Hi,
I have configured openvpn server (openvpn 2.3.2 version) with domain authentication on Windows Server 2012. When I run this command in server "C:/Windows/System32/cscript.exe /H:cscript C:/Progra~1/OpenVPN/config/Auth4OpenVPN.vbs <domain username> <domain password> , I got result in which the authentication successful. But when i want connect client to the openvpn server I got error as below:
--------------------------------------------------------------------------------------------------------------
Fri Feb 28 15:20:22 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client01.log: Access is denied. (errno=5)
Fri Feb 28 15:20:22 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Feb 28 15:20:22 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 Need hold release from management interface, waiting...
Fri Feb 28 15:20:22 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'state on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'log all on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold off'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold release'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'username "Auth" "nuruljannah"'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'password [...]'
Fri Feb 28 15:20:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 28 15:20:33 2014 UDPv4 link local: [undef]
Fri Feb 28 15:20:33 2014 UDPv4 link remote: [AF_INET]192.168.103.76:1194
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,WAIT,,,
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,AUTH,,,
Fri Feb 28 15:20:33 2014 TLS: Initial packet from [AF_INET]192.168.103.76:1194, sid=49293fda 7d5594f8
Fri Feb 28 15:20:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=1, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 VERIFY OK: nsCertType=SERVER
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=0, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 28 15:20:33 2014 [ecsvpn] Peer Connection Initiated with [AF_INET]server ip address:1194
Fri Feb 28 15:20:34 2014 MANAGEMENT: >STATE:1393572034,GET_CONFIG,,,
Fri Feb 28 15:20:35 2014 SENT CONTROL [ecsvpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 28 15:20:35 2014 AUTH: Received control message: AUTH_FAILED
Fri Feb 28 15:20:35 2014 SIGUSR1[soft,auth-failure] received, process restarting
Fri Feb 28 15:20:35 2014 MANAGEMENT: >STATE:1393572035,RECONNECTING,auth-failure,,
Fri Feb 28 15:20:35 2014 Restart pause, 2 second(s)
--------------------------------------------------------------------------------------------------------------
And why suddenly when I would like to restart the openvpn service in services, the services will stop automatically?
I'm stuck on this. Please help me. Thank you.
OpenVPN authentication isssue
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
jfj43v@
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Feb 28, 2014 6:41 am
Re: OpenVPN authentication isssue
Hi,
Below are the configuration of server and client. Goal: OpenVPN authentication with Active Directory. But I face a problem in which when I run
--------------------------------------------------------------------------------------------------------
server.ovpn configuration:
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.88.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-tun
status openvpn-status.log
verb 3
script-security 3
auth-user-pass-verify "C:/Windows/System32/cscript.exe /H:cscript C:/Program Files/OpenVPN/config/Auth4OpenVPN.vbs" via-env
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
client.ovpn
client
dev tun
proto udp
remote [server ip address] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client01.crt"
key "C:\\Program Files\\OpenVPN\\config\\client01.key"
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
auth-retry interact
--------------------------------------------------------------------------------------------------------
Auth4OpenVPN.ini configuration
Server = "ip address of AD"
Domain = "company domain"
DN = "dc="",dc="",dc=""
Group = "vpnusers"
Logging = "On"
--------------------------------------------------------------------------------------------------------
when I run the script using this syntax: auth4openvpn.vbs <user> <password>, the result is "Authentication Successful" but when I connect the client to the server there is an error as below:
****
Fri Feb 28 15:20:22 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client01.log: Access is denied. (errno=5)
Fri Feb 28 15:20:22 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Feb 28 15:20:22 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 Need hold release from management interface, waiting...
Fri Feb 28 15:20:22 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'state on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'log all on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold off'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold release'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'username "Auth" "nuruljannah"'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'password [...]'
Fri Feb 28 15:20:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 28 15:20:33 2014 UDPv4 link local: [undef]
Fri Feb 28 15:20:33 2014 UDPv4 link remote: [AF_INET]192.168.103.76:1194
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,WAIT,,,
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,AUTH,,,
Fri Feb 28 15:20:33 2014 TLS: Initial packet from [AF_INET]192.168.103.76:1194, sid=49293fda 7d5594f8
Fri Feb 28 15:20:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=1, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 VERIFY OK: nsCertType=SERVER
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=0, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 28 15:20:33 2014 [ecsvpn] Peer Connection Initiated with [AF_INET]server ip address:1194
Fri Feb 28 15:20:34 2014 MANAGEMENT: >STATE:1393572034,GET_CONFIG,,,
Fri Feb 28 15:20:35 2014 SENT CONTROL [ecsvpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 28 15:20:35 2014 AUTH: Received control message: AUTH_FAILED
Fri Feb 28 15:20:35 2014 SIGUSR1[soft,auth-failure] received, process restarting
Fri Feb 28 15:20:35 2014 MANAGEMENT: >STATE:1393572035,RECONNECTING,auth-failure,,
Fri Feb 28 15:20:35 2014 Restart pause, 2 second(s)
Below are the configuration of server and client. Goal: OpenVPN authentication with Active Directory. But I face a problem in which when I run
--------------------------------------------------------------------------------------------------------
server.ovpn configuration:
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.88.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-tun
status openvpn-status.log
verb 3
script-security 3
auth-user-pass-verify "C:/Windows/System32/cscript.exe /H:cscript C:/Program Files/OpenVPN/config/Auth4OpenVPN.vbs" via-env
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
client.ovpn
client
dev tun
proto udp
remote [server ip address] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client01.crt"
key "C:\\Program Files\\OpenVPN\\config\\client01.key"
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
auth-retry interact
--------------------------------------------------------------------------------------------------------
Auth4OpenVPN.ini configuration
Server = "ip address of AD"
Domain = "company domain"
DN = "dc="",dc="",dc=""
Group = "vpnusers"
Logging = "On"
--------------------------------------------------------------------------------------------------------
when I run the script using this syntax: auth4openvpn.vbs <user> <password>, the result is "Authentication Successful" but when I connect the client to the server there is an error as below:
****
Fri Feb 28 15:20:22 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client01.log: Access is denied. (errno=5)
Fri Feb 28 15:20:22 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Feb 28 15:20:22 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 Need hold release from management interface, waiting...
Fri Feb 28 15:20:22 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'state on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'log all on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold off'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold release'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'username "Auth" "nuruljannah"'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'password [...]'
Fri Feb 28 15:20:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 28 15:20:33 2014 UDPv4 link local: [undef]
Fri Feb 28 15:20:33 2014 UDPv4 link remote: [AF_INET]192.168.103.76:1194
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,WAIT,,,
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,AUTH,,,
Fri Feb 28 15:20:33 2014 TLS: Initial packet from [AF_INET]192.168.103.76:1194, sid=49293fda 7d5594f8
Fri Feb 28 15:20:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=1, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 VERIFY OK: nsCertType=SERVER
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=0, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 28 15:20:33 2014 [ecsvpn] Peer Connection Initiated with [AF_INET]server ip address:1194
Fri Feb 28 15:20:34 2014 MANAGEMENT: >STATE:1393572034,GET_CONFIG,,,
Fri Feb 28 15:20:35 2014 SENT CONTROL [ecsvpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 28 15:20:35 2014 AUTH: Received control message: AUTH_FAILED
Fri Feb 28 15:20:35 2014 SIGUSR1[soft,auth-failure] received, process restarting
Fri Feb 28 15:20:35 2014 MANAGEMENT: >STATE:1393572035,RECONNECTING,auth-failure,,
Fri Feb 28 15:20:35 2014 Restart pause, 2 second(s)
-
DL6720
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Apr 09, 2014 8:19 pm
Re: OpenVPN authentication isssue
Hello
I have the same problem on an w2012 - openvpn 2.3.2
It works on MS-DOS command line. When using script, it logs 'Auth4OpenVPN: -2147221164, Classe non enregistrée' in w2012 events.
Did you find something to solve your problem ?
Thanks
I have the same problem on an w2012 - openvpn 2.3.2
It works on MS-DOS command line. When using script, it logs 'Auth4OpenVPN: -2147221164, Classe non enregistrée' in w2012 events.
Did you find something to solve your problem ?
Thanks
-
iceh
- OpenVpn Newbie
- Posts: 9
- Joined: Sat May 03, 2014 10:59 am