autenticate, after parsing the user and password from the client side i get [OK] but the ifconfig shows no tun interface. The client certificates have the default common name, but if i'm not mistaken, all you need is the clients created in the server machine (the authentification's trough PAM), and they are. Here's the syslog from the server side
Jul 25 18:29:57 openvpn ovpn-server[3997]: MULTI: multi_create_instance called
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Re-using SSL/TLS context
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 LZO compression initialized
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Local Options hash (VER=V4): '530fdded'
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 Expected Remote Options hash (VER=V4): '41690919'
Jul 25 18:29:57 openvpn ovpn-server[3997]: 10.16.3.195:35678 TLS: Initial packet from [AF_INET]10.16.3.195:35678, sid=707f7203 00c38222
Jul 25 18:29:59 openvpn ovpn-server[3997]: 10.16.3.195:35678 VERIFY OK: depth=1, /C=AR/ST=CAP/L=BsAs/O=Adecef/OU=changeme/CN=changeme/name=changeme/emailAddress=mail@host.domain
Jul 25 18:29:59 openvpn ovpn-server[3997]: 10.16.3.195:35678 VERIFY OK: depth=0, /C=AR/ST=CAP/L=BsAs/O=Adecef/OU=changeme/CN=client/name=changeme/emailAddress=mail@host.domain
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 2
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 TLS Auth Error: Auth Username/Password verification failed for peer
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 25 18:30:02 openvpn ovpn-server[3997]: 10.16.3.195:35678 [client] Peer Connection Initiated with [AF_INET]10.16.3.195:35678
Jul 25 18:30:04 openvpn ovpn-server[3997]: 10.16.3.195:35678 PUSH: Received control message: 'PUSH_REQUEST'
Jul 25 18:30:04 openvpn ovpn-server[3997]: 10.16.3.195:35678 Delayed exit in 5 seconds
Jul 25 18:30:04 openvpn ovpn-server[3997]: 10.16.3.195:35678 SENT CONTROL [client]: 'AUTH_FAILED' (status=1)
Jul 25 18:30:06 openvpn ovpn-server[3997]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Jul 25 18:30:09 openvpn ovpn-server[3997]: 10.16.3.195:35678 SIGTERM[soft,delayed-exit] received, client-instance exiting
Any ideas on how these problems can be solved?
Here's the server.conf
auth-user-pass-verify auth-pam.pl via-file
port 1194
proto udp
dev tun
ca ca.crt
cert Server230.crt
key Server230.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
And the client.conf
auth-user-pass
client
dev tun
proto udp
remote 10.16.3.230 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
Thanks in advance!
Trouble compiling openvpn-auth-pam.so
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Jul 25, 2014 9:23 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Jul 25, 2014 9:23 pm
Re: Trouble compiling openvpn-auth-pam.so
Any ideas on this matter?
-
- OpenVpn Newbie
- Posts: 3
- Joined: Fri Jul 25, 2014 9:23 pm
Re: Trouble compiling openvpn-auth-pam.so
Well, for anyone wondering, i could not get the pam module to work, i was able to debug the pam script executing it on its own, the problem were some uninstalled dependencies. To anyone that wants to install this in ubuntu 12.04, here are the packages you need to have:
libauthen-simple-pam-perl, libssl-dev, liblzo2-dev, liblzo2-2, libpam0g-dev
And the reason why the static ips weren't working was that i was missing the "duplicate cn" directive in the server.conf file.
libauthen-simple-pam-perl, libssl-dev, liblzo2-dev, liblzo2-2, libpam0g-dev
And the reason why the static ips weren't working was that i was missing the "duplicate cn" directive in the server.conf file.