Ubuntu Clients do not Ask For Username

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
miscbs
OpenVpn Newbie
Posts: 4
Joined: Fri Jan 21, 2022 2:00 pm

Ubuntu Clients do not Ask For Username

Post by miscbs » Fri Jan 21, 2022 2:23 pm

I recently enabled the openvpn-auth-pam plugin on my OpenVPN server and and got it working without any issue. Windows clients prompt for username and password as expected. But, Ubuntu clients (which are the majority of my clients) do not ask for the username and only prompts for the password.

Looking at the logs, the Ubuntu systems are sending the local Linux account name that user is logged in as. It is acting like username-as-common-name is turned by default in the Ubuntu client. I do not have it enabled.

Is there any way to get the Ubuntu clients to prompt for username and password?

Client side versions tried: Ubuntu distro's 2.4.7 and OpenVPN's 2.4.11. The server is running 2.4.11.

Client config

Code: Select all

client
dev tun
proto udp
remote vpn20.mycompany.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca mycompany-ca.crt
cert danz.crt
key danz.key
comp-lzo
verb 3
cipher AES-256-CBC
auth-user-pass
Thanks
Darrell

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ubuntu Clients do not Ask For Username

Post by TinCanTech » Fri Jan 21, 2022 5:15 pm

It sounds like you are using the NetworkManager app on your ubuntu clients.

miscbs
OpenVpn Newbie
Posts: 4
Joined: Fri Jan 21, 2022 2:00 pm

Re: Ubuntu Clients do not Ask For Username

Post by miscbs » Fri Jan 21, 2022 5:38 pm

Yes I am. I didn't think about that thing getting in the way.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Ubuntu Clients do not Ask For Username

Post by TinCanTech » Fri Jan 21, 2022 5:58 pm

We don't support NM and I don't know how you would configure it to use your choice of username.

I can understand why people want to use it but it has a checkered history .. Personally, I disable it completely.

miscbs
OpenVpn Newbie
Posts: 4
Joined: Fri Jan 21, 2022 2:00 pm

Re: Ubuntu Clients do not Ask For Username

Post by miscbs » Fri Jan 21, 2022 6:11 pm

I was actually able to get the setup to login using the cert common name instead of the local user name which helps.
I changed the server.conf from this

Code: Select all

plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so login
to this

Code: Select all

plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so "login login COMMONNAME password PASSWORD"
I haven't had a Windows machine around to try the change. Hopefully they still work ok.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Ubuntu Clients do not Ask For Username

Post by openvpn_inc » Fri Jan 21, 2022 10:33 pm

NM is a disaster with Access Server & Cloud service. And last I looked it had a built-in assumption that every tunnel was a full tunnel! Yikes.
It is acting like username-as-common-name is turned by default in the Ubuntu client.
I didn't see any evidence of that, and AFAIK Ubuntu has not baked in any defaults that differ from upstream.

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

miscbs
OpenVpn Newbie
Posts: 4
Joined: Fri Jan 21, 2022 2:00 pm

Re: Ubuntu Clients do not Ask For Username

Post by miscbs » Mon Jan 24, 2022 3:34 pm

Once I was made aware by TinCanTech that the NM was getting in the way, I was able to figure out and fix my issue.

Consider this matter closed / solved.

Thanks

Post Reply