I add 'auth-user-pass-verify' to server.conf but now I can't connect.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jul 30, 2016 8:39 am
I add 'auth-user-pass-verify' to server.conf but now I can't connect.
As the title said .
server.conf:
proto tcp-server
port 1194
dev tun1
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir ccd
push "route 192.168.1.0 255.255.255.0"
auth SHA1
cipher none
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
ca /etc/storage/openvpn/server/ca.crt
dh /etc/storage/openvpn/server/dh1024.pem
cert /etc/storage/openvpn/server/server.crt
key /etc/storage/openvpn/server/server.key
persist-key
persist-tun
user nobody
group nogroup
script-security 2
tmp-dir /tmp/openvpn
writepid /var/run/openvpn_svr.pid
client-connect ovpns.script
client-disconnect ovpns.script
username-as-common-name
auth-user-pass-verify /home/root/liukong/checkpsw.sh via-env
checkpsw.sh:
PASSFILE="/home/root/liukong/pw"
LOG_FILE="/home/root/liukong/log.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`
if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi
CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi
echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
I get a error in openvpn client 'Transport pause'
client.ovpn
client
dev tun
proto tcp-client
remote 110.86.72.83 1194
resolv-retry infinite
;float
nobind
persist-key
persist-tun
auth SHA1
cipher none
nice 0
verb 3
mute 10
auth-user-pass
Please help me !!
server.conf:
proto tcp-server
port 1194
dev tun1
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir ccd
push "route 192.168.1.0 255.255.255.0"
auth SHA1
cipher none
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.1.1"
ca /etc/storage/openvpn/server/ca.crt
dh /etc/storage/openvpn/server/dh1024.pem
cert /etc/storage/openvpn/server/server.crt
key /etc/storage/openvpn/server/server.key
persist-key
persist-tun
user nobody
group nogroup
script-security 2
tmp-dir /tmp/openvpn
writepid /var/run/openvpn_svr.pid
client-connect ovpns.script
client-disconnect ovpns.script
username-as-common-name
auth-user-pass-verify /home/root/liukong/checkpsw.sh via-env
checkpsw.sh:
PASSFILE="/home/root/liukong/pw"
LOG_FILE="/home/root/liukong/log.log"
TIME_STAMP=`date "+%Y-%m-%d %T"`
if [ ! -r "${PASSFILE}" ]; then
echo "${TIME_STAMP}: Could not open password file \"${PASSFILE}\" for reading." >> ${LOG_FILE}
exit 1
fi
CORRECT_PASSWORD=`awk '!/^;/&&!/^#/&&$1=="'${username}'"{print $2;exit}' ${PASSFILE}`
if [ "${CORRECT_PASSWORD}" = "" ]; then
echo "${TIME_STAMP}: User does not exist: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
fi
if [ "${password}" = "${CORRECT_PASSWORD}" ]; then
echo "${TIME_STAMP}: Successful authentication: username=\"${username}\"." >> ${LOG_FILE}
exit 0
fi
echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
I get a error in openvpn client 'Transport pause'
client.ovpn
client
dev tun
proto tcp-client
remote 110.86.72.83 1194
resolv-retry infinite
;float
nobind
persist-key
persist-tun
auth SHA1
cipher none
nice 0
verb 3
mute 10
auth-user-pass
Please help me !!
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jul 30, 2016 8:39 am
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
Hmm,I 'm new in there,cloud you tell me what i should do?TinCanTech wrote:Please see:
HOWTO: Request Help !
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
You are not that new ..chinaman wrote:Hmm,I 'm new in there
If you expect us to debug your script then you must fully document your openvpn installation as per the link above .. at the very least your logs would help.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jul 30, 2016 8:39 am
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
TinCanTech wrote:You are not that new ..chinaman wrote:Hmm,I 'm new in there
If you expect us to debug your script then you must fully document your openvpn installation as per the link above .. at the very least your logs would help.
thx.I seem to know the reason for this problem.But I don't know how to solve it .Look at the following log.
Code: Select all
Tue Nov 15 19:26:20 2016 GID set to nogroup
Tue Nov 15 19:26:20 2016 UID set to nobody
Tue Nov 15 19:26:20 2016 Listening for incoming TCP connection on [undef]
Tue Nov 15 19:26:20 2016 TCPv4_SERVER link local (bound): [undef]
Tue Nov 15 19:26:20 2016 TCPv4_SERVER link remote: [undef]
Tue Nov 15 19:26:20 2016 Initialization Sequence Completed
Tue Nov 15 19:29:14 2016 TCP connection established with [AF_INET]192.168.1.98:49509
Tue Nov 15 19:29:14 2016 192.168.1.98:49509 WARNING: Failed running command (--auth-user-pass-verify): could not execute external program
Tue Nov 15 19:29:14 2016 192.168.1.98:49509 TLS Auth Error: Auth Username/Password verification failed for peer
By the way,I set up openvpn in openwrt.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
Your Server.conf
Try removing this:
And I think you need this:
Try removing this:
Code: Select all
user nobody
group nogroup
Code: Select all
script-security 3 # Not 2
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
script-security 2 is working here.
Is your script chmod 0755?
I do not see shebang?
Is your script chmod 0755?
I do not see shebang?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
It should not because that would exclude $password from being passed ..Pippin wrote:script-security 2 is working here
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
Yes, you are correct.
I not use password in auth-user-pass-verify
I not use password in auth-user-pass-verify
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: I add 'auth-user-pass-verify' to server.conf but now I can't connect.
That is clearly not the same as the OP ..
eg:
eg:
However,chineseman wrote:echo "${TIME_STAMP}: Incorrect password: username=\"${username}\", password=\"${password}\"." >> ${LOG_FILE}
exit 1
Maybe the auth-user-pass-verify /home/root/liukong/checkpsw.sh via-env takes too long ..chineseman wrote:I get a error in openvpn client 'Transport pause'
As above .. logs please.TinCanTech wrote:Please see:
HOWTO: Request Help !