I'm trying to set up OpenVPN between my QNAP NAS and about 20 users. For many, it works fine, for others nothing seems to work. The problems seem to port across all attempted configurations including using OpenVPN Community and OpenVPN Connect on Windows and Mac.
The basic issue is that certain users can never connect to the VPN. Authentication fails.
Thank you in advance for telling me if there is anything sensitive below.
Here is a log file from such a user on a Windows 10 64bit machine:
Code: Select all
Thu Mar 12 16:59:24 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Thu Mar 12 16:59:24 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 12 16:59:24 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Thu Mar 12 16:59:40 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]81.134.43.220:1194
Thu Mar 12 16:59:40 2020 UDP link local: (not bound)
Thu Mar 12 16:59:40 2020 UDP link remote: [AF_INET]81.134.43.220:1194
Thu Mar 12 16:59:40 2020 [TS Series NAS] Peer Connection Initiated with [AF_INET]81.134.43.220:1194
Thu Mar 12 16:59:41 2020 AUTH: Received control message: AUTH_FAILED
Thu Mar 12 16:59:41 2020 SIGUSR1[soft,auth-failure] received, process restarting
Thu Mar 12 16:59:58 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]81.134.43.220:1194
Thu Mar 12 16:59:58 2020 UDP link local: (not bound)
Thu Mar 12 16:59:58 2020 UDP link remote: [AF_INET]81.134.43.220:1194
Thu Mar 12 16:59:58 2020 [TS Series NAS] Peer Connection Initiated with [AF_INET]81.134.43.220:1194
Thu Mar 12 16:59:59 2020 AUTH: Received control message: AUTH_FAILED
Thu Mar 12 16:59:59 2020 SIGUSR1[soft,auth-failure] received, process restarting
Thu Mar 12 17:00:09 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]81.134.43.220:1194
Thu Mar 12 17:00:09 2020 UDP link local: (not bound)
Thu Mar 12 17:00:09 2020 UDP link remote: [AF_INET]81.134.43.220:1194
Thu Mar 12 17:00:09 2020 [TS Series NAS] Peer Connection Initiated with [AF_INET]81.134.43.220:1194
Thu Mar 12 17:00:11 2020 AUTH: Received control message: AUTH_FAILED
Thu Mar 12 17:00:11 2020 SIGUSR1[soft,auth-failure] received, process restarting
Thu Mar 12 17:01:47 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]81.134.43.220:1194
Thu Mar 12 17:01:47 2020 UDP link local: (not bound)
Thu Mar 12 17:01:47 2020 UDP link remote: [AF_INET]81.134.43.220:1194
Thu Mar 12 17:01:47 2020 [TS Series NAS] Peer Connection Initiated with [AF_INET]81.134.43.220:1194
Thu Mar 12 17:01:49 2020 AUTH: Received control message: AUTH_FAILED
Thu Mar 12 17:01:49 2020 SIGUSR1[soft,auth-failure] received, process restarting
Thu Mar 12 17:06:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]81.134.43.220:1194
Thu Mar 12 17:06:17 2020 UDP link local: (not bound)
Thu Mar 12 17:06:17 2020 UDP link remote: [AF_INET]81.134.43.220:1194
Thu Mar 12 17:06:18 2020 [TS Series NAS] Peer Connection Initiated with [AF_INET]81.134.43.220:1194
Thu Mar 12 17:06:19 2020 AUTH: Received control message: AUTH_FAILED
Thu Mar 12 17:06:19 2020 SIGUSR1[soft,auth-failure] received, process restarting
Thu Mar 12 17:06:26 2020 ERROR: could not read Auth username/password/ok/string from management interface
Thu Mar 12 17:06:26 2020 Exiting due to fatal error
## How to setup OpenVPN client?
## 1. Install OpenVPN software on your platform.
## 2. Double click blendnas.ovpn file to create new connection profile.
## 3. Type username and password while connection.
client
dev tun
script-security 3
remote 81.134.43.220 1194
resolv-retry infinite
nobind
auth-nocache
auth-user-pass
remote-cert-tls server
reneg-sec 0
cipher AES-256-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA
comp-lzo
proto udp
explicit-exit-notify 1
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
I don't have a certification file - this does not seem to be required by the server.
My router config appears to be correct, with UPnP forwarding UDP port 1194.
The user in question is definitely using the correct credentials, and the number of concurrent connections is far higher than active at any time so far.
EDIT: Just to add, if I use my credentials on their machine, it connects fine. If I try their credentials on my machine, same error.
Thanks for any help.