problem with auth-user-pass-verify option
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 20, 2011 2:30 pm
problem with auth-user-pass-verify option
Hello and thanks for your help
Sorry for my bad English.
I have tried to find a solution on the forum but without result
I have installed openvpn server on Windows xp sp3 with the parameter auth-user-pass-verify.
All is ok when I use the option via-env. My client can connect on the server. But when I use option via-file , I have this message in log file
10.165.15.25:49164 Note: cannot open d:/tmpvpn\openvpn_up_796b5fbbe827a3c3ffbab4fe41ef8518.tmp for WRITE
10.165.15.25:49164 TLS Auth Error: could not write username/password to file: d:/tmpvpn\openvpn_up_796b5fbbe827a3c3ffbab4fe41ef8518.tmp
10.165.15.25:49164 TLS Auth Error: Auth Username/Password verification failed for peer
Sat Jul 23 15:30:25 2011 us=725000 10.165.15.25:49164 SIGTERM[soft,auth-control-exit] received, client-instance exiting
I have changed the right with windows option and the command attrib in dos with attribu -r ; but without result
I don’t understand , could you help me please ?
Regards
My conf
#################################################
local 192.168.1.100
port 1200
proto tcp-server
dev tap
dev-node monvpn
ca ca.crt
cert server.crt
key server.key
script-security 3
tmp-dir d:/tmpvpn
auth-user-pass-verify test.bat via-file
dh dh1024.pem
server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.5
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 4
mute 20
Sorry for my bad English.
I have tried to find a solution on the forum but without result
I have installed openvpn server on Windows xp sp3 with the parameter auth-user-pass-verify.
All is ok when I use the option via-env. My client can connect on the server. But when I use option via-file , I have this message in log file
10.165.15.25:49164 Note: cannot open d:/tmpvpn\openvpn_up_796b5fbbe827a3c3ffbab4fe41ef8518.tmp for WRITE
10.165.15.25:49164 TLS Auth Error: could not write username/password to file: d:/tmpvpn\openvpn_up_796b5fbbe827a3c3ffbab4fe41ef8518.tmp
10.165.15.25:49164 TLS Auth Error: Auth Username/Password verification failed for peer
Sat Jul 23 15:30:25 2011 us=725000 10.165.15.25:49164 SIGTERM[soft,auth-control-exit] received, client-instance exiting
I have changed the right with windows option and the command attrib in dos with attribu -r ; but without result
I don’t understand , could you help me please ?
Regards
My conf
#################################################
local 192.168.1.100
port 1200
proto tcp-server
dev tap
dev-node monvpn
ca ca.crt
cert server.crt
key server.key
script-security 3
tmp-dir d:/tmpvpn
auth-user-pass-verify test.bat via-file
dh dh1024.pem
server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.5
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 4
mute 20
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: problem with auth-user-pass-verify option
hi there,
i noticed the following to your config:
local 192.168.1.100
server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.5
push "route 192.168.1.0 255.255.255.0"
which exactly scenario are you trying to accomplish here?
routing or bridging?
the above will not work...
also
>tmp-dir d:/tmpvpn
is this folder exists?
which files are in it?
do you have WRITE permission in this folder?
Michael.
i noticed the following to your config:
local 192.168.1.100
server-bridge 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.5
push "route 192.168.1.0 255.255.255.0"
which exactly scenario are you trying to accomplish here?
routing or bridging?
the above will not work...
also
>tmp-dir d:/tmpvpn
is this folder exists?
which files are in it?
do you have WRITE permission in this folder?
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 20, 2011 2:30 pm
Re: problem with auth-user-pass-verify option
hello and thank you for your answer.
local 192.168.1.100 is the listening adresse on my server, because there are two networks cards.
server-brige 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.5 : 192.168.0.1 is ip adress taken by the vpn server and 192.168.0.2 192.168.0.5 is the adress pool free for the client.
push route 192.168.1.0 255.255.255.0 is route for allow a client reach an other subnet.
I specify that I make a bridging scenario and this configuration works when i don't use auth-user-pass-verify env-file option.
yes the d:\tmpvpn exit and when my client enter login and password, a file as openvpn_up_796b5fbbe827a3c3ffbab4fe41ef8518.tmp is create in this directory with error message in the log. see the first post .
And yes i have the write permission on this directory (I have even tested with all people full control). I have tried with an other directory and default directory %USERPROFILE%\Local Settings\Temp but i have the same error message.
thank
Regards
local 192.168.1.100 is the listening adresse on my server, because there are two networks cards.
server-brige 192.168.0.1 255.255.255.0 192.168.0.2 192.168.0.5 : 192.168.0.1 is ip adress taken by the vpn server and 192.168.0.2 192.168.0.5 is the adress pool free for the client.
push route 192.168.1.0 255.255.255.0 is route for allow a client reach an other subnet.
I specify that I make a bridging scenario and this configuration works when i don't use auth-user-pass-verify env-file option.
yes the d:\tmpvpn exit and when my client enter login and password, a file as openvpn_up_796b5fbbe827a3c3ffbab4fe41ef8518.tmp is create in this directory with error message in the log. see the first post .
And yes i have the write permission on this directory (I have even tested with all people full control). I have tried with an other directory and default directory %USERPROFILE%\Local Settings\Temp but i have the same error message.
thank
Regards
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: problem with auth-user-pass-verify option
Windows use in paths backslash '\'. So correct it in your config. As can you see, OpenVPN itself prepends a backlash before file name.
Also, which account is OpenVPN running? As a service? Does that acount have full control to the folder?
Also, which account is OpenVPN running? As a service? Does that acount have full control to the folder?
For directories with spaces you must use double quotes to delimit the directory path.%USERPROFILE%\Local Settings\Temp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 20, 2011 2:30 pm
Re: problem with auth-user-pass-verify option
I have changed temp file with option tmp-dir, when i use d:/tmpvpn and i see the tmp file, but at the beginning i haven't used this option and temp directory was %USERPROFILE%\Local Settings\Temp by default.
I have installed openvpn with an administrator account but not as a service. it's the same which lauches the application.
The account can create a file without problem in the directory.
On the other hand i noticed that the tmp file openvpn_up_796b5fbbe827a3c3ffba.....tmp is always in read only in the windows properties,I don't know why
I tried to give all people full control on the directory to test d:/tmpvpn but without result
I have installed openvpn with an administrator account but not as a service. it's the same which lauches the application.
The account can create a file without problem in the directory.
On the other hand i noticed that the tmp file openvpn_up_796b5fbbe827a3c3ffba.....tmp is always in read only in the windows properties,I don't know why
I tried to give all people full control on the directory to test d:/tmpvpn but without result
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: problem with auth-user-pass-verify option
So, I've added
in my server's config.
The created test.bat in the folder where *.ovpn resides with the following:
Then I start server and client. On client I input some user and password (user: a, pass: v).
Clients connects well. The output to aa.txt is:
What version of OpenVPN you are running?
Code: Select all
tmp-dir d:/tmpvpn
auth-user-pass-verify test.bat via-file
The created test.bat in the folder where *.ovpn resides with the following:
Code: Select all
echo "%~1" >> d:\aa.txt
type "%~1" >> d:\aa.txt
echo -------------------- >> d:\aa.txt
exit 0
Clients connects well. The output to aa.txt is:
The loggin on the server is:"d:/tmpvpn\openvpn_up_f968aaeaa4f48312d00cbd0f32d90b4e.tmp"
a
v
--------------------
So its definettly folder security access problem. read-only flag is obsolete for OpenVPN, does not interfere.D:\openvpn_server\config>echo "d:/tmpvpn\openvpn_up_f968aaeaa4f48312d00cbd0f32d90b4e.tmp" 1>>d:\aa.txt
D:\openvpn_server\config>type "d:/tmpvpn\openvpn_up_f968aaeaa4f48312d00cbd0f32d90b4e.tmp" 1>>d:\aa.txt
D:\openvpn_server\config>echo -------------------- 1>>d:\aa.txt
D:\openvpn_server\config>exit 0
Mon Jul 25 20:26:35 2011 192.168.0.1:2109 TLS: Username/Password authentication succeeded for username 'a'
What version of OpenVPN you are running?
-
- OpenVpn Newbie
- Posts: 4
- Joined: Wed Jul 20, 2011 2:30 pm
Re: problem with auth-user-pass-verify option
Hello
I have tried like you, with the same script and i have the log :
10.165.15.25:49175 Note: cannot open d:/tmpvpn\openvpn_up_03854301076623c9e160689327e166fe.tmp for WRITE
10.165.15.25:49175 TLS Auth Error: could not write username/password to file: p/tmpvpn\openvpn_up_03854301076623c9e160689327e166fe.tmp
us=511000 10.165.15.25:49175 TLS Auth Error: Auth Username/Password verification failed for peer
us=511000 10.165.15.25:49175 SIGTERM[soft,auth-control-exit] received, client-instance exiting
us=511000 TCP/UDP: Closing socket
us=578000 MULTI: multi_create_instance called
my version is OpenVPN 2.2.1 -- released on 2011.07.06
on the tmpvpn directory the right are all peole full control
I must have a right problem but I don't know where .
I have tried like you, with the same script and i have the log :
Code: Select all
10.165.15.25:49175 TLS Auth Error: could not write username/password to file: p/tmpvpn\openvpn_up_03854301076623c9e160689327e166fe.tmp
us=511000 10.165.15.25:49175 TLS Auth Error: Auth Username/Password verification failed for peer
us=511000 10.165.15.25:49175 SIGTERM[soft,auth-control-exit] received, client-instance exiting
us=511000 TCP/UDP: Closing socket
us=578000 MULTI: multi_create_instance called
my version is OpenVPN 2.2.1 -- released on 2011.07.06
on the tmpvpn directory the right are all peole full control
I must have a right problem but I don't know where .
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: problem with auth-user-pass-verify option
Try to reinstall OpenVPN. Then delete tmpvpn folder. Create it again. Go to sequrity tab of the folder, add Everyone and tick full control box, click Apply, then click Advanced, check Replace permissions on all child box (just to be sure), and press ok, and ok. And try again.
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: problem with auth-user-pass-verify option
this looks like a bug in openvpn 2.2.0+ ; try downgrading to 2.1.4. The problem is with the ':' character. If you can confirm that 2.1.4 works then I'll open a bug for 2.2.0+.
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: problem with auth-user-pass-verify option
Hmmm ... I notice this in the log:
It's a mixture of backslash and (forward) slash ... this might cause confusion as well. Try using only backslash in the path argument to --tmpdir.
Code: Select all
d:/tmpvpn\openvpn_up_03854301076623c9e160689327e166fe.tmp
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon May 07, 2012 10:36 am
Re: problem with auth-user-pass-verify option
The problem still seems to exist using the latest binary from openvpn.net (OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11])
He creates the file in the directory, but seems not to be able to write in it.
Any advice here?
Code: Select all
Mon May 07 12:40:01 2012 192.168.151.78:62058 Re-using SSL/TLS context
Mon May 07 12:40:01 2012 192.168.151.78:62058 LZO compression initialized
Mon May 07 12:40:01 2012 192.168.151.78:62058 WARNING: normally if you use --mss
fix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Mon May 07 12:40:01 2012 192.168.151.78:62058 Control Channel MTU parms [ L:1566
D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon May 07 12:40:01 2012 192.168.151.78:62058 Data Channel MTU parms [ L:1566 D:
1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Mon May 07 12:40:01 2012 192.168.151.78:62058 Local Options hash (VER=V4): '07ee
0ac2'
Mon May 07 12:40:01 2012 192.168.151.78:62058 Expected Remote Options hash (VER=
V4): 'c69db0ac'
Mon May 07 12:40:01 2012 192.168.151.78:62058 VERIFY OK: depth=1, /C=US/ST=CA/L=
SanFrancisco/O=OpenVPN/OU=openvpnserver/CN=openvpnserver/name=openvpnserver/emai
lAddress=mail@host.domain
Mon May 07 12:40:01 2012 192.168.151.78:62058 VERIFY OK: depth=0, /C=US/ST=CA/L=
SanFrancisco/O=OpenVPN/OU=openvpnserver/CN=openvpnserver/name=vpnclient01/emailA
ddress=mail@host.domain
Mon May 07 12:40:01 2012 192.168.151.78:62058 Note: cannot open c:\tmp\openvpn_u
p_34240a548fb0d296f480be5254bd9428.tmp for WRITE
Mon May 07 12:40:01 2012 192.168.151.78:62058 TLS Auth Error: could not write us
ername/password to file: c:\tmp\openvpn_up_34240a548fb0d296f480be5254bd9428.tmp
Mon May 07 12:40:01 2012 192.168.151.78:62058 TLS Auth Error: Auth Username/Pass
word verification failed for peer
Any advice here?
-
- OpenVpn Newbie
- Posts: 8
- Joined: Fri Mar 16, 2012 1:42 pm
Re: problem with auth-user-pass-verify option
0. The right syntax for path specify must be:
1. C:\tmp is not standard temp directory in windows systems therefore you should check the user rights on it and correct it to Full Access for Everyone (All).
2. How is your OpenVPN server started? As service or started by user?
3. Check the syntax of "script-security" directive, maybe it has a wrong symbol in your native language.
Code: Select all
tmp-dir "drive:\\tmpdir"
2. How is your OpenVPN server started? As service or started by user?
3. Check the syntax of "script-security" directive, maybe it has a wrong symbol in your native language.
- bv
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Jul 21, 2012 3:41 pm
Re: problem with auth-user-pass-verify option
I do not speak English, sorry
The problem is the same
With the rights to the folder is OK
The problem is the same
With the rights to the folder is OK
Code: Select all
Sat Jul 21 15:31:54 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
...
Sat Jul 21 15:32:26 2012 37.17.115.116:63214 Note: cannot open C:\Windows\Temp\openvpn_up_c25ea9fca14111311d62284e08a306b3.tmp for WRITE
Sat Jul 21 15:32:26 2012 37.17.115.116:63214 TLS Auth Error: could not write username/password to file: C:\Windows\Temp\openvpn_up_c25ea9fca14111311d62284e08a306b3.tmp
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: problem with auth-user-pass-verify option
Which windows version you are using?
- bv
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Jul 21, 2012 3:41 pm
Re: problem with auth-user-pass-verify option
Microsoft Windows Server 2003 R2 Standart Edition Service Pack 2
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: problem with auth-user-pass-verify option
C:\windows\temp
is not usually permited to write for users. Try using different path with tmp-dir option.
is not usually permited to write for users. Try using different path with tmp-dir option.
- dazo
- OpenVPN Inc.
- Posts: 155
- Joined: Mon Jan 11, 2010 10:14 am
- Location: dazo :: #openvpn-devel @ libera.chat
Re: problem with auth-user-pass-verify option
I think I saw you use OpenVPN 2.2. Have you tried not providing the --tmp-dir in your config file? In this case OpenVPN should pick up whatever the temp dir is configured to be for the user openvpn runs as. That should not fail, as then a lot of other Windows programs would fail too.gloner wrote:0. The right syntax for path specify must be:Code: Select all
tmp-dir "drive:\\tmpdir"
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Dec 14, 2012 1:19 pm
Re: problem with auth-user-pass-verify option
Hello,
Has anyone managed to solve this problem?
I'm having the same problem and I detected that the temporary file is created in read-only mode, so the error during authentication. I took the test on Windows Server 2008 R2 and Windows XP, both with the same problem.
I configured the tmp-dir to a drive formatted in FAT, and yet he lets you create the file, but not write information.
Thanks,
Marcelo Maciel
Has anyone managed to solve this problem?
I'm having the same problem and I detected that the temporary file is created in read-only mode, so the error during authentication. I took the test on Windows Server 2008 R2 and Windows XP, both with the same problem.
I configured the tmp-dir to a drive formatted in FAT, and yet he lets you create the file, but not write information.
Thanks,
Marcelo Maciel
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Oct 20, 2021 5:30 pm
Re: problem with auth-user-pass-verify option
Hello,
I have the same problem, OpenVPN 2.5.4 on Windows
Note: cannot open c:\tmp\openvpn_up_660cb7c5511db2e4.tmp for WRITE
TLS Auth Error: could not write username/password to file: c:\tmp\openvpn_up_660cb7c5511db2e4.tmp
TLS Auth Error: Auth Username/Password verification failed for peer
Created temporary files always have read only attribute. Any ideas?
I have the same problem, OpenVPN 2.5.4 on Windows
Note: cannot open c:\tmp\openvpn_up_660cb7c5511db2e4.tmp for WRITE
TLS Auth Error: could not write username/password to file: c:\tmp\openvpn_up_660cb7c5511db2e4.tmp
TLS Auth Error: Auth Username/Password verification failed for peer
Created temporary files always have read only attribute. Any ideas?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: problem with auth-user-pass-verify option
The version you are using has a bug and a new version is available here:
https://openvpn.net/community-downloads/
https://openvpn.net/community-downloads/