Hi,
I have configured openvpn server (openvpn 2.3.2 version) with domain authentication on Windows Server 2012. When I run this command in server "C:/Windows/System32/cscript.exe /H:cscript C:/Progra~1/OpenVPN/config/Auth4OpenVPN.vbs <domain username> <domain password> , I got result in which the authentication successful. But when i want connect client to the openvpn server I got error as below:
--------------------------------------------------------------------------------------------------------------
Fri Feb 28 15:20:22 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client01.log: Access is denied. (errno=5)
Fri Feb 28 15:20:22 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Feb 28 15:20:22 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 Need hold release from management interface, waiting...
Fri Feb 28 15:20:22 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'state on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'log all on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold off'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold release'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'username "Auth" "nuruljannah"'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'password [...]'
Fri Feb 28 15:20:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 28 15:20:33 2014 UDPv4 link local: [undef]
Fri Feb 28 15:20:33 2014 UDPv4 link remote: [AF_INET]192.168.103.76:1194
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,WAIT,,,
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,AUTH,,,
Fri Feb 28 15:20:33 2014 TLS: Initial packet from [AF_INET]192.168.103.76:1194, sid=49293fda 7d5594f8
Fri Feb 28 15:20:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=1, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 VERIFY OK: nsCertType=SERVER
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=0, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 28 15:20:33 2014 [ecsvpn] Peer Connection Initiated with [AF_INET]server ip address:1194
Fri Feb 28 15:20:34 2014 MANAGEMENT: >STATE:1393572034,GET_CONFIG,,,
Fri Feb 28 15:20:35 2014 SENT CONTROL [ecsvpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 28 15:20:35 2014 AUTH: Received control message: AUTH_FAILED
Fri Feb 28 15:20:35 2014 SIGUSR1[soft,auth-failure] received, process restarting
Fri Feb 28 15:20:35 2014 MANAGEMENT: >STATE:1393572035,RECONNECTING,auth-failure,,
Fri Feb 28 15:20:35 2014 Restart pause, 2 second(s)
--------------------------------------------------------------------------------------------------------------
And why suddenly when I would like to restart the openvpn service in services, the services will stop automatically?
I'm stuck on this. Please help me. Thank you.
OpenVPN authentication isssue
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
jfj43v@
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Feb 28, 2014 6:41 am
Re: OpenVPN authentication isssue
Hi,
Below are the configuration of server and client. Goal: OpenVPN authentication with Active Directory. But I face a problem in which when I run
--------------------------------------------------------------------------------------------------------
server.ovpn configuration:
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.88.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-tun
status openvpn-status.log
verb 3
script-security 3
auth-user-pass-verify "C:/Windows/System32/cscript.exe /H:cscript C:/Program Files/OpenVPN/config/Auth4OpenVPN.vbs" via-env
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
client.ovpn
client
dev tun
proto udp
remote [server ip address] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client01.crt"
key "C:\\Program Files\\OpenVPN\\config\\client01.key"
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
auth-retry interact
--------------------------------------------------------------------------------------------------------
Auth4OpenVPN.ini configuration
Server = "ip address of AD"
Domain = "company domain"
DN = "dc="",dc="",dc=""
Group = "vpnusers"
Logging = "On"
--------------------------------------------------------------------------------------------------------
when I run the script using this syntax: auth4openvpn.vbs <user> <password>, the result is "Authentication Successful" but when I connect the client to the server there is an error as below:
****
Fri Feb 28 15:20:22 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client01.log: Access is denied. (errno=5)
Fri Feb 28 15:20:22 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Feb 28 15:20:22 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 Need hold release from management interface, waiting...
Fri Feb 28 15:20:22 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'state on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'log all on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold off'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold release'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'username "Auth" "nuruljannah"'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'password [...]'
Fri Feb 28 15:20:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 28 15:20:33 2014 UDPv4 link local: [undef]
Fri Feb 28 15:20:33 2014 UDPv4 link remote: [AF_INET]192.168.103.76:1194
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,WAIT,,,
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,AUTH,,,
Fri Feb 28 15:20:33 2014 TLS: Initial packet from [AF_INET]192.168.103.76:1194, sid=49293fda 7d5594f8
Fri Feb 28 15:20:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=1, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 VERIFY OK: nsCertType=SERVER
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=0, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 28 15:20:33 2014 [ecsvpn] Peer Connection Initiated with [AF_INET]server ip address:1194
Fri Feb 28 15:20:34 2014 MANAGEMENT: >STATE:1393572034,GET_CONFIG,,,
Fri Feb 28 15:20:35 2014 SENT CONTROL [ecsvpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 28 15:20:35 2014 AUTH: Received control message: AUTH_FAILED
Fri Feb 28 15:20:35 2014 SIGUSR1[soft,auth-failure] received, process restarting
Fri Feb 28 15:20:35 2014 MANAGEMENT: >STATE:1393572035,RECONNECTING,auth-failure,,
Fri Feb 28 15:20:35 2014 Restart pause, 2 second(s)
Below are the configuration of server and client. Goal: OpenVPN authentication with Active Directory. But I face a problem in which when I run
--------------------------------------------------------------------------------------------------------
server.ovpn configuration:
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.88.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-tun
status openvpn-status.log
verb 3
script-security 3
auth-user-pass-verify "C:/Windows/System32/cscript.exe /H:cscript C:/Program Files/OpenVPN/config/Auth4OpenVPN.vbs" via-env
--------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------
client.ovpn
client
dev tun
proto udp
remote [server ip address] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client01.crt"
key "C:\\Program Files\\OpenVPN\\config\\client01.key"
ns-cert-type server
comp-lzo
verb 3
auth-user-pass
auth-retry interact
--------------------------------------------------------------------------------------------------------
Auth4OpenVPN.ini configuration
Server = "ip address of AD"
Domain = "company domain"
DN = "dc="",dc="",dc=""
Group = "vpnusers"
Logging = "On"
--------------------------------------------------------------------------------------------------------
when I run the script using this syntax: auth4openvpn.vbs <user> <password>, the result is "Authentication Successful" but when I connect the client to the server there is an error as below:
****
Fri Feb 28 15:20:22 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client01.log: Access is denied. (errno=5)
Fri Feb 28 15:20:22 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Fri Feb 28 15:20:22 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 Need hold release from management interface, waiting...
Fri Feb 28 15:20:22 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'state on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'log all on'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold off'
Fri Feb 28 15:20:22 2014 MANAGEMENT: CMD 'hold release'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'username "Auth" "nuruljannah"'
Fri Feb 28 15:20:32 2014 MANAGEMENT: CMD 'password [...]'
Fri Feb 28 15:20:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 28 15:20:33 2014 UDPv4 link local: [undef]
Fri Feb 28 15:20:33 2014 UDPv4 link remote: [AF_INET]192.168.103.76:1194
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,WAIT,,,
Fri Feb 28 15:20:33 2014 MANAGEMENT: >STATE:1393572033,AUTH,,,
Fri Feb 28 15:20:33 2014 TLS: Initial packet from [AF_INET]192.168.103.76:1194, sid=49293fda 7d5594f8
Fri Feb 28 15:20:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=1, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 VERIFY OK: nsCertType=SERVER
Fri Feb 28 15:20:33 2014 VERIFY OK: depth=0, C=MY, ST=SE, L=PJ, O=ECSM, OU=KUSH, CN=ecsvpn, name=admin, emailAddress=is@ecsm.com.my
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 28 15:20:33 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 28 15:20:33 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Feb 28 15:20:33 2014 [ecsvpn] Peer Connection Initiated with [AF_INET]server ip address:1194
Fri Feb 28 15:20:34 2014 MANAGEMENT: >STATE:1393572034,GET_CONFIG,,,
Fri Feb 28 15:20:35 2014 SENT CONTROL [ecsvpn]: 'PUSH_REQUEST' (status=1)
Fri Feb 28 15:20:35 2014 AUTH: Received control message: AUTH_FAILED
Fri Feb 28 15:20:35 2014 SIGUSR1[soft,auth-failure] received, process restarting
Fri Feb 28 15:20:35 2014 MANAGEMENT: >STATE:1393572035,RECONNECTING,auth-failure,,
Fri Feb 28 15:20:35 2014 Restart pause, 2 second(s)
-
DL6720
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Apr 09, 2014 8:19 pm
Re: OpenVPN authentication isssue
Hello
I have the same problem on an w2012 - openvpn 2.3.2
It works on MS-DOS command line. When using script, it logs 'Auth4OpenVPN: -2147221164, Classe non enregistrée' in w2012 events.
Did you find something to solve your problem ?
Thanks
I have the same problem on an w2012 - openvpn 2.3.2
It works on MS-DOS command line. When using script, it logs 'Auth4OpenVPN: -2147221164, Classe non enregistrée' in w2012 events.
Did you find something to solve your problem ?
Thanks
-
iceh
- OpenVpn Newbie
- Posts: 9
- Joined: Sat May 03, 2014 10:59 am